Download
| Alert*
|
oval:org.secpod.oval:def:700164
It was discovered that Eucalyptus did not verify password resets from the Admin UI correctly. An unauthenticated remote attacker could issue password reset requests to gain admin privileges in the Eucalyptus environment. oval:org.secpod.oval:def:700232 Neil Wilson discovered that if VNC passwords were blank in QEMU configurations, access to VNC sessions was allowed without a password instead of being disabled. A remote attacker could connect to running VNC sessions of QEMU and directly control the system. By default, QEMU does not start VNC sessio ... oval:org.secpod.oval:def:700677 t1lib: Type 1 font rasterizer library - runtime t1lib could be made to crash or run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:700534 nbd: Network Block Device protocol An attacker could send crafted input to NBD and cause it to crash or to run arbitrary programs. oval:org.secpod.oval:def:700506 postfix: High-performance mail transport agent An attacker could send crafted input to Postfix and cause it to reveal confidential information. oval:org.secpod.oval:def:700741 evince: Document viewer Evince could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700732 t1lib: Type 1 font rasterizer library - runtime t1lib could be made to crash or run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:700275 It was discovered that Quagga incorrectly parsed certain malformed extended communities. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga resets BGP sessions when encountering malformed AS_PATHLIMIT attributes. A remote ... oval:org.secpod.oval:def:700718 ffmpeg: multimedia player, server and encoder FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700208 It was discovered that if AppArmor was misconfigured, under certain circumstances the parser could generate policy using an unconfined fallback execute transition when one was not specified. oval:org.secpod.oval:def:700073 A large number of security issues were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service atta ... oval:org.secpod.oval:def:700282 It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These were placed on the certificate blacklist to prevent their misuse. oval:org.secpod.oval:def:700283 It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These certificates were marked as explicitly not trusted to prevent their misuse. oval:org.secpod.oval:def:700258 USN-1049-1 fixed vulnerabilities in Firefox and Xulrunner. That update introduced a regression where some Java applets would fail to load. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, ... oval:org.secpod.oval:def:700235 It was discovered that Gabble did not verify the from field of google jingleinfo updates. This could allow a remote attacker to perform man in the middle attacks on streamed media. oval:org.secpod.oval:def:700784 python-httplib2: comprehensive HTTP client library written for Python httplib2 could be made to expose sensitive information over the network. oval:org.secpod.oval:def:700771 update-manager: GNOME application that manages apt updates Details: USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem. We apologize for the inconvenience. Origi ... oval:org.secpod.oval:def:700767 php5: HTML-embedded scripting language interpreter Details: USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get function. We apologize for the inconven ... oval:org.secpod.oval:def:700745 openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation Details: USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm introduced a regression that caused TLS/SSL connections to ... oval:org.secpod.oval:def:700823 ca-certificates-java: Common CA certificates Details: USN-1197-5 addressed an issue in ca-certificates pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates-java. Original advisory A certificate ... oval:org.secpod.oval:def:700590 firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment Details: USN-1197-1 partially addressed an issue with Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update actively distrusts the DigiNotar root certificate as well as seve ... oval:org.secpod.oval:def:700595 ca-certificates: Common CA certificates Details: USN-1197-1 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates. Original advisory A certificate auth ... oval:org.secpod.oval:def:700596 nss: Network Security Service libraries Details: USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for the Network Security Service libraries ... oval:org.secpod.oval:def:700597 quassel: KDE/Qt-based IRC client A remote attacker could send crafted input to Quassel and cause it to crash. oval:org.secpod.oval:def:700583 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1197-1 fixed a vulnerability in Firefox with regard to the DigiNotar certificate authority. This update provides the corresponding updates for Thunderbird. We are aware that the DigiNotar Root CA Certificate is still shown as tr ... oval:org.secpod.oval:def:700582 firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment A certificate authority issued fraudulent certificates. oval:org.secpod.oval:def:700543 firefox: safe and easy web browser from Mozilla Details: USN-1149-1 fixed vulnerabilities in Firefox. Unfortunately, a regression was introduced that prevented cookies from being stored properly when the hostname was a single character. This update fixes the problem. We apologize for the inconvenien ... oval:org.secpod.oval:def:700508 apturl: installs packages using the apt protocol apturl could be made to cause your desktop to crash if it opened a very long URL. oval:org.secpod.oval:def:700211 Under certain circumstances, the DHCP client could start before its AppArmor profile was loaded and therefore run unconfined. This update ensures the AppArmor profile is loaded before DHCP client starts. oval:org.secpod.oval:def:700518 pam: Pluggable Authentication Modules Details: USN-1140-1 fixed vulnerabilities in PAM. A regression was found that caused cron to stop working with a quot;Module is unknownquot; error. As a result, systems configured with automatic updates will not receive updates until cron is restarted, these upd ... oval:org.secpod.oval:def:700009 Ubuntu 10.10 is installed oval:org.secpod.oval:def:700112 USN-1024-1 fixed vulnerabilities in OpenJDK. Some of the additional backported improvements could interfere with the compilation of certain Java software. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that certain system property info ... oval:org.secpod.oval:def:700217 Under certain circumstances, CUPS could start before its AppArmor profile was loaded and therefore run unconfined. This update ensures the AppArmor profile is loaded before CUPS starts. oval:org.secpod.oval:def:700205 USN-1042-1 fixed vulnerabilities in PHP5. The fix for CVE-2010-3436 introduced a regression in the open_basedir restriction handling code. