Download
| Alert*
|
oval:org.secpod.oval:def:301304
An input validation flaw was found in the X.org server"s XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service , or potentially execute arbitrary code with root privileges on the X.org server . A flaw was found in the X.org server"s XC-SECURITY extension ... oval:org.secpod.oval:def:301636 An input validation flaw was found in the X.org server"s XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service , or potentially execute arbitrary code with root privileges on the X.org server . A flaw was found in the X.org server"s XC-SECURITY extension ... oval:org.secpod.oval:def:301361 A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301337 Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet, Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a possible man-in-the-middle attack, when using SSL, due to a missing check of the CN attribute in SSL certificates against the server"s hostname. The updated pa ... oval:org.secpod.oval:def:301424 A stack-based buffer overflow was discovered in libcdio that allowed context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a disk or image file that contains a long joliet file name. In addition, a fix for failed UTF-8 conversions that would cause a segfau ... oval:org.secpod.oval:def:301422 Bzip2 versions before 1.0.5 are vulnerable to a denial of service attack via malicious compressed data. The updated packages have been patched to prevent the issue. oval:org.secpod.oval:def:301511 A stack-based buffer overflow in sarg allowed remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header . A cross-site scripting vulnerability in sarg version 2.x prior to 2.2.5 allowed remote attackers to inject arbitrary web script or HTML via the User-Agent heder ... oval:org.secpod.oval:def:301515 The LWZReadByte and IMG_LoadLBM_RW functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, th ... oval:org.secpod.oval:def:301485 A flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash. The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301403 The ReadImage function in Tk did not check codeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301377 The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ":safe", did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file co ... oval:org.secpod.oval:def:301372 A vulnerability in the Net::DNS perl module was found that could allow remote attackers to cause a denial of service via a crafted DNS response. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301491 Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301512 The via driver originally available in Xorg on 2007.0 has an unresolved symbol that lead the X server to crash. The problem could be reproduced on any hardware the driver supports simply by starting the X server. The updated driver fixes this specific problem by making all the symbols resolved. oval:org.secpod.oval:def:301312 Jurgen Weigert found a directory traversal vulnerability in fastjar versions prior to 0.93. This vulnerability allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filename with ../ sequences. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301238 Mandriva Linux 2007.0 is installed oval:org.secpod.oval:def:301624 Wei Wang found that the SNMP discovery backend in CUPS did not correctly calculate the length of strings. If a user could be tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code . As well, the fix for CVE-2007-0720 in MDKSA-2 ... oval:org.secpod.oval:def:301475 An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow . Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files . As well, ... oval:org.secpod.oval:def:301576 The package for the drawing application Skencil contained a bug which causes it not to be able to access the system fonts correctly. Consequently, it was impossible to enter text properly in Skencil, and Skencil would consume a high level of system resources if you attempt to use the text tools. Als ... oval:org.secpod.oval:def:301420 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:301504 A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution. This update rovides Wireshark 0.99.7 which is not vulnerable to these issues. An updated version of libsmi is also being provided, not because of security issues, ... oval:org.secpod.oval:def:301503 Buffer overflow in the LWZReadByte function in gd_gif_in.c in GD prior to 2.0.34 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array. This was originally fixed in PHP"s embedded ... oval:org.secpod.oval:def:301599 A vulnerability in perl-Tk was found where specially crafted GIF images could crash perl-Tk . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301552 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:301371 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2007 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:301290 Webmin would always fail the login if the user"s password contained UTF-8 non-ascii characters. This update corrects the issue. oval:org.secpod.oval:def:301310 MadWifi prior to 0.9.3.3 allowed remote attackers to cause a denial of service via a beacon frame with a large length value in the extended supported rates element, which would trigger an assertion error. Updated packages have been updated to 0.9.3.3 to correct this issue. Wpa_supplicant is built ... oval:org.secpod.oval:def:301400 Tavis Ormandy and Will Drewry found that the bost library did not properly perform input validation on regular expressions. An attacker could exploit this by sening a specially crafted regular expression to an application linked against boost and cause a denial of service via an application crash. T ... oval:org.secpod.oval:def:301622 An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash . An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully c ... oval:org.secpod.oval:def:301330 Several severe security issues were discovered in the Joomla! PHP-based content management system. These issues have been fixed in version 1.0.15 which is provided with this update. oval:org.secpod.oval:def:301391 The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the de ... oval:org.secpod.oval:def:301406 rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module"s hierarchy. Unspecified vulnerability in rsync before 3.0.0pre6, when ... oval:org.secpod.oval:def:301383 A race condition in nss_ldap, when used in applications that use pthread and fork after a call to nss_ldap, does not properly handle the LDAP connection, which might cause nss_ldap to return the wrong user data to the wrong process, giving one user access to data belonging to another user, in some c ... oval:org.secpod.oval:def:301600 A few vulnerabilities were found in Wireshark, that could cause it to crash or consume excessive memory under certain conditions. This update rovides Wireshark 0.99.8 which is not vulnerable to the issues. oval:org.secpod.oval:def:301315 OpenSSH allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port. The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301608 Multiple cross-site scripting vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via edting templates and the list"s info attribute in the web administrator interface. The updated packages have been patched to correct ... oval:org.secpod.oval:def:301237 Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attakcer could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301458 A denial of service flaw was discovered by the Google Security Team in the way libxml2 processes malformed XML content. This flaw could cause the application to stop responding. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301489 Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with the privileges of the user opening the file. The updated packages have been patc ... oval:org.secpod.oval:def:301496 Multiple integer overflows were found in python"s imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter ... oval:org.secpod.oval:def:301297 The cache update reply processing functionality in Squid 2.x before 2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial of service via unknown vectors related to HTTP headers. The updated package fixes this issue. oval:org.secpod.oval:def:301566 A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution. This update provides Wireshark 0.99.7 which is not vulnerable to these issues. An updated version of libsmi is also being provided, not because of security issues ... oval:org.secpod.oval:def:301368 The mysql_change_db function in MySQL 5.0.x before 5.0.40 did not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allowed remote authenticated users to gain privileges . The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS ... oval:org.secpod.oval:def:301300 A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges. Mandriva urges all users to upgrade to these new kernels immediately as this flaw is being activel ... oval:org.secpod.oval:def:301558 A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of ... oval:org.secpod.oval:def:301493 A flaw in the Tcl regular expression handling engine was originally discovered by Will Drewry in the PostgreSQL database server"s Tcl regular expression engine. This flaw can result in an infinite loop when processing certain regular expressions. The updated packages have been patched to correct the ... oval:org.secpod.oval:def:301265 A heap-based buffer overflow in CUPS 1.2.x and later was discovered by regenrecht of VeriSign iDenfense that could allow a remote attacker to execute arbitrary code via a crafted CGI search expression . A validation error in the Hp-GL/2 filter was also discovered . Finally, a vulnerability in how CU ... oval:org.secpod.oval:def:301242 A vulnerability was discovered by Havoc Pennington in how the dbus-daemon applied its security policy. A user with the ability to connect to the dbus-daemon could possibly execute certain method calls that they should not normally have access to. The updated packages have been patched to correct the ... oval:org.secpod.oval:def:301373 A number of vulnerabilities were found and fixed in the Apache 2.2.x packages: A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publically available . A flaw found in the mod_status module could lead ... oval:org.secpod.oval:def:301567 Multiple vulnerabilities were discovered in the image decoders of ImageMagick. If a user or automated system were tricked into processing malicious DCM, DIB, XBM, XCF, or XWD images, a remote attacker could execute arbitrary code with user privileges. The updated packages have been patched to correc ... oval:org.secpod.oval:def:301385 A memory management flaw was found in the GSSAPI library used by Kerberos that could result in an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code . A flaw was discovered in how the Kerberos krb5kdc handled Kerberos v4 protocol packets. An ... oval:org.secpod.oval:def:301295 Index Functions Privilege Escalation : as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: index functions were executed as the superuser and not the table ow ... oval:org.secpod.oval:def:301332 Chris Evans found a buffer overflow condition in Ghostscript, which can lead to arbitrary code execution as the user running any application using it to process a maliciously crafted Postscript file. The updated packages have been patched to prevent this issue. |
