Section: .. / 0701-advisories /
| /// File Name: |
sa23879.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for bluez-utils. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23879/ | | File Size: | 4237 | | Last Modified: | Jan 26 20:46:45 2007 |
| MD5 Checksum: | 3b94a764606cf8bd251ca1589b0357b5 |
|
| /// File Name: |
glsa-200701-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-15 - Chris Evans has discovered multiple buffer overflows in Sun JDK and Sun JRE possibly related to various AWT or font layout functions. Tom Hawtin has discovered an unspecified vulnerability in Sun JDK and Sun JRE relating to unintended applet data access. He has also discovered multiple other unspecified vulnerabilities in Sun JDK and Sun JRE allowing unintended Java applet or application resource acquisition. Versions less than 1.4.2.13 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4209 | | Last Modified: | Jan 24 01:25:56 2007 |
| MD5 Checksum: | d2db38c2c38bf541f3f7634cfcd4846d |
|
| /// File Name: |
TA07-009A.txt |
Description:
|
Technical Cyber Security Alert - Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Outlook, and Excel. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4157 | | Last Modified: | Jan 13 18:17:33 2007 |
| MD5 Checksum: | 80a44df90c7f0dae8971e98d4d49358c |
|
| /// File Name: |
glsa-200701-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-04 - An anonymous researcher found evidence of memory corruption in the way SeaMonkey handles certain types of SVG comment DOM nodes. Georgi Guninski and David Bienvenu discovered buffer overflows in the processing of long Content-Type: and long non-ASCII MIME email headers. Additionally, Frederik Reiss discovered a heap-based buffer overflow in the conversion of a CSS cursor. Several other issues with memory corruption were also fixed. SeaMonkey also contains less severe vulnerabilities involving JavaScript and Java. Versions less than 1.0.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4122 | | Last Modified: | Jan 13 18:30:45 2007 |
| MD5 Checksum: | 43908e5da5c2e6a39a34fcf3b48a6236 |
|
| /// File Name: |
glsa-200701-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-03 - Georgi Guninski and David Bienvenu discovered buffer overflows in the processing of long Content-Type: and long non-ASCII MIME headers. Additionally, Frederik Reiss discovered a heap-based buffer overflow in the conversion of a CSS cursor. Different vulnerabilities involving memory corruption in the browser engine were also fixed. Mozilla Thunderbird also contains less severe vulnerabilities involving JavaScript and Java. Versions less than 1.5.0.9 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4093 | | Last Modified: | Jan 5 02:34:25 2007 |
| MD5 Checksum: | 9ac7abcd42771382de13026561f83eeb |
|
| /// File Name: |
RISE-2007001.txt |
Description:
|
The Apple Mac OS X 10.4.x kernel suffers from a memory corruption vulnerability in shared_region_map_file_np().
| | Author: | RISE Security | | Homepage: | http://www.risesecurity.org/ | | File Size: | 4092 | | Last Modified: | Jan 19 23:05:56 2007 |
| MD5 Checksum: | 1219ff1debc375c29fcff6e67f8505f6 |
|
| /// File Name: |
OpenPKG-SA-2007.008.txt |
Description:
|
OpenPKG Security Advisory - Ralf S. Engelschall from OpenPKG GmbH discovered a Denial of Service (DoS) vulnerability in the CVS/Subversion/Git Version Control System (VCS) frontend CVSTrac, version 2.0.0.
| | Homepage: | http://www.openpkg.com/security/ | | File Size: | 4076 | | Related CVE(s): | CVE-2007-0347 | | Last Modified: | Jan 29 21:02:50 2007 |
| MD5 Checksum: | 0b5659d03a1c3f75f54ba3f47f82e56d |
|
| /// File Name: |
fetchmail-SA-2006-02.txt |
Description:
|
Fetchmail has had several nasty password disclosure vulnerabilities for a long time. It was only recently that these have been found. This affects fetchmail versions 6.3.5 and below.
| | Author: | Isaac Wilcox | | Homepage: | http://fetchmail.berlios.de/ | | File Size: | 4069 | | Related CVE(s): | CVE-2006-5867 | | Last Modified: | Jan 13 15:42:52 2007 |
| MD5 Checksum: | f1d54baf133f263538411470bb29fb11 |
|
| /// File Name: |
TA07-009B.txt |
Description:
|
Technical Cyber Security Alert - The MIT Kerberos administration daemon contains two vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4050 | | Last Modified: | Jan 13 18:21:07 2007 |
| MD5 Checksum: | fa3a69c24bdb412856f954e599c156ce |
|
| /// File Name: |
MDKSA-2007-029.txt |
Description:
|
Mandriva Linux Security Advisory - The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4046 | | Related CVE(s): | CVE-2006-5876 | | Last Modified: | Jan 29 11:22:13 2007 |
| MD5 Checksum: | 09cffdbfe97db78837e0fc7b847a5448 |
|
| /// File Name: |
sa23739.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for opera. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23739/ | | File Size: | 4044 | | Last Modified: | Jan 15 20:56:26 2007 |
| MD5 Checksum: | 504aa263bb534dd30ed800203ca77680 |
|
| /// File Name: |
ngs-pgp.txt |
Description:
|
NGSSoftware has discovered a medium risk vulnerability in PGP Desktop versions prior to 9.5.1 which can allow a remote authenticated attacker to execute arbitrary code on a system on which PGP Desktop is installed.