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that attackers might be able to bypass open_based ... oval:org.secpod.oval:def:700263 USN-1085-1 fixed vulnerabilities in the system TIFF library. The upstream fixes were incomplete and created problems for certain CCITTFAX4 files. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Sauli Pahlman discovered that the TIFF library incorrectly h ... oval:org.secpod.oval:def:700206 It was discovered that FUSE could be tricked into incorrectly updating the mtab file when mounting filesystems. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service. oval:org.secpod.oval:def:700664 update-manager: GNOME application that manages apt updates - update-notifier: Daemon which notifies about package updates Update Manager could be made to overwrite files as the administrator. oval:org.secpod.oval:def:700276 Sebastian Krahmer discovered that GDM did not properly drop privileges when handling the cache directories used to store users" dmrc and face icon files. This could allow a local attacker to change the ownership of arbitrary files, thereby gaining root privileges. oval:org.secpod.oval:def:700495 exim4: Exim mail transfer agent Exim could be made to run arbitrary code under some conditions. oval:org.secpod.oval:def:700220 USN-1045-1 fixed vulnerabilities in FUSE. This update to util-linux adds support for new options required by the FUSE update. Original advisory details: It was discovered that FUSE could be tricked into incorrectly updating the mtab file when mounting filesystems. A local attacker, with access to us ... oval:org.secpod.oval:def:700102 USN-959-1 fixed vulnerabilities in PAM. This update provides the corresponding updates for Ubuntu 10.10. Original advisory details: Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit t ... oval:org.secpod.oval:def:700579 foomatic-filters: OpenPrinting printer support - filters An attacker could send crafted input to Foomatic and cause it to run programs as the "lp" user. oval:org.secpod.oval:def:700554 likewise-open: Authentication services for Active Directory domains Local SQL injection vulnerability oval:org.secpod.oval:def:700081 It was discovered that certain system property information was being leaked, which could allow an attacker to obtain sensitive information. oval:org.secpod.oval:def:700277 It was discovered that OpenLDAP did not properly check forwarded authentication failures when using a slave server and chain overlay. If OpenLDAP were configured in this manner, an attacker could bypass authentication checks by sending an invalid password to a slave server. It was discovered that O ... oval:org.secpod.oval:def:700803 python-pam: A Python interface to the PAM library PyPAM could be made to crash or possibly run programs if it processed a specially crafted password. oval:org.secpod.oval:def:700587 cups: Common UNIX Printing System - server - cupsys: Common UNIX Printing System - server An attacker could send crafted print jobs to CUPS and cause it to crash or run programs. oval:org.secpod.oval:def:700671 kdeutils: KDE general-purpose utilities Ark could be made to remove files. oval:org.secpod.oval:def:700512 rdesktop: RDP client for Windows NT/2000 Terminal Server An attacker could access your files if rdesktop connected to a malicious server. oval:org.secpod.oval:def:700237 Sergey Nizovtsev discovered that Aptdaemon incorrectly filtered certain arguments when using its D-Bus interface. A local attacker could use this flaw to bypass security restrictions and view sensitive information by reading arbitrary files. oval:org.secpod.oval:def:700221 Jakub Wilk and Raphaël Hertzog discovered that dpkg-source did not correctly handle certain paths and symlinks when unpacking source-format version 3.0 packages. If a user or an automated system were tricked into unpacking a specially crafted source package, a remote attacker could modify files ... oval:org.secpod.oval:def:700212 It was discovered that AWStats did not correctly filter the LoadPlugin configuration option. A local attacker on a shared system could use this to inject arbitrary code into AWStats. oval:org.secpod.oval:def:700588 librsvg: Rendering library for SVG files SVG image rendering library has had flaws fixed. oval:org.secpod.oval:def:700209 Jon Larimer discovered that Evince"s font parsers incorrectly handled certain buffer lengths when rendering a DVI file. By tricking a user into opening or previewing a DVI file that uses a specially crafted font file, an attacker could crash evince or execute arbitrary code with the user"s privilege ... oval:org.secpod.oval:def:700779 puppet: Centralized configuration management Puppet could be made to overwrite files and run programs with administrator privileges. oval:org.secpod.oval:def:700769 devscripts: scripts to make the life of a Debian Package maintainer easier debdiff, a part of devscripts, could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700520 dovecot: IMAP and POP3 email server An attacker could send a crafted email message that could disrupt email service. oval:org.secpod.oval:def:700199 It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. oval:org.secpod.oval:def:700511 exim4: metapackage to ease Exim MTA installation An attacker could send crafted input to Exim and cause it to run programs as the Exim user. oval:org.secpod.oval:def:700751 software-properties: manage the repositories that you install software from Software Properties could be tricked into installing arbitrary PPA GPG keys. oval:org.secpod.oval:def:700152 Mike Roszkowski discovered that the Kerberos KDC did not correctly validate the contents of certain messages. If an authenticated remote attacker sent specially crafted TGS requests, the KDC service would crash, leading to a denial of service. oval:org.secpod.oval:def:700264 Cameron Meadors discovered that the MIT Kerberos 5 Key Distribution Center daemon is vulnerable to a double-free condition if the Public Key Cryptography for Initial Authentication capability is enabled. This could allow a remote attacker to cause a denial of service. oval:org.secpod.oval:def:700701 software-center: Utility for browsing, installing, and removing software An attacker could trick Software Center into installing altered packages and repositories or exposing sensitive information over the network. oval:org.secpod.oval:def:700494 krb5: MIT Kerberos services An unauthenticated remote user could crash the Kerberos service. oval:org.secpod.oval:def:700230 Kees Cook discovered that some shadow utilities did not correctly validate user input. A local attacker could exploit this flaw to inject newlines into the /etc/passwd file. If the system was configured to use NIS, this could lead to existing NIS groups or users gaining or losing