Download
| Alert*
|
oval:org.secpod.oval:def:301636
An input validation flaw was found in the X.org server"s XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service , or potentially execute arbitrary code with root privileges on the X.org server . A flaw was found in the X.org server"s XC-SECURITY extension ... oval:org.secpod.oval:def:301361 A heap-based buffer overflow flaw was found in how the X.org server handled malformed font files that could allow a malicious local user to potentially execute arbitrary code with the privileges of the X.org server . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301304 An input validation flaw was found in the X.org server"s XFree86-Misc extension that could allow a malicious authorized client to cause a denial of service , or potentially execute arbitrary code with root privileges on the X.org server . A flaw was found in the X.org server"s XC-SECURITY extension ... oval:org.secpod.oval:def:301337 Ruby network libraries Net::HTTP, Net::IMAP, Net::FTPTLS, Net::Telnet, Net::POP3, and Net::SMTP, up to Ruby version 1.8.6 are affected by a possible man-in-the-middle attack, when using SSL, due to a missing check of the CN attribute in SSL certificates against the server"s hostname. The updated pa ... oval:org.secpod.oval:def:301511 A stack-based buffer overflow in sarg allowed remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header . A cross-site scripting vulnerability in sarg version 2.x prior to 2.2.5 allowed remote attackers to inject arbitrary web script or HTML via the User-Agent heder ... oval:org.secpod.oval:def:301596 A heap-based buffer overflow was found in GNU ed that allowed context-dependent or user-assisted attackers to execute arbitrary code via a long filename . This update provides GNU ed 1.0, which is not vulnerable to this issue. oval:org.secpod.oval:def:301515 The LWZReadByte and IMG_LoadLBM_RW functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, th ... oval:org.secpod.oval:def:301485 A flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash. The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301403 The ReadImage function in Tk did not check codeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301377 The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ":safe", did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file co ... oval:org.secpod.oval:def:301372 A vulnerability in the Net::DNS perl module was found that could allow remote attackers to cause a denial of service via a crafted DNS response. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301491 Tavis Ormandy of Google Security discovered an invalid pointer flaw in unzip that could lead to the execution of arbitrary code with the privileges of the user running unzip. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301424 A stack-based buffer overflow was discovered in libcdio that allowed context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a disk or image file that contains a long joliet file name. In addition, a fix for failed UTF-8 conversions that would cause a segfau ... oval:org.secpod.oval:def:301301 Kalle Olavi Niemitalo found two boundary errors in the fsplib library, a copy of which is included in gFTP source. A remote attacer could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name, possibly resulting in the execution of arbitr ... oval:org.secpod.oval:def:301422 Bzip2 versions before 1.0.5 are vulnerable to a denial of service attack via malicious compressed data. The updated packages have been patched to prevent the issue. oval:org.secpod.oval:def:301549 Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. Although originally a ... oval:org.secpod.oval:def:301555 Stefan Cornelius discovered two buffer overflows in Imlib"s image loaders for PNM and XPM images, which could possibly result in the execution of arbitrary code . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301441 A buffer overflow in PCRE 7.x before 7.6 allows remote attackers to execute arbitrary code via a regular expression that contains a character class with a large number of characters with Unicode code points greater than 255. The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301577 Two vulnerabilities discovered in xine-lib allow remote execution of arbitrary code: Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_d ... oval:org.secpod.oval:def:301613 Chris Evans of the Google Security Team found a vulnerability in the RC4 processing code in libxslt that did not properly handle corrupted key information. A remote attacker able to make an application linked against libxslt process malicious XML input could cause the application to crash or possibl ... oval:org.secpod.oval:def:301625 Steve Grubb found that the vcdiff script in Emacs create temporary files insecurely when used with SCCS. A local user could exploit a race condition to create or overwrite files with the privileges of the user invoking the program . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301660 Two vulnerabilities were found in the Website META Language package that allowed local users to overwrite arbitrary files via symlink attacks. The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301436 Multiple buffer overflows in yaSSL, which is used in MySQL, allowed remote attackers to execute arbitrary code or cause a denial of service via a special Hello packet . Sergei Golubchik found that MySQL did not properly validate optional data or index directory paths given in a CREATE TABLE stateme ... oval:org.secpod.oval:def:301289 A format string vulnerability in Ruby-GNOME 2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter. The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301579 Ulf Harnhammar of Secunia Research discovered a format string flaw in how Evolution displayed encrypted mail content. If a user were to open a carefully crafted email message, arbitrary code could be executed with the permissions of the user running Evolution. The updated packages have been patched ... oval:org.secpod.oval:def:301620 Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.93 release, including: ClamAV 0.92 allowed local users to overwrite arbitrary files via a symlink attack on temporary files or on .ascii files in sigtool, when utf16-decode is enabled . A heap-based buffer overflow in ClamAV ... oval:org.secpod.oval:def:301624 Wei Wang found that the SNMP discovery backend in CUPS did not correctly calculate the length of strings. If a user could be tricked into scanning for printers, a remote attacker could send a specially crafted packet and possibly execute arbitrary code . As well, the fix for CVE-2007-0720 in MDKSA-2 ... oval:org.secpod.oval:def:301630 Multiple vulnerabilities were discovered in FreeType"s Printer Font Binary font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code . The updated packages have ... oval:org.secpod.oval:def:301475 An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow . Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files . As well, ... oval:org.secpod.oval:def:301644 An incomplete fix for CVE-2008-2713 resulted in remote attackers being able to cause a denial of service via a malformed Petite file that triggered an out-of-bounds memory access . This issue is corrected with the 0.93.3 release which is being provided. oval:org.secpod.oval:def:301258 An integer overflow in the Exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow. The updated packages have been patched to correct these issues. oval:org.secpod.oval:def:301416 An input validation flaw was found in X.org"s Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service or possibly execute arbitrary code with root privileges on the X.org server . An input validation flaw was found in X.org"s MIT-SHM extens ... oval:org.secpod.oval:def:301535 A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the applicatio ... oval:org.secpod.oval:def:301303 A vulnerability was found in the excel_read_HLINK function in the Microsoft Excel plugin in Gnumeric prior to version 1.8.1 that would allow for the execution of arbitrary code via a crafted XLS file containing XLS HLINK opcodes. The updated packages have been patched to correct this issues. oval:org.secpod.oval:def:301309 A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system ... oval:org.secpod.oval:def:301308 Several vulnerabilities were discovered in rdesktop, a Remote Desktop Protocol client. An integer underflow vulnerability allowed attackers to cause a denial of service and possibly execute arbitrary code with the privileges of the logged-in user . A buffer overflow vulnerability allowed attackers ... oval:org.secpod.oval:def:301398 A flaw was found in exiv2 that would cause exiv2, or applictions linked to libexiv2, to crash on image files with certain metadata in the image . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301285 A vulnerability was discovered in ClamAV and corrected with the 0.93.1 release: libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. Other bugs have also been corrected in 0.93.1 which is being ... oval:org.secpod.oval:def:301338 A double free vulnerability in Perl 5.8.8 and earlier versions, allows context-dependent attackers to cause a denial of service via a crafted regular expression containing UTF8 characters. The updated packages have been patched to prevent this. oval:org.secpod.oval:def:301510 rpmdrake in Mandriva Linux 2007.1 cannot install packages that are excluded by /etc/urpmi/skip.list. This is not how the system is intended to work . This bug made it difficult to install, for instance, the kernel-source-stripped-latest package, as it is listed in skip.list by default. This update f ... oval:org.secpod.oval:def:301352 The Apache init script did not take into consideration using non-default MPM"s, which prevented it from properly handling httpd processes that were named, for example, httpd-worker rather than just httpd. This update corrects the init script to properly handle these non-default cases. oval:org.secpod.oval:def:301239 Mandriva Linux 2007.1 is installed oval:org.secpod.oval:def:301335 The kino package included in Mandriva Linux 2007.1 had an invalid symbolink link , which would prevent kino2raw from being launched. The updated package fixes this problem. oval:org.secpod.oval:def:301576 The package for the drawing application Skencil contained a bug which causes it not to be able to access the system fonts correctly. Consequently, it was impossible to enter text properly in Skencil, and Skencil would consume a high level of system resources if you attempt to use the text tools. Als ... oval:org.secpod.oval:def:301459 This package update adds support for LZMA compression in rpm. This will allow users of Mandriva Linux 2007.1 to upgrade to the Mandriva Linux 2009.0 release. oval:org.secpod.oval:def:301504 A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution. This update rovides Wireshark 0.99.7 which is not vulnerable to these issues. An updated version of libsmi is also being provided, not because of security issues, ... oval:org.secpod.oval:def:301599 A vulnerability in perl-Tk was found where specially crafted GIF images could crash perl-Tk . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301353 Some commercial Windows programs did not run under previous builds of Wine, producing an error message notifying the user that a debugger has been detected. This update corrects the issue. oval:org.secpod.oval:def:301471 The symlinks program did not work on files larger than 2GB, reporting the error Value too large for defined data type. This update fixes this issue in addition to an error where symlinks converted from absolute to relative paths were not shortened . oval:org.secpod.oval:def:301592 A minor bug in drakbt was causing it to crash when opening some dialogs such as the help. This update corrects the bug. oval:org.secpod.oval:def:301409 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:301408 Automatic mirror geolocation in drakxtools-backend in Mandriva Linux 2008.1 would fail for some locales, because it uses backward compatibility timezone names for which there were no zone.tab entries in timezone , this makes software like urpmi to not select optimal mirrors in its automatic media/mi ... oval:org.secpod.oval:def:301659 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.9. This update provides the latest Thunderbird to correct these issues. oval:org.secpod.oval:def:301415 A bug was found in the gdb package that prevented the build of the gdbserver binary and its manpage. Updated packages are being provided to fix the issue. oval:org.secpod.oval:def:301371 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2007 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:301420 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:301263 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain new Daylight Savings Time information and Time Zone information for some locations. These updated packages contain the new information. oval:org.secpod.oval:def:301552 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:301396 The giftrans package was using the wrong path to the color definition file and couldn"t be used at all. This update uses the correct path. oval:org.secpod.oval:def:301286 Updated timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2008 and later for certain time zones. These updated packages contain the new information. oval:org.secpod.oval:def:301291 Updated PHP timezone packages are being provided for older Mandriva Linux systems that do not contain the new Daylight Savings Time information for 2007 and later for certain time zones. In Mandriva Linux 2007.1 and newer, package php-timezonedb provides the PHP timezone database. These updated pack ... oval:org.secpod.oval:def:301290 Webmin would always fail the login if the user"s password contained UTF-8 non-ascii characters. This update corrects the issue. oval:org.secpod.oval:def:301638 A vulnerability in the rcp protocol was discovered that allows a server to instruct a client to write arbitrary files outside of the current directory, which could potentially be a security concern if a user used rcp to copy files from a malicious server . This issue was originally corrected in MDKS ... oval:org.secpod.oval:def:301469 A vulnerability in emacs was found where an attacker could provide a group of files containing local variable definitions and arbitrary Lisp code to be executed when one of the provided files is opened by emacs . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301575 Luigi Auriemma found a few programming errors in Pulseaudio, that can be used to crash the Pulseaudio daemon, by authenticated and unauthenticated users. The updated packages fix these issues. oval:org.secpod.oval:def:301386 A flaw in how tomboy handles LD_LIBRARY_PATH was discovered where by appending paths to LD_LIBRARY_PATH the program would also search the current directory for shared libraries. In directories containing network data, those libraries could be injected into the application. The updated packages have ... oval:org.secpod.oval:def:301400 Tavis Ormandy and Will Drewry found that the bost library did not properly perform input validation on regular expressions. An attacker could exploit this by sening a specially crafted regular expression to an application linked against boost and cause a denial of service via an application crash. T ... oval:org.secpod.oval:def:301310 MadWifi prior to 0.9.3.3 allowed remote attackers to cause a denial of service via a beacon frame with a large length value in the extended supported rates element, which would trigger an assertion error. Updated packages have been updated to 0.9.3.3 to correct this issue. Wpa_supplicant is built ... oval:org.secpod.oval:def:301463 Stéphane Bertin discovered a flaw in the pam_krb5 existing_ticket configuration option where, if enabled and using an existing credential cache, it was possible for a local user to gain elevated privileges by using a different, local user"s credential cache . The updated packages have bee ... oval:org.secpod.oval:def:301275 A vulnerability was found in the OCSP search functionality in stunnel that could allow a remote attacker to use a revoked certificate that would be successfully authenticated by stunnel . This flaw only concerns users who have enabled OCSP validation in stunnel. The updated packages have been patche ... oval:org.secpod.oval:def:301601 Marc Schoenefeld of the Red Hat Security Response Team discovered a vulnerability in the hplip alert-mailing functionality that could allow a local attacker to elevate their privileges by using specially-crafted packets to trigger alert mails that are sent by the root account . Another vulnerability ... oval:org.secpod.oval:def:301622 An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash . An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully c ... oval:org.secpod.oval:def:301302 A cross-site request forgery vulnerability was discovered in Django that, if exploited, could be used to perform unrequested deletion or modification of data. Updated versions of Django will now discard posts from users whose sessions have expired, so data will need to be re-entered in these cases. ... oval:org.secpod.oval:def:301330 Several severe security issues were discovered in the Joomla! PHP-based content management system. These issues have been fixed in version 1.0.15 which is provided with this update. oval:org.secpod.oval:def:301461 Tavis Ormandy of the Google Security Team discovered a flaw in how libpng handles zero-length unknown chunks in PNG files, which could lead to memory corruption in applications that make use of certain functions . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301406 rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module"s hierarchy. Unspecified vulnerability in rsync before 3.0.0pre6, when ... oval:org.secpod.oval:def:301274 The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the de ... oval:org.secpod.oval:def:301391 The default behaviour of autofs 5 for the hosts map did not specify the nosuid and nodev mount options. This could allow a local user with control of a remote NFS server to create a setuid root executable on the exported filesystem of the remote NFS server. If this filesystem was mounted with the de ... oval:org.secpod.oval:def:301563 Chaskiel M Grundman found that OpenSC would initialize smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card"s PIN without first having the PIN or PUK, or the superuser"s PIN or PUK . Please note that this issue can not be ... oval:org.secpod.oval:def:301355 A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote attackers to cause a denial of service by simultaneously acquiring and giving back file callbacks . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301292 Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefuly crafted OGG audio file in such a way that it would cause an application linked to libvorbis to crash or possibly execute arbitray code when opened . The ... oval:org.secpod.oval:def:301378 Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV"s chm-parser allowed remote attackers to cause a denial of service via a malformed CHM file . A vulnerability in libclamav would allow attackers to cause a denial of service ... oval:org.secpod.oval:def:301571 Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release, including: A vulnerability in ClamAV"s chm-parser allowed remote attackers to cause a denial of service via a malformed CHM file . A vulnerability in libclamav would allow attackers to cause a denial of service ... oval:org.secpod.oval:def:301574 Audacity creates a temporary directory with a predictable name without checking for previous existence of that directory, which allows local users to cause a denial of service by creating the directory before Audacity is run. This issue can also be leveraged to delete arbitrary files or directories ... oval:org.secpod.oval:def:301427 CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string. The updated packages have been patched to fix the issue. oval:org.secpod.oval:def:301509 Drew Yaro of the Apple Product Security Team reported multiple uses of uninitialized values in libtiff"s LZW compression algorithm decoder. An attacker could create a carefully crafted LZW-encoded TIFF file that would cause an application linked to libtiff to crash or potentially execute arbitrary c ... oval:org.secpod.oval:def:301432 A buffer overflow vulnerability in libxslt could be exploited via an XSL style sheet file with a long XLST transformation match condition, which could possibly lead to the execution of arbitrary code . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301569 Tavis Ormandy of the Google Security Team discovered a heap-based buffer overflow when compiling certain regular expression patterns. This could be used by a malicious attacker by sending a specially crafted regular expression to an application using the PCRE library, resulting in the possible execu ... oval:org.secpod.oval:def:301447 A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc . The updated packages have been patched to correct th ... oval:org.secpod.oval:def:301600 A few vulnerabilities were found in Wireshark, that could cause it to crash or consume excessive memory under certain conditions. This update rovides Wireshark 0.99.8 which is not vulnerable to the issues. oval:org.secpod.oval:def:301326 A few vulnerabilities were found in Wireshark, that could cause it to crash or hang under certain conditions. This update provides Wireshark 1.0.0, which is not vulnerable to the issues. oval:org.secpod.oval:def:301476 A vulnerability was found in Wireshark, that could cause it to crash while processing malicious packets. This update provides Wireshark 1.0.2, which is not vulnerable to that. oval:org.secpod.oval:def:301315 OpenSSH allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port. The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301608 Multiple cross-site scripting vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via edting templates and the list"s info attribute in the web administrator interface. The updated packages have been patched to correct ... oval:org.secpod.oval:def:301379 Two denial of service vulnerabilities were discovered in the ipsec-tools racoon daemon, which could allow a remote attacker to cause it to consume all available memory . The updated packages have been patched to prevent these issues. oval:org.secpod.oval:def:301237 Sebastian Krahmer of SUSE discovered that rsync could overflow when handling ACLs. An attakcer could construct a malicious set of files that, when processed, could lead to arbitrary code execution or a crash . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301399 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.13. This update provides the latest Firefox to correct these issues. oval:org.secpod.oval:def:301458 A denial of service flaw was discovered by the Google Security Team in the way libxml2 processes malformed XML content. This flaw could cause the application to stop responding. The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301489 Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with the privileges of the user opening the file. The updated packages have been patc ... oval:org.secpod.oval:def:301438 A flaw in fetchmail was discovered that allowed remote attackers to cause a denial of service via a malformed message with long headers. The crash only occured when fetchmail was called in "-v -v" mode . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301616 A vulnerability in rxvt allowed it to open a terminal on :0 if the environment variable was not set, which could be used by a local user to hijack X11 connections . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301496 Multiple integer overflows were found in python"s imageop module. If an application written in python used the imageop module to process untrusted images, it could cause the application to crash, enter an infinite loop, or possibly execute arbitrary code with the privileges of the python interpreter ... oval:org.secpod.oval:def:301381 A vulnerability was found in how Net-SNMP checked an SNMPv3 packet"s Keyed-Hash Message Authentication Code . An attacker could exploit this flaw to spoof an authenticated SNMPv3 packet . A buffer overflow was found in the perl bindings for Net-SNMP that could be exploited if an attacker could convi ... oval:org.secpod.oval:def:301570 Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash path separators or cas ... oval:org.secpod.oval:def:301297 The cache update reply processing functionality in Squid 2.x before 2.6.STABLE17, and Squid 3.0, allows remote attackers to cause a denial of service via unknown vectors related to HTTP headers. The updated package fixes this issue. oval:org.secpod.oval:def:301358 An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The updated packages have been patched ... oval:org.secpod.oval:def:301375 An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The updated packages have been patched ... oval:org.secpod.oval:def:301272 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.12. This update provides the latest Firefox to correct these issues. oval:org.secpod.oval:def:301328 A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.12. This update provides the latest Thunderbird to correct these issues. oval:org.secpod.oval:def:301566 A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution. This update provides Wireshark 0.99.7 which is not vulnerable to these issues. An updated version of libsmi is also being provided, not because of security issues ... oval:org.secpod.oval:def:301368 The mysql_change_db function in MySQL 5.0.x before 5.0.40 did not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allowed remote authenticated users to gain privileges . The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS ... oval:org.secpod.oval:def:301300 A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges. Mandriva urges all users to upgrade to these new kernels immediately as this flaw is being activel ... oval:org.secpod.oval:def:301558 A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of ... oval:org.secpod.oval:def:301365 The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges. The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users ... oval:org.secpod.oval:def:301587 pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify mountpoint and source ownership before mounting a user-defined volume, which allows local users to bypass intended access restrictions via a local mount. The updated packages have been patched to fix the issue. oval:org.secpod.oval:def:301583 Sebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to . T ... oval:org.secpod.oval:def:301334 A denial of service vulnerability was discovered in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon . The updated packages have been patched to correct this issue. oval:org.secpod.oval:def:301508 Flaws discovered in versions prior to 2.2.4 and 2.3.10 of GnuTLS allow an attacker to cause denial of service , and maybe execute arbitrary code. The updated packages have been patched to fix these flaws. Note that any applications using this library must be restarted for the update to take effec ... oval:org.secpod.oval:def:301455 An incorrect fix for CVE-2007-6239 resulted in Squid not performing proper bounds checking when processing cache update replies. Because of this, a remote authenticated user might have been able to trigger an assertion error and cause a denial of service . The updated packages have been patched to c ... oval:org.secpod.oval:def:301493 A flaw in the Tcl regular expression handling engine was originally discovered by Will Drewry in the PostgreSQL database server"s Tcl regular expression engine. This flaw can result in an infinite loop when processing certain regular expressions. The updated packages have been patched to correct the ... oval:org.secpod.oval:def:301658 A weakness was found in the DNS protocol by Dan Kaminsky. A remote attacker could exploit this weakness to spoof DNS entries and poison DNS caches. This could be used to misdirect users and services; i.e. for web and email traffic . This update provides the latest stable BIND releases for all platfo ... oval:org.secpod.oval:def:301632 Thomas Pollet discovered an integer