Section: .. / 0807-advisories /
| /// File Name: |
Advisory-DWR.pdf |
Description:
|
Direct Web Rendering (DWR) version 2.0.1 suffers from a cross site scripting vulnerability.
| | Author: | Peter Osterberg | | Homepage: | http://www.fortconsult.net/ | | File Size: | 194548 | | Related CVE(s): | CVE-2008-2740 | | Last Modified: | Jul 10 00:24:48 2008 |
| MD5 Checksum: | 377d17490f5fdf8a4323108cbce18fa9 |
|
| /// File Name: |
USN-625-1.txt |
Description:
|
Ubuntu Security Notice 625-1 - A massive slew of Linux kernel related vulnerabilities have been addressed for the linux-source-2.6.15/20/22 packages.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 192927 | | Related CVE(s): | CVE-2007-6282, CVE-2007-6712, CVE-2008-0598, CVE-2008-1615, CVE-2008-1673, CVE-2008-2136, CVE-2008-2137, CVE-2008-2148, CVE-2008-2358, CVE-2008-2365, CVE-2008-2729, CVE-2008-2750, CVE-2008-2826 | | Last Modified: | Jul 16 14:50:16 2008 |
| MD5 Checksum: | 5e9e19eec557961a1d40d8762fd5cff3 |
|
| /// File Name: |
sa31107.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, disclose potentially sensitive information, and gain escalated privileges, and malicious people to cause a DoS and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/31107/ | | File Size: | 176312 | | Last Modified: | Jul 16 15:45:24 2008 |
| MD5 Checksum: | cef887413e3c822b4a3307bf8e729231 |
|
| /// File Name: |
cisco-sa-20080708-dns.txt |
Description:
|
Cisco Security Advisory - Multiple Cisco products are vulnerable to DNS cache poisoning attacks due to their use of insufficiently randomized DNS transaction IDs and UDP source ports in the DNS queries that they produce, which may allow an attacker to more easily forge DNS answers that can poison DNS caches. To exploit this vulnerability an attacker must be able to cause a vulnerable DNS server to perform recursive DNS queries. Therefore, DNS servers that are only authoritative, or servers where recursion is not allowed, are not affected.
| | Homepage: | http://www.cisco.com/ | | File Size: | 70464 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 10 02:26:35 2008 |
| MD5 Checksum: | cb637e8f1582226fc0c36ad581d49c46 |
|
| /// File Name: |
USN-628-1.txt |
Description:
|
Ubuntu Security Notice 628-1 - Over a dozen vulnerabilities in php5 have been addressed in Ubuntu.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 62408 | | Related CVE(s): | CVE-2007-4782, CVE-2007-4850, CVE-2007-5898, CVE-2007-5899, CVE-2008-0599, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051, CVE-2008-2107, CVE-2008-2108, CVE-2008-2371, CVE-2008-2829 | | Last Modified: | Jul 23 19:47:53 2008 |
| MD5 Checksum: | 6cd6d0407e8f8ffd96589e18817d582e |
|
| /// File Name: |
MDVSA-2008-136.txt |
Description:
|
Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.15.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 61180 | | Related CVE(s): | CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 10 03:28:03 2008 |
| MD5 Checksum: | b8a1a03baf75c001f0003e3d76454e50 |
|
| /// File Name: |
MDVSA-2008-148.txt |
Description:
|
Mandriva Linux Security Advisory - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 2.0.0.16. This update provides the latest Firefox to correct these issues.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 60625 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2933 | | Last Modified: | Jul 18 04:33:13 2008 |
| MD5 Checksum: | ab9dcc763cd53eb00f2102db6b1ca667 |
|
| /// File Name: |
sa31200.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/31200/ | | File Size: | 55036 | | Last Modified: | Jul 25 13:41:34 2008 |
| MD5 Checksum: | 7989e86030e9f826af65f2d0bc31d085 |
|
| /// File Name: |
MDVSA-2008-155.txt |
Description:
|
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.16.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 50277 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237, CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 25 21:02:23 2008 |
| MD5 Checksum: | c42b0d5c1d78fe93fed6e40c07dbe7cc |
|
| /// File Name: |
USN-617-2.txt |
Description:
|
Ubuntu Security Notice 617-2 - USN-617-1 fixed vulnerabilities in Samba. The upstream patch introduced a regression where under certain circumstances accessing large files might cause the client to report an invalid packet length error. This update fixes the problem. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that Samba did not properly perform bounds checking when parsing SMB replies. A remote attacker could send crafted SMB packets and execute arbitrary code.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 34404 | | Related CVE(s): | CVE-2008-1105, CVE-2007-4572 | | Last Modified: | Jul 1 11:21:52 2008 |
| MD5 Checksum: | 1a96557d0ecb7fc857c3b1519608d098 |
|
| /// File Name: |
USN-622-1.txt |
Description:
|
Ubuntu Security Notice 622-1 - Dan Kaminsky discovered weaknesses in the DNS protocol as implemented by Bind. A remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 34364 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 10 03:10:37 2008 |
| MD5 Checksum: | 63f40ff34a0a2df44dceb9b2d0f175c8 |
|
| /// File Name: |
sa30998.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/30998/ | | File Size: | 32571 | | Last Modified: | Jul 9 21:44:47 2008 |
| MD5 Checksum: | b02f2a9f3efac8eb15b40ed6ec79b1e4 |
|
| /// File Name: |
dsa-1615-1.txt |
Description:
|
Debian Security Advisory 1615-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications.
