Section: .. / Last 20 Advisory Files /
| /// File Name: | MDVSA-2008-180.txt | Description:
| Mandriva Linux Security Advisory - Andreas Solberg found a denial of service flaw in how libxml2 processed certain content. If an application linked against libxml2 processed such malformed XML content, it could cause the application to stop responding. The updated packages have been patched to prevent this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7142 | | Related CVE(s): | CVE-2008-3281 | | Last Modified: | Aug 21 20:37:14 2008 | | MD5 Checksum: | d020ce82b78a55691be3b77a8258749f |
|
| /// File Name: | MDVSA-2008-179.txt | Description:
| Mandriva Linux Security Advisory - An input validation flaw was found in X.org's MIT-SHM extension. A client connected to the X.org server could read arbitrary server memory, resulting in the disclosure of sensitive data of other users of the X.org server. Multiple integer overflows were found in X.org's Render extension. A malicious authorized client could exploit these issues to cause a denial of service (crash) or possibly execute arbitrary code with root privileges on the X.org server. The Metisse program is likewise affected by these issues; the updated packages have been patched to prevent them. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5189 | | Related CVE(s): | CVE-2008-1379, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362 | | Last Modified: | Aug 21 20:36:27 2008 | | MD5 Checksum: | 7fa23a387b9a6aa48f33a17134658e9b |
|
| /// File Name: | MDVSA-2008-178.txt | Description:
| Mandriva Linux Security Advisory - Alin Rad Pop found an array index vulnerability in the SDP parser of xine-lib. If a user or automated system were tricked into opening a malicious RTSP stream, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. The ASF demuxer in xine-lib did not properly check the length of ASF headers. If a user was tricked into opening a crafted ASF file, a remote attacker could possibly cause a denial of service or execute arbitrary code with the privileges of the user using the program. The Matroska demuxer in xine-lib did not properly verify frame sizes, which could possibly lead to the execution of arbitrary code if a user opened a crafted ASF file. Luigi Auriemma found multiple integer overflows in xine-lib. If a user was tricked into opening a crafted FLV, MOV, RM, MVE, MKV, or CAK file, a remote attacker could possibly execute arbitrary code with the privileges of the user using the program. Guido Landi found A stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5942 | | Related CVE(s): | CVE-2008-0073, CVE-2008-1110, CVE-2008-1161, CVE-2008-1482, CVE-2008-1878 | | Last Modified: | Aug 21 20:36:00 2008 | | MD5 Checksum: | f81b67007a37ee028b814f93f17b95cb |
|
| /// File Name: | glsa-200804-22-03.txt | Description:
| Gentoo Linux Security Advisory [UPDATE] GLSA 200804-22:03 - Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers (CVE-2008-1637). Thomas Biege of SUSE pointed out that a prior fix to resolve this issue was incomplete, as it did not always enable the stronger random number generator for source port selection (CVE-2008-3217). Versions less than 3.1.6 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2870 | | Related CVE(s): | CVE-2008-1637, CVE-2008-3217 | | Last Modified: | Aug 21 20:28:39 2008 | | MD5 Checksum: | ebb72f271795a16c7a89e0cc3a25ae70 |
|
| /// File Name: | MDVSA-2008-177.txt | Description:
| Mandriva Linux Security Advisory - Guido Landi found a stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5130 | | Related CVE(s): | CVE-2008-1878 | | Last Modified: | Aug 21 00:46:04 2008 | | MD5 Checksum: | be91fa3452d00d25310bbe167ebe5038 |
|
| /// File Name: | MDVSA-2008-176.txt | Description:
| Mandriva Linux Security Advisory - A stack-based buffer overflow was found in mtr prior to version 0.73 that allowed remote attackers to execute arbitrary code via a crafted DNS PTR record, when called with the --split option. The updated packages provide mtr 0.73 which corrects this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2757 | | Related CVE(s): | CVE-2008-2357 | | Last Modified: | Aug 21 00:45:02 2008 | | MD5 Checksum: | 0ea1927644dee386902a2c15ae603cee |
|
| /// File Name: | MDVSA-2008-175.txt | Description:
| Mandriva Linux Security Advisory - A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3047 | | Related CVE(s): | CVE-2008-3533 | | Last Modified: | Aug 21 00:44:43 2008 | | MD5 Checksum: | 68a89521e8a4ebd2c2bd15623294278c |
|
| /// File Name: | CORE-2008-0813.txt | Description:
| Core Security Technologies Advisory - vBulletin versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 suffer from a cross site scripting vulnerability. | | Author: | Federico Muttis | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 8589 | | Last Modified: | Aug 21 00:35:17 2008 | | MD5 Checksum: | 762ace67edbf513d11ef873fdb4e0b14 |
|
| /// File Name: | USN-636-1.txt | Description:
| Ubuntu Security Notice 636-1 - Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 21465 | | Related CVE(s): | CVE-2008-2936 | | Last Modified: | Aug 20 02:46:11 2008 | | MD5 Checksum: | cce112ac7583d275595f69c51a839d9d |
|
| /// File Name: | MDVSA-2008-173.txt | Description:
| Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected older versions of kpdf, so the updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8914 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Aug 20 02:43:36 2008 | | MD5 Checksum: | a4ecb934a32e106110b9ab5649af376c |
|
| /// File Name: | SSRT080117-2.txt | Description:
| HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin. | | Homepage: | http://www.hp.com/ | | File Size: | 12417 | | Related CVE(s): | CVE-2008-2463, CVE-2008-2244, CVE-2008-3003, CVE-2008-3004, CVE-2008-3005, CVE-2008-3006, CVE-2008-3018, CVE-2008-3019, CVE-2008-3020, CVE-2008-3021, CVE-2008-3460, CVE-2008-2254, CVE-2008-2255, CVE-2008-2256, CVE-2008-2257, CVE-2008-2258, CVE-2008-2259, CVE-2008-2245, CVE-2008-2246, CVE-2008-1448, CVE-2008-1456, CVE-2008-1457, CVE-2008-0082, CVE-2008-0120, CVE-2008-0121, CVE-2008-1455 | | Last Modified: | Aug 20 02:06:05 2008 | | MD5 Checksum: | eff92d137ada0a63b95a01b33d2c7643 |
|
| /// File Name: | dsa-1629-2.txt | Description:
| Debian Security Advisory 1629-2 - Due to a version numbering problem, the Postfix update for DSA 1629 was not installable on the i386 (Intel ia32) architecture. This update increases the version number to make it installable on i386 as well. | | Homepage: | http://www.debian.org/security | | File Size: | 10095 | | Related CVE(s): | CVE-2008-2936 | | Last Modified: | Aug 20 01:57:28 2008 | | MD5 Checksum: | d5905b0f7ab31785748e93c41a799586 |
|
| /// File Name: | SSRT080039-2.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could by exploited remotely to allow cross site scripting (XSS). | | Homepage: | http://www.hp.com/ | | File Size: | 6382 | | Related CVE(s): | CVE-2008-1663 | | Last Modified: | Aug 18 20:05:07 2008 | | MD5 Checksum: | 532beb0aee3e979142e353425bdaf021 |
|
| /// File Name: | dsa-1629-1.txt | Description:
| Debian Security Advisory 1629-1 - Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root. | | Homepage: | http://www.debian.org/security | | File Size: | 13634 | | Related CVE(s): | CVE-2008-2936 | | Last Modified: | Aug 18 19:15:23 2008 | | MD5 Checksum: | 5a5029498e47c3b0c8f6caa98004975c |
|
| /// File Name: | PLSA-2008-25.txt | Description:
| Pardus Linux Security Advisory - Sebastian Krahmer has reported some security issues in Postfix, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges. | | Author: | Pardus Linux | | File Size: | 2262 | | Related CVE(s): | CVE-2008-2936, CVE-2008-2937 | | Last Modified: | Aug 15 20:40:40 2008 | | MD5 Checksum: | e57d0cc8a2f7fccc61fb079bf6de7bda |
|
| /// File Name: | MDVSA-2008-172.txt | Description:
| Mandriva Linux Security Advisory - A flaw in Amarok prior to 1.4.10 would allow local users to overwrite arbitrary files via a symlink attack on a temporary file that Amarok created with a predictable name. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5625 | | Related CVE(s): | CVE-2008-3699 | | Last Modified: | Aug 15 20:39:23 2008 | | MD5 Checksum: | 35b9f3396f2f1dad47d3cfe0d6aee45f |
|
| /// File Name: | MDVSA-2008-171.txt | Description:
| Mandriva Linux Security Advisory - Sebastian Krahmer of the SUSE Security Team discovered a flaw in the way Postfix dereferenced symbolic links. If a local user had write access to a mail spool directory without a root mailbox file, it could be possible for them to append arbitrary data to files that root had write permissions to. The updated packages have been patched to correct this issue. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8984 | | Related CVE(s): | CVE-2008-2936 | | Last Modified: | Aug 15 20:39:05 2008 | | MD5 Checksum: | 48044f8eb8d0f450a53f132789027535 |
|
| /// File Name: | PLSA-2008-24.txt | Description:
| Pardus Linux Security Advisory - A security issue has been reported in Amarok, which can be exploited by malicious, local users to perform certain actions with escalated privileges. | | Author: | Pardus Linux | | File Size: | 1930 | | Related CVE(s): | CVE-2008-3699 | | Last Modified: | Aug 15 18:41:56 2008 | | MD5 Checksum: | fc8bca31f37dffda0b3a0d3f2f9656f1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
