Download
| Alert*
oval:org.mitre.oval:def:8106
The X.org fix for CVE-2007-6429 introduced a regression in the MIT-SHM extension, which prevented the start of a few applications. This update provides updated packages for the xfree86 version included in Debian old stable (sarge) in addition to the fixed packages for Debian stable (etch), which wer ... oval:org.mitre.oval:def:7850 Several local/remote vulnerabilities have been discovered in two of the plugins for the Nagios network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems: A buffer overflow has been discovered in the parser for HTTP Location headers ( ... oval:org.mitre.oval:def:8097 k1tk4t discovered that wzdftpd, a portable, modular, small and efficient ftp server, did not correctly handle the receipt of long usernames. This could allow remote users to cause the daemon to exit. oval:org.mitre.oval:def:7785 Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2. The Common Vulnerabilities and Exposures project identifies the following problems: Gynvael Coldwind discovered a buffer overflow in GIF image parsing, which could result in d ... oval:org.mitre.oval:def:7812 It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code. oval:org.mitre.oval:def:8229 Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library"s free routine, potentially leading to arbitrary code execution (CVE-2008-0888). oval:org.mitre.oval:def:7886 It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (CVE-2008-0674). oval:org.mitre.oval:def:7756 Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code. oval:org.mitre.oval:def:7732 Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. This set of issues has been assigned CVE-2007-6350. In addition, it was discovered t ... oval:org.mitre.oval:def:7408 Several remote vulnerabilities have been discovered in Mantis, a web based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems: Custom fields were not appropriately protected by per-item access control, allowing for sensitive data to be published. ... oval:org.mitre.oval:def:7919 Ulf Haumlrnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible. oval:org.mitre.oval:def:7434 It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports. For the old stable distribution (sarge), this problem has been fixed in version 3.1-31sarge5. For the stable distribution (etch), ... oval:org.mitre.oval:def:7793 Christian Schmid and Meder Kydyraliev (Google Security) discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. The Common Vulnerabilities and Exposures project identified the following three problems: Inadequate EXIF property validation could lea ... oval:org.mitre.oval:def:7768 Sean de Regge and Greg Linares discovered multiple heap and stack based buffer overflows in FLAC, the Free Lossless Audio Codec, which could lead to the execution of arbitrary code. oval:org.mitre.oval:def:7692 Debian 3.1 is installed oval:org.mitre.oval:def:7854 It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter. oval:org.mitre.oval:def:8226 It was discovered that eggdrop, an advanced IRC robot, was vulnerable to a buffer overflow which could result in a remote user executing arbitrary code. oval:org.mitre.oval:def:8336 Michael Krieger and Sam Trenholme discovered a programming error in MaraDNS, a simple security-aware Domain Name Service server, which might lead to denial of service through malformed DNS packets. For the old stable distribution (sarge), this problem has been fixed in version 1.0.27-2. For the stab ... oval:org.mitre.oval:def:7776 It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string. oval:org.mitre.oval:def:8157 Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user. oval:org.mitre.oval:def:8247 Thomas de Grenier de Latour discovered that the checkrestart tool in the debian-goodies suite of utilities, allowed local users to gain privileges via shell metacharacters in the name of the executable file for a running process. oval:org.mitre.oval:def:7673 Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password (which provides access to all backed-up files) from the process listing. oval:org.mitre.oval:def:8049 Peter Paul Elfferich discovered that turba2, a contact management component for horde framework, did not correctly check access rights before allowing users to edit addresses. This could result in valid users being able to alter private address records. oval:org.mitre.oval:def:8088 Several vulnerabilities have been discovered in the EXIF parsing code of the libexif library, which can lead to denial of service or the execution of arbitrary code if a user is tricked into opening a malformed image. The Common Vulnerabilities and Exposures project identifies the following problems ... oval:org.mitre.oval:def:8028 Several remote vulnerabilities have been discovered in phpBB, a web based bulletin board. The Common Vulnerabilities and Exposures project identifies the following problems: Private messaging allowed cross site request forgery, making it possible to delete all private messages of a user by sending t ... oval:org.mitre.oval:def:7881 A race condition in the OpenAFS fileserver allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock. For the ol ... oval:org.mitre.oval:def:8123 Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems: Several bugs have been discovered in the way OpenOffice.org parses Quattro Pro files that may lead to a overflow in the ... oval:org.mitre.oval:def:7228 It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code. oval:org.mitre.oval:def:8180 Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop. For the old stable distribution (sarge), this problem has been fixed in version 2. ... oval:org.mitre.oval:def:8130 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: LMH reported a potential local DoS which could be exploited b ... oval:org.mitre.oval:def:8063 Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: infamous41md reported multiple integer overflows in the Sbus ... oval:org.mitre.oval:def:7757 Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems: The DMO_Vid ... oval:org.mitre.oval:def:8307 Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: The RPL dissector could be tricked into an infinite loop. The CIP dissector could be ... oval:org.mitre.oval:def:7957 Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel (CVE-2007-4571). oval:org.mitre.oval:def:8019 Several vulnerabilities were found in the Vorbis General Audio Compression Codec, which may lead to denial of service or the execution of arbitrary code, if a user is tricked into opening a malformed Ogg Audio file with an application linked against libvorbis. oval:org.mitre.oval:def:7851 It was discovered that loop-aes-utils, tools for mounting and manipulating filesystems, didn't drop privileged user and group permissions in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges. oval:org.mitre.oval:def:8090 It was discovered that util-linux, miscellaneous system utilities, didn't drop privileged user and group permissions in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges. oval:org.mitre.oval:def:8232 Several remote vulnerabilities have been discovered in libnet-dns-perl. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that libnet-dns-perl generates very weak transaction IDs when sending queries (CVE-2007-3377). This update switches transactio ... oval:org.mitre.oval:def:8094 Several remote vulnerabilities have been discovered in the kdc component of the krb5, a system for authenticating users and services on a network. The Common Vulnerabilities and Exposures project identifies the following problems: An unauthenticated remote attacker may cause a krb4-enabled KDC to cr ... oval:org.mitre.oval:def:8199 Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked a ... oval:org.mitre.oval:def:7775 Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file. |