| | Homepage: | http://www.debian.org/security | | File Size: | 31926 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2811, CVE-2008-2933 | | Last Modified: | Jul 23 19:50:15 2008 |
| MD5 Checksum: | 814da2c25fb7c7e932ae2c2849d21d29 |
|
| /// File Name: |
sa31183.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/31183/ | | File Size: | 28553 | | Last Modified: | Jul 25 13:41:34 2008 |
| MD5 Checksum: | f46ee9c95f9eb822ee48aa31f07dbe8a |
|
| /// File Name: |
USN-619-1.txt |
Description:
|
Ubuntu Security Notice 619-1 - Many different flaws in Firefox have been addressed in this Ubuntu advisory. These range from arbitrary code execution to data theft and cross site scripting issues.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 25410 | | Related CVE(s): | CVE-2008-2798, CVE-2008-2799, CVE-2008-2800, CVE-2008-2801, CVE-2008-2802, CVE-2008-2803, CVE-2008-2805, CVE-2008-2806, CVE-2008-2807, CVE-2008-2808, CVE-2008-2809, CVE-2008-2810, CVE-2008-2811 | | Last Modified: | Jul 9 20:13:15 2008 |
| MD5 Checksum: | 3850c61e45e25cf11b10981293b01d01 |
|
| /// File Name: |
dsa-1603-1.txt |
Description:
|
Debian Security Advisory 1603-1 - Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
| | Homepage: | http://www.debian.org/security | | File Size: | 25029 | | Related CVE(s): | CVE-2008-1447 | | Last Modified: | Jul 10 02:16:23 2008 |
| MD5 Checksum: | 97eb7a844baa184fbb006f4c445c6ac4 |
|
| /// File Name: |
MDVSA-2008-137.txt |
Description:
|
Mandriva Linux Security Advisory - Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. Also, according to bug #38874 decimal numbers on Hebrew documents would appear as Arabic characters. Another issue (#39799) is with (Tools -> Options -> OpenOffice.org Writer -> General). Even setting to centimeters on (Indent & Spacing) option it shows as characters (ch) on (Indents & Spacing) configuration on the menu: (Format -> Paragraph -> Indents & Spacing). Moreover, a document holding Notes edited on Microsoft Office would not show when opened with OpenOffice. These and a number of other OpenOffice.org issues were fixed by the new version provided in this update.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 24382 | | Related CVE(s): | CVE-2008-2152 | | Last Modified: | Jul 10 03:28:18 2008 |
| MD5 Checksum: | f17aca78aecb606c95e50310dcb0558d |
|
| /// File Name: |
USN-623-1.txt |
Description:
|
Ubuntu Security Notice 623-1 - A flaw was discovered in the browser engine. A variable could be made to overflow causing the browser to crash. If a user were tricked into opening a malicious web page, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Billy Rios discovered that Firefox did not properly perform URI splitting with pipe symbols when passed a command-line URI. If Firefox were passed a malicious URL, an attacker may be able to execute local content with chrome privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22719 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2933 | | Last Modified: | Jul 17 15:29:57 2008 |
| MD5 Checksum: | 134f5257fe6d05be8b868a8de33caf4f |
|
| /// File Name: |
sa31129.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/31129/ | | File Size: | 22060 | | Last Modified: | Jul 18 20:28:54 2008 |
| MD5 Checksum: | 38fee3e9c2ab92298a86900c3bab8da8 |
|
| /// File Name: |
sa30898.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, to bypass certain security restrictions, or to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30898/ | | File Size: | 22039 | | Last Modified: | Jul 9 11:17:46 2008 |
| MD5 Checksum: | 2b0366bdb32c9208128490c69ffe902a |
|
| /// File Name: |
sa30988.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/30988/ | | File Size: | 20587 | | Last Modified: | Jul 9 20:15:42 2008 |
| MD5 Checksum: | f6ce5d5d891af805cc9a1b46821037c2 |
|
| /// File Name: |
USN-630-1.txt |
Description:
|
Ubuntu Security Notice 630-1 - It was discovered that ffmpeg did not correctly handle STR file demuxing. If a user were tricked into processing a malicious STR file, a remote attacker could execute arbitrary code with user privileges via applications linked against ffmpeg.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 20122 | | Related CVE(s): | CVE-2008-3162 | | Last Modified: | Jul 28 20:58:46 2008 |
| MD5 Checksum: | 951bbd456d9e3522a6e9f04d9ca30153 |
|
| /// File Name: |
USN-629-1.txt |
Description:
|
Ubuntu Security Notice 629-1 - Various flaws in the mozilla-thunderbird package have been addressed including improper handling, weaknesses, denial of service, and code execution issues.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 19876 | | Related CVE(s): | CVE-2008-2785, CVE-2008-2798, CVE-2008-2799, CVE-2008-2802, CVE-2008-2803, CVE-2008-2807, CVE-2008-2809, CVE-2008-2811 | | Last Modified: | Jul 25 13:49:41 2008 |
| MD5 Checksum: | 6423df1ff327f2272abae252a822f5cf |
|
| /// File Name: |
sa31256.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for ruby1.9. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/31256/ | | File Size: | 19768 | | Last Modified: | Jul 28 20:54:10 2008 |
| MD5 Checksum: | 2407972533e44ecbc65987eedd10dcf6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