access to the syste ... oval:org.secpod.oval:def:700581 ecryptfs-utils: ecryptfs cryptographic filesystem An attacker could use eCryptfs to unmount arbitrary locations and cause a denial of service. oval:org.secpod.oval:def:700228 Keiichi Mori discovered that the MIT krb5 KDC database propagation daemon is vulnerable to a denial of service attack due to improper logic when a worker child process exited because of invalid network input. This could only occur when kpropd is running in standalone mode; kpropd was not affected w ... oval:org.secpod.oval:def:700676 python-django: High-level Python web development framework Applications using Django could be made to crash or expose sensitive information. oval:org.secpod.oval:def:700559 qemu-kvm: Machine emulator and virtualizer QEMU could be made to run with adminstrator group privileges under certain circumstances. oval:org.secpod.oval:def:700091 It was discovered that Django did not properly sanitize the cookie value when applying CSRF protections resulting in a cross-site scripting vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker ... oval:org.secpod.oval:def:700766 puppet: Centralized configuration management Puppet would allow unintended access to resources over the network. oval:org.secpod.oval:def:700740 xorg: X.Org X Window System X could be made to start by a user who lacked appropriate permissions. oval:org.secpod.oval:def:700493 language-selector: Language selector for Ubuntu Linux Local users could gain root access via the language-selector. oval:org.secpod.oval:def:700804 gdm-guest-session: gdm extension for guest session gdm-guest-session could be made to delete files as the administrator. oval:org.secpod.oval:def:700489 usb-creator: create a startup disk using a CD or disc image An attacker could use usb-creator to unmount arbitrary disks or perform other unauthorized disk operations. oval:org.secpod.oval:def:700486 perl: Larry Wall"s Practical Extraction and Report Language An attacker could send crafted input to Perl and bypass intended restrictions. oval:org.secpod.oval:def:700227 It was discovered that the ACL plugin in Dovecot would incorrectly propagate ACLs to new mailboxes. A remote authenticated user could possibly read new mailboxes that were created with the wrong ACL. It was discovered that the ACL plugin in Dovecot would incorrectly merge ACLs in certain circumstan ... oval:org.secpod.oval:def:700693 acpid: Advanced Configuration and Power Interface daemon Several security issues were fixed in acpid. oval:org.secpod.oval:def:700219 Adam Baldwin discovered that Django did not properly validate query string lookups. This could be exploited to provide an information leak to an attacker with admin privilieges. Paul McMillan discovered that Django did not validate the length of the token used when generating a password reset. An a ... oval:org.secpod.oval:def:700218 Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is ... oval:org.secpod.oval:def:700255 Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the progra ... oval:org.secpod.oval:def:700249 Jesse Ruderman, Igor Bukanov, Olli Pettay, Gary Kwong, Jeff Walden, Henry Sivonen, Martijn Wargers, David Baron and Marcia Knous discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the progra ... oval:org.secpod.oval:def:700236 It was discovered that Django did not properly validate HTTP requests that contain an X-Requested-With header. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. It was discovered that Django did not properly sanitize its input when performing file uploads, ... oval:org.secpod.oval:def:700565 freetype: FreeType 2 is a font engine library FreeType could be made to run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:700558 libsoup2.4: HTTP client/server library for GNOME An attacker could send crafted URLs to a SoupServer application and obtain unintended access to files. oval:org.secpod.oval:def:700768 firefox: Mozilla Open Source web browser A security vulnerability has been fixed in Firefox. oval:org.secpod.oval:def:700775 libvorbis: The Vorbis General Audio Compression Codec libvorbis could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700758 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:700753 ubufox: Ubuntu Firefox specific configuration defaults and apt support - webfav: Firefox extension for saving web favorites Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides updated ubufox and webfav packages for use with the latest Firefox. Original advisory This update pr ... oval:org.secpod.oval:def:700757 xulrunner-1.9.2: Mozilla Gecko runtime environment Several security issues were fixed in Xulrunner. oval:org.secpod.oval:def:700754 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700755 mozvoikko: Finnish spell-checker extension for Firefox Details: USN-1355-1 fixed vulnerabilities in Firefox. This update provides an updated Mozvoikko package for use with the latest Firefox. Original advisory This update provides compatible Mozvoikko packages for the latest Firefox. oval:org.secpod.oval:def:700531 nagios3: A host/service/network monitoring and management system An attacker could modify or steal data if you were tricked into clicking on a special link to Nagios. oval:org.secpod.oval:def:700504 vino: VNC server for GNOME An attacker could send crafted input to Vino and cause it to crash. oval:org.secpod.oval:def:700680 bind9: Internet Domain Name Server Bind could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700517 bind9: Internet Domain Name Server An attacker could send crafted input to Bind and cause it to crash. oval:org.secpod.oval:def:700055 It was discovered that Bind would incorrectly allow a ncache entry and a rrsig for the same type. A remote attacker could exploit this to cause Bind to crash, resulting in a denial of service. It was discovered that Bind would incorrectly mark zone data as insecure when the zone is undergoing a key ... oval:org.secpod.oval:def:700239 It was discovered that Bind incorrectly handled IXFR transfers and dynamic updates while under heavy load when used as an authoritative server. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. oval:org.secpod.oval:def:700545 bind9: Internet Domain Name Server An attacker could send crafted input to Bind and cause it to crash. oval:org.secpod.oval:def:700284 Sebastian Krahmer discovered that the xrdb utility incorrectly filtered crafted hostnames. An attacker could use this flaw with a malicious DHCP server or with a remote xdmcp login and execute arbitrary code, resulting in root privilege escalation. oval:org.secpod.oval:def:700285 Sebastian Krahmer discovered that the dhclient utility incorrectly filtered crafted responses. An attacker could use this flaw with a malicious DHCP server to execute arbitrary code, resulting in root privilege escalation. oval:org.secpod.oval:def:700485 dhcp3: DHCP Client Details: USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix the vulnerability was not properly applied on Ubuntu 9.10 and higher. This update fixes the problem. Original advisory An attacker"s DHCP server could send crafted responses to your computer and c ... oval:org.secpod.oval:def:700572 isc-dhcp: DHCP server and client - dhcp3: DHCP server and client An attacker could send crafted input to DHCP and cause it to crash. oval:org.secpod.oval:def:700831 gnutls26: the GNU TLS library - commandline utilities - gnutls13: the GNU TLS library - commandline utilities The GnuTLS library could be made to crash under certain conditions. oval:org.secpod.oval:def:700505 policykit-1: framework for managing administrative policies and privileges Local users could gain root access by using the pkexec tool in PolicyKit. oval:org.secpod.oval:def:700271 It was discovered that vsftpd incorrectly handled certain glob expressions. A remote authenticated user could use a crafted glob expression to cause vftpd to consume all resources, leading to a denial of service. oval:org.secpod.oval:def:700059 It was discovered that ImageMagick would search for configuration files in the current directory. If a user were tricked into opening or processing an image in an arbitrary directory, a local attacker could execute arbitrary code with the user"s privileges. oval:org.secpod.oval:def:700171 Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash THunderbird or possibly run arbitrary code as the user invoking the program. Marc Schoenefeld and Christoph Diehl discovered several pr ... oval:org.secpod.oval:def:700022 Jesse Ruderman, Andreas Gal, Nils, Brian Hackett, and Igor Bukanov discovered several memory issues in the browser engine. An attacker could exploit these to crash the browser or possibly run arbitrary code as the user invoking the program. It was discovered that Firefox did not properly verify the ... oval:org.secpod.oval:def:700193 Richard Moore discovered that NSS would sometimes incorrectly match an SSL certificate which had a Common Name that used a wildcard followed by a partial IP address. While it is very unlikely that a Certificate Authority would issue such a certificate, if an attacker were able to perform a man-in-th ... oval:org.secpod.oval:def:700079 Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash the browser or possibly run arbitrary code as the user invoking the progra ... oval:org.secpod.oval:def:700060 Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of service or possibly execute arbitrary code as the user invoking the program. oval:org.secpod.oval:def:700047 USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Thunderbird. Original advisory details: Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of se ... oval:org.secpod.oval:def:700119 USN-1011-1 fixed a vulnerability in Firefox. This update provides the corresponding update for Xulrunner. Original advisory details: Morten Krakvik discovered a heap-based buffer overflow in Firefox. If a user were tricked into navigating to a malicious site, an attacker could cause a denial of serv ... oval:org.secpod.oval:def:700106 Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov, Josh Soref, Gary Kwong, Martijn Wargers, Siddharth Agarwal and Michal Zalewski discovered various flaws in the browser engine. An attacker could exploit this to crash Thunderbird or possibly run arbitrary code as the user invoking the progra ... oval:org.secpod.oval:def:700069 USN-1002-1 fixed vulnerabilities in PostgreSQL. This update provides the corresponding update for Ubuntu 10.10. Original advisory details: It was discovered that PostgreSQL did not properly enforce permissions within sessions when PL/Perl and PL/Tcl functions or operators were redefined. A remote au ... oval:org.secpod.oval:def:700812 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1401-1 fixed vulnerabilities in Xulrunner. This update provides the corresponding fixes for Thunderbird. Original advisory Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:700810 xulrunner-1.9.2: Mozilla Gecko runtime environment Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700808 ubufox: Finnish spell-checker extension for Firefox Details: USN-1400-1 fixed vulnerabilities in Firefox. This update provides an updated ubufox package for use with the latest Firefox. Original advisory This update provides compatible ubufox packages for the latest Firefox. oval:org.secpod.oval:def:700809 firefox: Mozilla Open Source web browser Several security issues were fixed in Firefox. oval:org.secpod.oval:def:700553 thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities were fixed in Thunderbird. oval:org.secpod.oval:def:700536 firefox: safe and easy web browser from Mozilla - xulrunner-1.9.2: XUL + XPCOM application runner Multiple Vulnerabilities were fixed in Firefox and Xulrunner oval:org.secpod.oval:def:700585 thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities have been fixed in Thunderbird. oval:org.secpod.oval:def:700576 firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment Multiple vulnerabilities have been fixed in Firefox and Xulrunner. oval:org.secpod.oval:def:700563 icedtea-web: An implementation of the Java Network Launching Protocol - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation An attacker could discover a user"s name or confuse a user into granting unintended access to files. oval:org.secpod.oval:def:700764 tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information if it received specially crafted network traffic. oval:org.secpod.oval:def:700705 bzip2: high-quality block-sorting file compressor - utilities Executables compressed by bzexe could be made to run programs as your login. oval:org.secpod.oval:def:700503 thunderbird: mail/news client with RSS and integrated spam filter support Thunderbird could be made to run programs as your login if it opened specially crafted mail. oval:org.secpod.oval:def:700502 firefox: safe and easy web browser from Mozilla - xulrunner-1.9.2: XUL + XPCOM application runner - firefox-3.5: safe and easy web browser from Mozilla - firefox-3.0: safe and easy web browser from Mozilla Multiple vulnerabilities in Firefox and Xulrunner oval:org.secpod.oval:def:700192 It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. It was discovered that MySQL incorrectly han ... oval:org.secpod.oval:def:700274 Philip Martin discovered that the Subversion mod_dav_svn module for Apache did not properly handle certain requests containing a lock token. A remote attacker could use this flaw to cause the service to crash, leading to a denial of service. oval:org.secpod.oval:def:700140 It was discovered that an old bug workaround in the SSL/TLS server code allowed an attacker to modify the stored session cache ciphersuite. This