overflow vulnerability in the PNG image handling filter in CUPS. This could allow a malicious user to execute arbitrary code with the privileges of the user running CUPS, or cause a denial of service by sending a specially crafted PNG image to the print server . T ... oval:org.secpod.oval:def:301543 A buffer overflow in the SGI image format decoding routines used by the CUPS image converting filter imagetops was discovered. An attacker could create malicious SGI image files that could possibly execute arbitrary code if the file was printed . An integer overflow flaw leading to a heap buffer ove ... oval:org.secpod.oval:def:301265 A heap-based buffer overflow in CUPS 1.2.x and later was discovered by regenrecht of VeriSign iDenfense that could allow a remote attacker to execute arbitrary code via a crafted CGI search expression . A validation error in the Hp-GL/2 filter was also discovered . Finally, a vulnerability in how CU ... oval:org.secpod.oval:def:301648 A programming flaw was found in Pulseaudio versions older than 0.9.9, by which a local user can gain root access, if pulseaudio is installed as a setuid to root binary, which is the recommended configuration. The updated packages fix this issue. oval:org.secpod.oval:def:301572 A vulnerability was found in xdg-open and xdg-email commands, which allows remote attackers to execute arbitrary commands if the user is tricked into trying to open a maliciously crafted URL. The updated packages have been patched to prevent the issue. oval:org.secpod.oval:def:301598 Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding . The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301643 A heap-based buffer overflow was found in how libxml2 handled long XML entity names. If an application linked against libxml2 processed untrusted malformed XML content, it could cause the application to crash or possibly execute arbitrary code . The updated packages have been patched to prevent this ... oval:org.secpod.oval:def:301426 Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding . Update: The original fix used to correct this issue caused some applications tha ... oval:org.secpod.oval:def:301242 A vulnerability was discovered by Havoc Pennington in how the dbus-daemon applied its security policy. A user with the ability to connect to the dbus-daemon could possibly execute certain method calls that they should not normally have access to. The updated packages have been patched to correct the ... oval:org.secpod.oval:def:301373 A number of vulnerabilities were found and fixed in the Apache 2.2.x packages: A flaw found in the mod_imagemap module could lead to a cross-site scripting attack on sites where mod_imagemap was enabled and an imagemap file was publically available . A flaw found in the mod_status module could lead ... oval:org.secpod.oval:def:301567 Multiple vulnerabilities were discovered in the image decoders of ImageMagick. If a user or automated system were tricked into processing malicious DCM, DIB, XBM, XCF, or XWD images, a remote attacker could execute arbitrary code with user privileges. The updated packages have been patched to correc ... oval:org.secpod.oval:def:301322 Multiple memory management flaws were found in the GSSAPI library used by Kerberos that could result in the use of already freed memory or an attempt to free already freed memory, possibly leading to a crash or allowing the execution of arbitrary code . A flaw was discovered in how the Kerberos krb5 ... oval:org.secpod.oval:def:301295 Index Functions Privilege Escalation : as a unique feature, PostgreSQL allows users to create indexes on the results of user-defined functions, known as expression indexes. This provided two vulnerabilities to privilege escalation: index functions were executed as the superuser and not the table ow ... oval:org.secpod.oval:def:301393 Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: The Datagram Congestion Control Protocol subsystem in the Linux kernel 2.6.18, and probably other versions, does not properly check feature lengths, which might allow remote attackers to execute arbitrary code, related to a ... oval:org.secpod.oval:def:301655 A vulnerability was discovered in the mod_proxy module in Apache where it did not limit the number of forwarded interim responses, allowing remote HTTP servers to cause a denial of service via a large number of interim responses . A cross-site scripting vulnerability was found in the mod_proxy_ftp ... oval:org.secpod.oval:def:301540 An input validation flaw was found in the Bluetooth Session Description Protocol packet parser used in the Bluez bluetooth utilities. A bluetooth device with an already-trusted relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash and p ... oval:org.secpod.oval:def:301343 A number of vulnerabilities have been found and corrected in PHP: PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with "S:", which did not properly track the number of input bytes being proce ... oval:org.secpod.oval:def:301332 Chris Evans found a buffer overflow condition in Ghostscript, which can lead to arbitrary code execution as the user running any application using it to process a maliciously crafted Postscript file. The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301646 Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. The updated packages have been patched to prevent this issue. oval:org.secpod.oval:def:301568 Multiple integer overflows in the imageop module in Python prior to 2.5.3 allowed context-dependent attackers to cause a denial of service or possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows . This was due to an incomplete fix for CVE-2007-4965. David Rema ... |
