Section: .. / 0806-advisories /
| /// File Name: |
ff3-ignore.txt |
Description:
|
It appears that Firefox 3.0 ignores multiple protocol-handler security settings.
| | Author: | Carl Hardwick | | File Size: | 709 | | Last Modified: | Jun 18 17:51:55 2008 |
| MD5 Checksum: | 2d4e5302bccc4ea623e8c14ae732345e |
|
| /// File Name: |
glsa-200806-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200806-01 - Adam Zabrocki reported a boundary error within the split_redraw() function in the file split.c, possibly leading to a stack-based buffer overflow. Versions less than 0.73-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2660 | | Related CVE(s): | CVE-2008-2357 | | Last Modified: | Jun 3 14:25:09 2008 |
| MD5 Checksum: | a1346c149e55c22f98b3a5fd1eaeb4dc |
|
| /// File Name: |
glsa-200806-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200806-02 - Anthony de Almeida Lopes reported a vulnerability in libxslt when handling XSL style-sheet files, which could be exploited to trigger the use of uninitialized memory, e.g. in a call to free(). Versions less than 1.1.24 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2698 | | Related CVE(s): | CVE-2008-1767 | | Last Modified: | Jun 3 14:25:31 2008 |
| MD5 Checksum: | 632176217acc3beb6a4a979399e2d892 |
|
| /// File Name: |
glsa-200806-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200806-03 - Two vulnerabilities in Imlib 2 may allow for the execution of arbitrary code. Versions less than 1.4.0-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2857 | | Related CVE(s): | CVE-2008-2426 | | Last Modified: | Jun 9 10:33:44 2008 |
| MD5 Checksum: | 148622ff622f4cfa1ff97b2c8ac98e08 |
|
| /// File Name: |
glsa-200806-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200806-04 - Multiple vulnerabilities in rdesktop may lead to the execution of arbitrary code or a Denial of Service. Versions less than 1.6.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3581 | | Related CVE(s): | CVE-2008-1801, CVE-2008-1802, CVE-2008-1803 | | Last Modified: | Jun 16 19:42:03 2008 |
| MD5 Checksum: | eeb5b384a15b5f0e291664e26ca181d0 |
|
| /// File Name: |
glsa-200806-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200806-05 - Mamoru Tasaka discovered that filenames of the image archives are not properly sanitized before being passed to decompression utilities like unrar and unzip, which use the system() libc library call. Versions less than 0.9.17 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3083 | | Related CVE(s): | CVE-2008-2575 | | Last Modified: | Jun 16 20:06:37 2008 |
| MD5 Checksum: | f3cfe3af5a6a81a27e7b597762719daa |
|
| /// File Name: |
glsa-200806-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200806-06 - Multiple vulnerabilities in Evolution may allow for user-assisted execution of arbitrary code. Versions less than 2.12.3-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3407 | | Related CVE(s): | CVE-2008-1108, CVE-2008-1109 | | Last Modified: | Jun 16 20:06:52 2008 |
| MD5 Checksum: | ef073668a8ecd8c9414afe20fa7d707e |
|
| /// File Name: |
glsa-200806-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200806-08 - Two vulnerabilities might allow for a Denial of Service of daemons using OpenSSL. Versions less than 0.9.8g-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2920 | | Related CVE(s): | CVE-2008-0891, CVE-2008-1672 | | Last Modified: | Jun 23 21:17:15 2008 |
| MD5 Checksum: | 17c61fdc86e90aef4e2407a5486c4536 |
|
| /// File Name: |
glsa-200806-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200806-10 - Font parsing vulnerabilities in FreeType might lead to user-assisted execution of arbitrary code. Versions less than 2.3.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3153 | | Related CVE(s): | CVE-2008-1806, CVE-2008-1807, CVE-2008-1808 | | Last Modified: | Jun 23 21:17:59 2008 |
| MD5 Checksum: | 46dcddb44401e1e2765f1d8b769beccd |
|
| /// File Name: |
glsa-200806-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200806-11 - Because of sharing the same codebase, IBM JDK and JRE are affected by the vulnerabilities mentioned in GLSA 200804-20. Versions less than 1.5.0.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3867 | | Last Modified: | Jun 25 19:36:54 2008 |
| MD5 Checksum: | 626b6ce57172984c878b0193d2f8c3d3 |
|
| /// File Name: |
haloloop2.txt |
Description:
|
Halo: Combat Evolved versions 1.07 and below suffer from an endless loop vulnerability.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | haloloop2.zip | | File Size: | 1682 | | Last Modified: | Jun 29 16:41:00 2008 |
| MD5 Checksum: | 2342eabb31216ae3717a8fae1e0fd88c |
|
| /// File Name: |
jura-coffeepwn.txt |
Description:
|
The Jura Impressa F90 coffee maker allows for remote mangling of the presets and possible denial of happy coffee drinking service. We can now envision the day when coffee makers will be part of large botnets.