| | Author: | Peter Winter-Smith | | Homepage: | http://www.ngssoftware.com/ | | File Size: | 3993 | | Last Modified: | Jan 26 23:14:29 2007 |
| MD5 Checksum: | 241330362f1a75aea36240a564a5fc2c |
|
| /// File Name: |
sa23786.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities and a weakness have been reported in BEA AquaLogic, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/23786/ | | File Size: | 3966 | | Last Modified: | Jan 18 03:44:32 2007 |
| MD5 Checksum: | 9fe67480d0670c7fe864988c7c1c0ba6 |
|
| /// File Name: |
sa23792.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for w3m. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23792/ | | File Size: | 3932 | | Last Modified: | Jan 18 03:44:32 2007 |
| MD5 Checksum: | f9b983549812b7712c5ecb920799ce30 |
|
| /// File Name: |
sa23593.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges or to cause a DoS (Denial of Service) and by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/23593/ | | File Size: | 3887 | | Last Modified: | Jan 3 18:45:45 2007 |
| MD5 Checksum: | fb676f79e2b546877c1a42811d68909f |
|
| /// File Name: |
sa23882.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for acroread. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, as a vector for conducting cross-site request forgery attacks, or to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23882/ | | File Size: | 3882 | | Last Modified: | Jan 23 22:46:18 2007 |
| MD5 Checksum: | 34b27612d7376a657423a3acda999056 |
|
| /// File Name: |
MDKSA-2007-027.txt |
Description:
|
Mandriva Linux Security Advisory - Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors. XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3863 | | Related CVE(s): | CVE-2007-0254, CVE-2007-0255 | | Last Modified: | Jan 26 23:23:28 2007 |
| MD5 Checksum: | 9d6e9715986128f1272f30d7cbe75298 |
|
| /// File Name: |
01.09.07-4.txt |
Description:
|
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcRenderAddGlyphs" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the Render extension. Insufficient input validation exists when allocating memory for glyph management data structures. By sending a specially crafted X protocol request to the Render extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3838 | | Related CVE(s): | CVE-2006-6101 | | Last Modified: | Jan 13 18:14:26 2007 |
| MD5 Checksum: | 58f1b377154c664ff20c4e5ac63ae3f5 |
|
| /// File Name: |
MDKSA-2007-017.txt |
Description:
|
Mandriva Linux Security Advisory - The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3837 | | Related CVE(s): | CVE-2006-6719 | | Last Modified: | Jan 19 19:25:28 2007 |
| MD5 Checksum: | d06e520a25b9702ff4feb96db92d2c79 |
|
| /// File Name: |
USN-410-2.txt |
Description:
|
Ubuntu Security Notice 410-2 - USN-410-1 fixed vulnerabilities in the poppler PDF loader library. This update provides the corresponding updates for a copy of this code in tetex-bin in Ubuntu 5.10. Versions of tetex-bin after Ubuntu 5.10 use poppler directly and do not need a separate update. The poppler PDF loader library did not limit the recursion depth of the page model tree. By tricking a user into opening a specially crafter PDF file, this could be exploited to trigger an infinite loop and eventually crash an application that uses this library.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 3836 | | Related CVE(s): | CVE-2007-0104 | | Last Modified: | Jan 26 23:17:53 2007 |
| MD5 Checksum: | 9e90300be556dfebee280bc8f1cd8a60 |
|
| /// File Name: |
sa23618.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23618/ | | File Size: | 3833 | | Last Modified: | Jan 5 18:44:16 2007 |
| MD5 Checksum: | 2b922e60813ed4e2ee0e9e3c9aef71c2 |
|
| /// File Name: |
glsa-200701-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200701-16 - Adobe Acrobat Reader in stand-alone mode is vulnerable to remote code execution via heap corruption when loading a specially crafted PDF file. Versions less than 7.0.9 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3806 | | Last Modified: | Jan 24 01:26:16 2007 |
| MD5 Checksum: | b4c745513433e639e39d3ebb59b52050 |
|
| /// File Name: |
01.09.07-5.txt |
Description:
|
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcDbeGetVisualInfo" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. By sending a specially crafted X protocol request to the DBE extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3805 | | Related CVE(s): | CVE-2006-6102 | | Last Modified: | Jan 13 18:15:13 2007 |
| MD5 Checksum: | 70e776227a788fae7556c58ef15b513c |
|
| /// File Name: |
01.09.07-6.txt |
Description:
|
iDefense Security Advisory - Local exploitation of a memory corruption vulnerability in the "ProcDbeSwapBuffers" function in the X.Org and XFree86 X server could allow an attacker to execute arbitrary code with privileges of the X server, typically root. This vulnerability specifically lies within the DBE extension. Insufficient input validation exists when allocating memory for data structures. By sending a specially crafted X protocol request to the DBE extension, an attacker can cause an exploitable memory corruption condition. iDefense has confirmed the existence of this vulnerability in the X.Org server version 7.1-1.1.0. Previous versions may also be affected.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 3801 | | Related CVE(s): | CVE-2006-6103 | | Last Modified: | Jan 13 18:16:02 2007 |
| MD5 Checksum: | f15f19e7ca3481033d4ad4f50c3ef6ce |
|
| /// File Name: |
perforce.txt |
Description:
|
It appears that the Perforce client/server model is a bit broken. The client appears to give the server full control over the machine of the client. This,.. is not happiness.
| | Author: | Ben Bucksch | | Homepage: | http://www.bucksch.org/ | | File Size: | 3742 | | Last Modified: | Jan 4 00:35:32 2007 |
| MD5 Checksum: | a6efd8cb99916801b6455b6fe779e3df |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