could possibly allow an attacker to downgrade the ciphersuite to a weaker one on subsequent connections. It was discovered that an old bug workaround in t ... oval:org.secpod.oval:def:700231 Neel Mehta discovered that incorrectly formatted ClientHello handshake messages could cause OpenSSL to parse past the end of the message. This could allow a remote attacker to cause a crash and denial of service by triggering invalid memory accesses. oval:org.secpod.oval:def:700200 It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center or forge a KRB-SAFE message. It was discovered that Kerberos did not properly ... oval:org.secpod.oval:def:700262 Chris Evans discovered that libvpx did not properly perform bounds checking. If an application using libvpx opened a specially crafted WebM file, an attacker could cause a denial of service. oval:org.secpod.oval:def:700080 Bui Quang Minh discovered that libxml2 did not properly process XPath namespaces and attributes. If an application using libxml2 opened a specially crafted XML file, an attacker could cause a denial of service or possibly execute code as the user invoking the program. oval:org.secpod.oval:def:700540 curl: HTTP, HTTPS, and FTP client and client libraries Details: Richard Silverman discovered that when doing GSSAPI authentication, libcurl unconditionally performs credential delegation, handing the server a copy of the client"s security credential. Wesley Miaw discovered that when zlib is enabled ... oval:org.secpod.oval:def:700491 openslp-dfsg: OpenSLP is an implementation of the Service Location Protocol - openslp: OpenSLP is an implementation of the Service Location Protocol An attacker could send crafted input to OpenSLP and cause it to hang. oval:org.secpod.oval:def:700567 samba: SMB/CIFS file, print, and login server for Unix An attacker could use a malicious URL to reconfigure Samba or steal information. oval:org.secpod.oval:def:700256 Volker Lendecke discovered that Samba incorrectly handled certain file descriptors. A remote attacker could send a specially crafted request to the server and cause Samba to crash or hang, resulting in a denial of service. oval:org.secpod.oval:def:700674 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:700533 libxml2: GNOME XML library libxml2 could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700651 php5: HTML-embedded scripting language interpreter PHP could be made to crash or disclose sensitive information if it processed a specially crafted image file. oval:org.secpod.oval:def:700772 firefox: Mozilla Open Source web browser Details: USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Firefox. Original advisory Firefox could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700776 xulrunner-1.9.2: Mozilla Gecko runtime environment Details: USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Xulrunner. Original advisory Xulrunner based applications could be made to crash or run programs as your login if they opened a specially crafted file. oval:org.secpod.oval:def:700535 openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation Multiple OpenJDK 6 vulnerabilities have been fixed. oval:org.secpod.oval:def:700777 thunderbird: Mozilla Open Source mail and newsgroup client Details: USN-1367-1 fixed vulnerabilities in libpng. This provides the corresponding update for Thunderbird. Original advisory Thunderbird could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700521 subversion: Advanced version control system An attacker could send crafted input to the Subversion mod_dav_svn module for Apache and cause it to crash or gain access to restricted files. oval:org.secpod.oval:def:700739 curl: HTTP, HTTPS, and FTP client and client libraries curl could be tricked into injecting arbitrary data if it handled a malicious URL. oval:org.secpod.oval:def:700711 libarchive: Library to read/write archive files libarchive could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700832 libpng: PNG file library libpng could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700571 libxfont: X11 font rasterisation library libXfont could be made to run programs as an administrator if it opened a specially crafted file. oval:org.secpod.oval:def:700660 apt: Advanced front-end for dpkg Details: It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10 ... oval:org.secpod.oval:def:700786 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700782 libxml2: GNOME XML library libxml2 could be made to cause a denial of service by consuming excessive CPU resources. oval:org.secpod.oval:def:700591 linux: Linux kernel Multiple kernel flaws have been fixed. oval:org.secpod.oval:def:700546 qemu-kvm: Machine emulator and virtualizer A privileged attacker within a QEMU guest could cause QEMU to crash. oval:org.secpod.oval:def:700527 qemu-kvm: Machine emulator and virtualizer A privileged attacker within a QEMU guest could cause QEMU to crash. oval:org.secpod.oval:def:700747 icu: International Components for Unicode library ICU could be made to crash or run programs as your login if it opened specially crafted data. oval:org.secpod.oval:def:700669 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700662 libmodplug: Library for mod music based on ModPlug libmodplug could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700778 cvs: Concurrent Versions System cvs could be made to crash or run programs as your login if it connected to a malicious proxy server. oval:org.secpod.oval:def:700830 tiff: Tag Image File Format library The TIFF library could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700702 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700827 linux-mvl-dove: Linux kernel for DOVE The system could be made to crash under certain conditions. oval:org.secpod.oval:def:700820 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700799 linux-mvl-dove: Linux kernel for DOVE The system could be made to crash or run programs as an administrator. oval:org.secpod.oval:def:700811 freetype: FreeType 2 is a font engine library FreeType could be made to crash or run programs as your login if it opened a specially crafted font file. oval:org.secpod.oval:def:700668 linux-mvl-dove: Linux kernel for DOVE Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700738 qemu-kvm: Machine emulator and virtualizer A remote attacker could cause QEMU to crash. oval:org.secpod.oval:def:700763 openssl: Secure Socket Layer binary and related cryptographic tools Multiple vulnerabilities exist in OpenSSL that could expose sensitive information or cause applications to crash. oval:org.secpod.oval:def:700727 linux-mvl-dove: Linux kernel for DOVE Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700725 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700699 clamav: Anti-virus utility for Unix ClamAV could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700650 openldap: OpenLDAP utilities An OpenLDAP server could potentially be made to crash if it received specially crafted network traffic from an authenticated user. oval:org.secpod.oval:def:700661 vsftpd: FTP server written for security Vsftpd or other applications could be made to crash if vsftpd received specially crafted network traffic. oval:org.secpod.oval:def:700247 It was discovered that FUSE would incorrectly follow symlinks when checking mountpoints under certain conditions. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service. oval:org.secpod.oval:def:700566 libvirt: Libvirt virtualization toolkit An authenticated attacker could send crafted input to libvirt and cause it to crash. oval:org.secpod.oval:def:700564 libsndfile: Library for reading/writing audio files An application using libsndfile could be made to crash or possibly run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700497 tiff: TIFF manipulation and conversion tools The TIFF library could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700490 kde4libs: KDE 4 core applications An attacker could send crafted input to Konqueror to view sensitive information. oval:org.secpod.oval:def:700557 logrotate: Log rotation utility An attacker could cause logrotate to run programs, stop working, or read and write arbitrary files. oval:org.secpod.oval:def:700501 rsync: fast remote file copy program rsync could be made to crash or run programs as your login if it connected to a malicious server. oval:org.secpod.oval:def:700273 Petr Matousek discovered that libvirt did not always honor read-only connections. An attacker who is authorized to connect to the libvirt daemon could exploit this to cause a denial of service via application crash. oval:org.secpod.oval:def:700278 Martin Barbella discovered that the thunder decoder in the TIFF library incorrectly handled an unexpected BitsPerSample value. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could execute arbitrary code with user privileges, or crash the ap ... oval:org.secpod.oval:def:700707 pidgin: multi-protocol instant messaging client Pidgin could be made to crash if it received specially crafted network traffic. oval:org.secpod.oval:def:700244 Dominik George discovered that logwatch did not properly sanitize log file names that were passed to the shell as part of a command. If a remote attacker were able to generate specially crafted filenames , they could execute arbitrary code with root privileges. oval:org.secpod.oval:def:700265 USN-1079-2 fixed vulnerabilities in OpenJDK 6 for armel architectures in Ubuntu 9.10 and Ubuntu 10.04 LTS. This update fixes vulnerabilities in OpenJDK 6 for armel architectures for Ubuntu 10.10. Original advisory details: It was discovered that untrusted Java applets could create domain name reso ... oval:org.secpod.oval:def:700254 It was discovered that untrusted Java applets could create domain name resolution cache entries, allowing an attacker to manipulate name resolution within the JVM. It was discovered that the Java launcher did not did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker coul ... oval:org.secpod.oval:def:700238 It was discovered that Mailman did not properly sanitize certain fields, resulting in cross-site scripting vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify th ... oval:org.secpod.oval:def:700223 Charlie Miller discovered several heap overflows in PPT processing. If a user or automated system were tricked into opening a specially crafted PPT document, a remote attacker could execute arbitrary code with user privileges. Ubuntu 10.10 was not affected. Marc Schoenefeld discovered that director ... oval:org.secpod.oval:def:700226 It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu ... oval:org.secpod.oval:def:700245 Marc Schoenefeld discovered that Pango incorrectly handled certain Glyph Definition tables. If a user were tricked into displaying text with a specially-crafted font, an attacker could cause Pango to crash, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 9.10. Dan Ro ... oval:org.secpod.oval:def:700498 pcsc-lite: Middleware to access a smart card using PC/SC PCSC-Lite could be made to crash or run programs if it accessed a special smart card. oval:org.secpod.oval:def:700215 It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended scurity policy in its checkPermission method. This could allow an attacker execute code with privileges that should have been prevented oval:org.secpod.oval:def:700233 It was discovered that Subversion incorrectly handled certain "partial access" privileges in rare scenarios. Remote authenticated users could use this flaw to obtain sensitive information . This issue only applied to Ubuntu 6.06 LTS. It was discovered that the Subversion mod_dav_svn module for Apac ... oval:org.secpod.oval:def:700224 It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. It was discovered that Exim incorrectly handled ce ... oval:org.secpod.oval:def:700222 It was discovered that Tomcat did not properly escape certain parameters in the Manager application which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server out ... oval:org.secpod.oval:def:700039 Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6 ... oval:org.secpod.oval:def:700144 Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges oval:org.secpod.oval:def:700257 Sauli Pahlman discovered that the TIFF library incorrectly handled invalid td_stripbytecount fields. If a user or automated system were tricked into opening a specially crafted TIFF image, a remote attacker could crash the application, leading to a denial of service. This issue only affected Ubuntu ... oval:org.secpod.oval:def:700210 It was discovered that a NULL pointer dereference in the code for handling transformations of monochrome profiles could allow an attacker to cause a denial of service through a specially crafted image oval:org.secpod.oval:def:700213 It was discovered that an integer overflow in the XML UTF-8 decoding code could allow an attacker to bypass cross-site scripting protections. This issue only affected Ubuntu 6.06 LTS, Ubuntu 8.04 LTS, and Ubuntu 9.10. It was discovered that the XML UTF-8 decoding code did not properly handle non-s ... oval:org.secpod.oval:def:700204 USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson discovered that the fixes were incomplete and introduced flaws with setuid programs loading libraries that used dynamic string tokens in their RPATH. If the "man" program was installed setuid, a local attacker could exploi ... oval:org.secpod.oval:def:700088 Tavis Ormandy discovered multiple flaws in the GNU C Library"s handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges oval:org.secpod.oval:def:700010 It was discovered that APR-util did not properly handle memory when destroying APR buckets. An attacker