| | Author: | Craig Wright | | File Size: | 2689 | | Last Modified: | Jun 17 14:00:42 2008 |
| MD5 Checksum: | c0e724a3d268e1b26ec0fc3185aa63ad |
|
| /// File Name: |
MDVSA-2008-109.txt |
Description:
|
Mandriva Linux Security Advisory - The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. Additionally, some fixes were made, related to: iwlwifi (small bug interacting with drakconnect interface detection), brightness handling on EeePc, uvcvideo on Thinkpad X300, sound for TOSHIBA Satellite Pro A200 and A210, RealTek 8169 ethernet, unionfs, and more.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 71889 | | Related CVE(s): | CVE-2008-1675 | | Last Modified: | Jun 3 20:46:43 2008 |
| MD5 Checksum: | 58602d0d5640cdc9f3a5187c33bc70d7 |
|
| /// File Name: |
MDVSA-2008-110.txt |
Description:
|
Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.14.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 59983 | | Related CVE(s): | CVE-2008-1380 | | Last Modified: | Jun 6 18:57:57 2008 |
| MD5 Checksum: | c14720412bc04f903daf033da6ff8fa2 |
|
| /// File Name: |
MDVSA-2008-111.txt |
Description:
|
Mandriva Linux Security Advisory - Evolution did not properly validate timezone data when processing iCalendar attachments. If a user disabled the Itip Formatter plugin and viewed a crafted iCalendar attachment, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges. Evolution also did not properly validate the DESCRIPTION field when processing iCalendar attachments. If a user were tricked into accepting a crafted iCalendar attachment and replied to it from the calendar window, an attacker could cause a denial of service or potentially execute arbitrary code with the user's privileges. In addition, Matej Cepl found that Evolution did not properly validate date fields when processing iCalendar attachments, which could lead to a denial of service if the user viewed a crafted iCalendar attachment with the Itip Formatter plugin disabled.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4855 | | Related CVE(s): | CVE-2008-1108, CVE-2008-1109 | | Last Modified: | Jun 10 22:59:20 2008 |
| MD5 Checksum: | 8599773af718f2638dbe13c36f4f1b94 |
|
| /// File Name: |
MDVSA-2008-113.txt |
Description:
|
Mandriva Linux Security Advisory - The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 75589 | | Related CVE(s): | CVE-2008-1673 | | Last Modified: | Jun 13 19:08:23 2008 |
| MD5 Checksum: | ba8d7e65ec5a0cb555e482dd8977020f |
|
| /// File Name: |
MDVSA-2008-114.txt |
Description:
|
Mandriva Linux Security Advisory - Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2803 | | Related CVE(s): | CVE-2008-1926 | | Last Modified: | Jun 16 19:10:09 2008 |
| MD5 Checksum: | f7c83bf58faad8497d724110968528aa |
|
| /// File Name: |
MDVSA-2008-115.txt |
Description:
|
Mandriva Linux Security Advisory - An input validation flaw was found in X.org's Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5605 | | Related CVE(s): | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361 | | Last Modified: | Jun 16 20:05:13 2008 |
| MD5 Checksum: | aa2f2e2ac172a337017cbc0773c50eb4 |
|
| /// File Name: |
MDVSA-2008-116.txt |
Description:
|
Mandriva Linux Security Advisory - An input validation flaw was found in X.org's Security and Record extensions. A malicious authorized client could exploit the issue to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. In addition, this update corrects a problem that could cause memory corruption or segfaults in the render code of the vnc server on Mandriva Linux 2008.1
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 19210 | | Related CVE(s): | CVE-2008-1377, CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362 | | Last Modified: | Jun 16 20:06:28 2008 |
| MD5 Checksum: | b517657379a7aa72957fef323eea0c6a |
|
| /// File Name: |
MDVSA-2008-117.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in fetchmail was discovered that allowed remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed message with long headers. The crash only occurred when fetchmail was called in '-v -v' mode.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6023 | | Related CVE(s): | CVE-2008-2711 | | Last Modified: | Jun 20 15:37:50 2008 |
| MD5 Checksum: | 412abb421e3c4e39ed65a82e78cb9acb |
|
| /// File Name: |
MDVSA-2008-118.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in how Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could exploit this flaw to spoof an authenticated SNMPv3 packet. A buffer overflow was found in the perl bindings for Net-SNMP that could be exploited if an attacker could convince an application using the Net-SNMP perl modules to connect to a malicious SNMP agent.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 12264 | | Related CVE(s): | CVE-2008-0960, CVE-2008-2292 | | Last Modified: | Jun 20 21:10:58 2008 |
| MD5 Checksum: | cc433135503af2777d591505aad90320 |
|
| /// File Name: |
MDVSA-2008-119.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw was found in exiv2 that would cause exiv2, or applications linked to libexiv2, to crash on image files with certain metadata in the image.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4165 | | Related CVE(s): | CVE-2008-2696 | | Last Modified: | Jun 21 13:47:51 2008 |
| MD5 Checksum: | 2ecaa2efa66c556331d6b2617dae9f3d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
