Section: .. / 0712-advisories /
| /// File Name: |
dsa-1422-1.txt |
Description:
|
Debian Security Advisory 1422-1 - Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 33390 | | Related CVE(s): | CVE-2007-5497 | | Last Modified: | Dec 7 20:12:51 2007 |
| MD5 Checksum: | eee9c81949ab778d13554c837f5bc66c |
|
| /// File Name: |
USN-556-1.txt |
Description:
|
Ubuntu Security Notice 556-1 - Alin Rad Pop discovered that Samba did not correctly check the size of reply packets to mailslot requests. If a server was configured with domain logon enabled, an unauthenticated remote attacker could send a specially crafted domain logon packet and execute arbitrary code or crash the Samba service. By default, domain logon is disabled in Ubuntu.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 31916 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 18 19:54:20 2007 |
| MD5 Checksum: | 31b3cae20f8ab666b2f32ac044c89878 |
|
| /// File Name: |
sa27987.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for e2fsprogs. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27987/ | | File Size: | 31891 | | Last Modified: | Dec 10 19:57:22 2007 |
| MD5 Checksum: | 8d9073eedb39fd4cf14202d04988ed01 |
|
| /// File Name: |
sa28037.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28037/ | | File Size: | 30370 | | Last Modified: | Dec 20 16:19:26 2007 |
| MD5 Checksum: | 85b369b72f42383a956583b538dedc74 |
|
| /// File Name: |
sa27957.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting or cross-site request forgery attacks, and to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27957/ | | File Size: | 28517 | | Last Modified: | Dec 13 13:34:25 2007 |
| MD5 Checksum: | 75d9f03619f08ef71b34ec0aaea182d8 |
|
| /// File Name: |
sa28003.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28003/ | | File Size: | 26444 | | Last Modified: | Dec 13 13:34:25 2007 |
| MD5 Checksum: | 46b3e236278557254ea72b830acd5e63 |
|
| /// File Name: |
sa27927.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27927/ | | File Size: | 26443 | | Last Modified: | Dec 7 11:22:07 2007 |
| MD5 Checksum: | 452175b7e56e72fb9d5f6b0dcb9775cc |
|
| /// File Name: |
USN-546-2.txt |
Description:
|
Ubuntu Security Notice 546-2 - USN-546-1 fixed vulnerabilities in Firefox. The upstream update included a faulty patch which caused the drawImage method of the canvas element to fail.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 21728 | | Related CVE(s): | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960 | | Last Modified: | Dec 5 23:24:18 2007 |
| MD5 Checksum: | 13b757256e5685b4c55ffd9bb75d453e |
|
| /// File Name: |
MDKSA-2007-235.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in the Apache mod_proxy module was found that could potentially lead to a denial of service is using a threaded Multi-Processing Module. On sites where a reverse proxy is configured, a remote attacker could send a special reequest that would cause the Apache child process handling the request to crash. Likewise, a similar crash could occur on sites with a forward proxy configured if a user could be persuaded to visit a malicious site using the proxy. A flaw in the Apache mod_autoindex module was found. On sites where directory listings are used and the AddDefaultCharset directive was removed from the configuration, a cross-site-scripting attack could be possible against browsers that to not correctly derive the response character set according to the rules in RGC 2616.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 20725 | | Related CVE(s): | CVE-2007-3847, CVE-2007-4465 | | Last Modified: | Dec 4 00:30:30 2007 |
| MD5 Checksum: | d345f9bab49fe8ef1ff30fbc712665a5 |
|
| /// File Name: |
USN-552-1.txt |
Description:
|
Ubuntu Security Notice 552-1 - It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences. If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20344 | | Related CVE(s): | CVE-2007-5116 | | Last Modified: | Dec 5 23:25:51 2007 |
| MD5 Checksum: | 4bd5e0f01a7720c0a74954c65614f89c |
|
| /// File Name: |
sa27936.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for perl. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27936/ | | File Size: | 19929 | | Last Modified: | Dec 5 15:05:44 2007 |
| MD5 Checksum: | 68ccde48f99be4c232edad64d29bd922 |
|
| /// File Name: |
sa27975.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for ruby-gnome. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27975/ | | File Size: | 19621 | | Last Modified: | Dec 11 21:35:59 2007 |
| MD5 Checksum: | 064ca4b31f9d083ae9090ada0dfbf800 |
|
| /// File Name: |
sa28016.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for mozilla-firefox. This fixes a security issue and some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28016/ | | File Size: | 18735 | | Last Modified: | Dec 17 19:56:59 2007 |
| MD5 Checksum: | 7dfe4d8b91a08f8849bd8570cb714a64 |
|
| /// File Name: |
USN-559-1.txt |
Description:
|
Ubuntu Security Notice 559-1 - Joe Gallo and Artem Russakovskii discovered that the InnoDB engine in MySQL did not properly perform input validation. An authenticated user could use a crafted CONTAINS statement to cause a denial of service. It was discovered that under certain conditions MySQL could be made to overwrite system table information. An authenticated user could use a crafted RENAME statement to escalate privileges. Philip Stoev discovered that the the federated engine of MySQL did not properly handle responses with a small number of columns. An authenticated user could use a crafted response to a SHOW TABLE STATUS query and cause a denial of service. It was discovered that MySQL did not properly enforce access controls. An authenticated user could use a crafted CREATE TABLE LIKE statement to escalate privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 18551 | | Related CVE(s): | CVE-2007-3781, CVE-2007-5969, CVE-2007-5925, CVE-2007-6304 | | Last Modified: | Dec 24 14:44:42 2007 |
| MD5 Checksum: | c3db01b803d7263925949a98a2c9dc05 |
|
| /// File Name: |
cisco-sa-20071205-csa.txt |
Description:
|
Cisco Security Advisory - A buffer overflow vulnerability exists in a system driver used by the Cisco Security Agent for Microsoft Windows. This buffer overflow can be exploited remotely and causes corruption of kernel memory, which leads to a Windows stop error (blue screen) or to arbitrary code execution.