could exploit this and cause a denial of service via memory exhaustion. oval:org.secpod.oval:def:700681 linux-mvl-dove: Linux kernel for DOVE Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700689 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700696 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700663 radvd: Router Advertisement Daemon radvd could be made to crash or overwrite certain files if it received specially crafted network traffic. oval:org.secpod.oval:def:700570 ecryptfs-utils: ecryptfs cryptographic filesystem eCryptfs could be tricked into mounting and unmounting arbitrary locations, and possibly disclose confidential information. oval:org.secpod.oval:def:700749 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700800 linux-ti-omap4: Linux kernel for OMAP4 Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700592 linux-mvl-dove: Linux kernel for DOVE Multiple kernel flaws have been fixed. oval:org.secpod.oval:def:700528 libmodplug: Library for mod music based on ModPlug libmodplug could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700813 libpng: PNG file library libpng could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700709 quagga: BGP/OSPF/RIP routing daemon Quagga could be made to crash or run programs if it received specially crafted network traffic. oval:org.secpod.oval:def:700672 apache2: Apache HTTP server - apache2-mpm-itk: multiuser MPM for Apache 2.2 Details: It was discovered that the mod_proxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to c ... oval:org.secpod.oval:def:700683 tomcat6: Servlet and JSP engine Tomcat could be made to crash or expose sensitive information over the network. oval:org.secpod.oval:def:700770 libpng: PNG file library libpng could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700584 apache2: Apache HTTP server A remote attacker could send crafted input to Apache and cause it to crash. oval:org.secpod.oval:def:700532 libvirt: Libvirt virtualization toolkit Libvirt could be made to crash or read arbitrary files on the host. oval:org.secpod.oval:def:700783 ruby1.8: Interpreter of object-oriented scripting language Ruby 1.8 Several security issues were fixed in ruby1.8. oval:org.secpod.oval:def:700529 gimp: The GNU Image Manipulation Program GIMP could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700562 libpng: PNG file library Libpng could be made to run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700542 linux: Linux kernel Multiple kernel vulnerabilities have been fixed. oval:org.secpod.oval:def:700487 postfix: High-performance mail transport agent An attacker could send crafted input to Postfix and cause it to crash or run programs. oval:org.secpod.oval:def:700488 kdenetwork: networking applications for KDE 4 An attacker could overwrite files owned by the user if KGet opened a crafted metalink file. oval:org.secpod.oval:def:700537 tgt: Linux SCSI target user-space tools An attacker could send crafted input to tgt and cause it to crash or run arbitrary programs. oval:org.secpod.oval:def:700279 Mathias Svensson discovered that the tex-common package contains an insecure shell_escape_commands configuration item. If a user or automated system were tricked into opening a specially crafted TeX file, a remote attacker could execute arbitrary code with user privileges. oval:org.secpod.oval:def:700248 It was discovered that the Microsoft Office processing code in libclamav improperly handled certain Visual Basic for Applications data. This could allow a remote attacker to craft a document that could crash clamav or possibly execute arbitrary code. In the default installation, attackers would be ... oval:org.secpod.oval:def:700272 It was discovered that the Tomcat SecurityManager did not properly restrict the working directory. An attacker could use this flaw to read or write files outside of the intended working directory. It was discovered that Tomcat did not properly escape certain parameters in the Manager application wh ... oval:org.secpod.oval:def:700225 Geoff Keating reported that a buffer overflow exists in the intarray module"s input function for the query_int type. This could allow an attacker to cause a denial of service or possibly execute arbitrary code as the postgres user. oval:org.secpod.oval:def:700516 pam: Pluggable Authentication Modules An attacker could cause PAM to read or delete arbitrary files or cause it to crash. oval:org.secpod.oval:def:700281 Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg incorrectly handled certain malformed flic files. If a user were tricked into opening a crafted flic file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of th ... oval:org.secpod.oval:def:700286 It was discovered that GIMP incorrectly handled malformed data in certain plugin configuration files. If a user were tricked into opening a specially crafted plugin configuration file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user"s privileges. The default c ... oval:org.secpod.oval:def:700266 Dan Rosenberg discovered that multiple terminal ioctls did not correctly initialize structure memory. A local attacker could exploit this to read portions of kernel stack memory, leading to a loss of privacy. Dan Rosenberg discovered that the socket filters did not correctly initialize structure me ... oval:org.secpod.oval:def:700030 Arkadiusz Miskiewicz and others discovered that the PDF processing code in libclamav improperly validated input. This could allow a remote attacker to craft a PDF document that could crash clamav or possibly execute arbitrary code. It was discovered that an off-by-one error in the icon_cb function ... oval:org.secpod.oval:def:700568 linux: Linux kernel Multiple kernel flaws have been fixed. oval:org.secpod.oval:def:700057 Christoph Diehl discovered that libvpx did not properly perform bounds checking. If an application using libvpx opened a specially crafted WebM file, an attacker could cause a denial of service or possibly execute code as the user invoking the program. oval:org.secpod.oval:def:700149 It was discovered that OpenSSL incorrectly handled return codes from the bn_wexpand function calls. A remote attacker could trigger this flaw in services that used SSL to cause a denial of service or possibly execute arbitrary code with application privileges. This issue only affected Ubuntu 6.06 LT ... oval:org.secpod.oval:def:700093 It was discovered that Apache"s mod_cache and mod_dav modules incorrectly handled requests that lacked a path. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that Apache ... oval:org.secpod.oval:def:700733 libxml2: GNOME XML library Applications using libxml2 could be made to crash or run programs as your login if they opened a specially crafted file. oval:org.secpod.oval:def:700765 php5: HTML-embedded scripting language interpreter Multiple vulnerabilities in PHP. oval:org.secpod.oval:def:700214 Sebastian Krahmer discovered that HPLIP incorrectly handled certain long SNMP responses. A remote attacker could send malicious SNMP replies to certain HPLIP tools and cause them to crash or possibly execute arbitrary code. oval:org.secpod.oval:def:700665 jasper: Library for manipulating JPEG-2000 files JasPer could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700716 ghostscript: The GPL Ghostscript PostScript/PDF interpreter Ghostscript could be made to crash or run programs as your login if it opened a specially crafted file. oval:org.secpod.oval:def:700259 It was discovered that Avahi incorrectly handled empty UDP packets. A remote attacker could send a specially-crafted packet and cause Avahi to hang, resulting in a denial of service. oval:org.secpod.oval:def:700561 dbus: simple interprocess messaging system DBus could be made to crash if it processed a specially crafted message. oval:org.secpod.oval:def:700216 Remi Denis-Courmont discovered that D-Bus did not properly validate the number of nested variants when validating D-Bus messages. A local attacker could exploit this to cause a denial of service. oval:org.secpod.oval:def:700207 Dan Rosenberg discovered that the btrfs filesystem did not correctly validate permissions when using the clone function. A local attacker could overwrite the contents of file handles that were opened for append-only, or potentially read arbitrary contents, leading to a loss of privacy. Only Ubuntu 9 ... oval:org.secpod.oval:def:700549 linux-mvl-dove: Linux kernel for DOVE Multiple kernel flaws have been fixed. oval:org.secpod.oval:def:700500 linux-ti-omap4: Linux kernel for OMAP4 devices Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel. oval:org.secpod.oval:def:700040 Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces. oval:org.secpod.oval:def:700252 It was discovered that KVM did not correctly initialize certain CPU registers. A local attacker could exploit this to crash the system, leading to a denial of service. Thomas Pollet discovered that the RDS network protocol did not check certain iovec buffers. A local attacker could exploit this to ... oval:org.secpod.oval:def:700015 Joel Becker discovered that OCFS2 did not correctly validate on-disk symlink structures. If an attacker were able to trick a user or automated system into mounting a specially crafted filesystem, it could crash the system or exposde kernel memory, leading to a loss of privacy. Al Viro discovered a ... oval:org.secpod.oval:def:700593 linux-ti-omap4: Linux kernel for OMAP4 Multiple kernel flaws have been fixed. oval:org.secpod.oval:def:700146 Pierre Noguès discovered that Pidgin incorrectly handled malformed SLP messages in the MSN protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash, leading to a denial of service. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. Daniel ... oval:org.secpod.oval:def:700580 webkit: Web content engine library for GTK+ Multiple security vulnerabilities were fixed in WebKit. oval:org.secpod.oval:def:700496 php5: HTML-embedded scripting language interpreter Multiple vulnerabilities in PHP. oval:org.secpod.oval:def:700499 php5: HTML-embedded scripting language interpreter Details: USN 1126-1 fixed several vulnerabilities in PHP. The fix for CVE-2010-4697 introduced an incorrect reference counting regression in the Zend engine that caused the PHP interpreter to segfault. This regression affects Ubuntu 6.06 LTS and Ubu ... oval:org.secpod.oval:def:700759 linux: Linux kernel Several security issues were fixed in the kernel. oval:org.secpod.oval:def:700270 Joel Becker discovered that OCFS2 did not correctly validate on-disk symlink structures. If an attacker were able to trick a user or automated system into mounting a specially crafted filesystem, it could crash the system or exposde kernel memory, leading to a loss of privacy. Ben Hutchings discover ... oval:org.secpod.oval:def:700229 Gleb Napatov discovered that KVM did not correctly check certain privileged operations. A local attacker with access to a guest kernel could exploit this to crash the host system, leading to a denial of service. Steve Chen discovered that setsockopt did not correctly check MSS values. A local attac ... oval:org.secpod.oval:def:700787 postgresql-9.1: Object-relational SQL database - postgresql-8.4: Object-relational SQL database - postgresql-8.3: Object-relational SQL database Several security issues were fixed in PostgreSQL. oval:org.secpod.oval:def:700805 mysql-5.1: MySQL database - mysql-dfsg-5.1: MySQL database - mysql-dfsg-5.0: MySQL database Several security issues were fixed in MySQL. oval:org.secpod.oval:def:700008 Emmanuel Bouillon discovered that CUPS did not properly handle certain Internet Printing Protocol packets. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code. In the default installation in Ubuntu 8.04 LTS and later, attackers would be isolated by ... oval:org.secpod.oval:def:700773 apache2: Apache HTTP server Several security issues were fixed in the Apache HTTP Server. oval:org.secpod.oval:def:700014 Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user"s session. USN-923-1 disabled SSL/TLS renegotiation by def ... oval:org.secpod.oval:def:700510 apr: The Apache Portable Runtime Library - apache2: a scalable, extensible web server A denial of service issue exists that affects the Apache web server. oval:org.secpod.oval:def:700667 python3.1: An interactive high-level object-oriented language - python3.2: An interactive high-level object-oriented language Applications using certain Python 3 modules could be made to crash or expose sensitive information over the network. oval:org.secpod.oval:def:700713 icedtea-web: A web browser plugin to execute Java applets - openjdk-6: Open Source Java implementation - openjdk-6b18: Open Source Java implementation Multiple OpenJDK 6 and IcedTea-Web vulnerabilities have been fixed. oval:org.secpod.oval:def:700658 thunderbird: Mozilla Open Source mail and newsgroup client Multiple vulnerabilities have been fixed in Thunderbird. oval:org.secpod.oval:def:700656 firefox: Mozilla Open Source web browser - xulrunner-1.9.2: Mozilla Gecko runtime environment Multiple vulnerabilities have been fixed in Firefox and Xulrunner. oval:org.secpod.oval:def:700802 eglibc: Embedded GNU C Library: sources - glibc: GNU C Library: Documentation Multiple vulnerabilities were discovered and fixed in the GNU C Library. oval:org.secpod.oval:def:700781 openjdk-6: Open Source Java implementation Multiple OpenJDK 6 vulnerabilities have been fixed. oval:org.secpod.oval:def:700788 openjdk-6b18: Open Source Java implementation Details: USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM . This provides the corresponding OpenJDK 6 update for use with the ARM architecture in Ubuntu 10.04 LTS, Ubun ... |