| | Homepage: | http://www.cisco.com/ | | File Size: | 18547 | | Last Modified: | Dec 6 01:04:21 2007 |
| MD5 Checksum: | c4dd03d41fbee887a43ee7ed09a62f03 |
|
| /// File Name: |
dsa-1433-1.txt |
Description:
|
Debian Security Advisory 1433-1 - Several remote vulnerabilities have been discovered in centericq, a text-mode multi-protocol instant messenger client, which could allow remote attackers to execute arbitrary code due to insufficient bounds-testing.
| | Homepage: | http://www.debian.org/security | | File Size: | 18402 | | Related CVE(s): | CVE-2007-3713 | | Last Modified: | Dec 17 20:27:38 2007 |
| MD5 Checksum: | 3fd1f42b2e14e56c457f07ea326a9d91 |
|
| /// File Name: |
sa28128.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mysql. This fixes some security issues and vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, gain escalated privileges, and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28128/ | | File Size: | 18057 | | Last Modified: | Dec 24 13:50:38 2007 |
| MD5 Checksum: | 0e19ac82047ffb3372d4291befab9fdf |
|
| /// File Name: |
sa28103.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for centericq. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28103/ | | File Size: | 17853 | | Last Modified: | Dec 17 19:58:22 2007 |
| MD5 Checksum: | 620784e4a66fccf0eeac7d8795388f79 |
|
| /// File Name: |
dsa-1437-1.txt |
Description:
|
Debian Security Advisory 1437-1 - Several local vulnerabilities have been discovered in the Common UNIX Printing System. Wei Wang discovered that an buffer overflow in the SNMP backend may lead to the execution of arbitrary code. Elias Pipping discovered that insecure handling of a temporary file in the pdftops.pl script may lead to local denial of service. This vulnerability is not exploitable in the default configuration.
| | Homepage: | http://www.debian.org/security | | File Size: | 17681 | | Related CVE(s): | CVE-2007-6358, CVE-2007-5849 | | Last Modified: | Dec 28 17:34:14 2007 |
| MD5 Checksum: | 10c8f6d83fcfd04a972e6328349eb517 |
|
| /// File Name: |
USN-557-1.txt |
Description:
|
Ubuntu Security Notice 557-1 - Mattias Bengtsson and Philip Olausson discovered that the GD library did not properly perform bounds checking when creating images. An attacker could send specially crafted input to applications linked against libgd2 and cause a denial of service or possibly execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17513 | | Related CVE(s): | CVE-2007-3996 | | Last Modified: | Dec 19 19:43:39 2007 |
| MD5 Checksum: | 7d84ed3040a2f4e9b790b1e25fc3ac5c |
|
| /// File Name: |
dsa-1417-1.txt |
Description:
|
Debian Security Advisory 1417-1 - Tilghman Lesher discovered that the logging engine of Asterisk, a free software PBX and telephony toolkit performs insufficient sanitizing of call-related data, which may lead to SQL injection.
| | Homepage: | http://www.debian.org/security | | File Size: | 17468 | | Related CVE(s): | CVE-2007-6170 | | Last Modified: | Dec 2 16:16:48 2007 |
| MD5 Checksum: | 331836afa20816ca6ec78f2245cc3d38 |
|
| /// File Name: |
MDKSA-2007-244.txt |
Description:
|
Mandriva Linux Security Advisory - Alin Rad Pop of Secunia Research discovered a stack buffer overflow in how Samba authenticates remote users. A remote unauthenticated user could trigger this flaw to cause the Samba server to crash, or possibly execute arbitrary code with the permissions of the Samba server.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 17388 | | Related CVE(s): | CVE-2007-6015 | | Last Modified: | Dec 11 23:24:17 2007 |
| MD5 Checksum: | c193105c510cfb74c77dba05fb3dc896 |
|
| /// File Name: |
sa28147.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for libgd2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28147/ | | File Size: | 17361 | | Last Modified: | Dec 19 19:28:49 2007 |
| MD5 Checksum: | a1c9667da7652c553efcee0793a4c897 |
|
| /// File Name: |
dsa-1421-1.txt |
Description:
|
Debian Security Advisory 1421-1 - A vulnerability has been discovered in Battle for Wesnoth that allows remote attackers to read arbitrary files the user running the client has access to on the machine running the game client.
| | Homepage: | http://www.debian.org/security | | File Size: | 17222 | | Related CVE(s): | CVE-2007-5742 | | Last Modified: | Dec 7 13:07:12 2007 |
| MD5 Checksum: | ae9ba3df00e201222644fe99a887e011 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
