Section: .. / 0602-advisories /
| /// File Name: |
plus-6.2.0.189.txt |
Description:
|
PLUS (PatchLink Update Server) version: 6.2.0.189 suffers from several bugs and security issues.
| | Author: | Brian Boner | | File Size: | 12199 | | Last Modified: | Feb 20 22:19:51 2006 |
| MD5 Checksum: | 7cbb9e4d755998f24ea49dfbe015bed5 |
|
| /// File Name: |
cisco-SA-20060215-guard-auth.txt |
Description:
|
A vulnerability in versions 5.0(1) and 5.0(3) of the software used in Cisco Anomaly Detection and Mitigation appliances and service modules may allow unauthorized users to get unauthorized access to the devices and/or escalate their privileges if Terminal Access Controller Access Control System Plus (TACACS+) is incompletely configured.
| | Homepage: | http://www.cisco.com/warp/public/707/cisco-sa-20060215-guard.shtml | | File Size: | 16280 | | Last Modified: | Feb 20 22:17:13 2006 |
| MD5 Checksum: | 5e8c98bd203dfe6fa3933f7107b171ca |
|
| /// File Name: |
PostgreSQL8.1.3.txt |
Description:
|
Multiple security problems were fixed in PostgreSQL 8.1.3.
| | Homepage: | http://www.postgresql.org/ | | File Size: | 2531 | | Last Modified: | Feb 20 22:16:11 2006 |
| MD5 Checksum: | f04e73fd0e8da50f3ac5477b0c02fc7b |
|
| /// File Name: |
MirabilizICQ.txt |
Description:
|
A bug in Mirabiliz ICQ could allow an attacker to trick users into executing files inside an uploaded directory.
| | Author: | edubp2002 | | File Size: | 2363 | | Last Modified: | Feb 20 22:12:44 2006 |
| MD5 Checksum: | 3f206b58cafc29cdbb11e29e76240871 |
|
| /// File Name: |
FLSA-2006-175406.txt |
Description:
|
Fedora Legacy Update Advisory - Updated Apache httpd packages that correct three security issues are now available.
| | Homepage: | http://www.fedoralegacy.org | | File Size: | 10100 | | Last Modified: | Feb 20 21:40:35 2006 |
| MD5 Checksum: | ccf2ca9c4154795fcd2739e9bc5ada96 |
|
| /// File Name: |
FLSA-2006-168935.txt |
Description:
|
Fedora Legacy Update Advisory - Updated openssh packages fix security issues.
| | Homepage: | http://www.fedoralegacy.org | | File Size: | 11274 | | Last Modified: | Feb 20 21:39:58 2006 |
| MD5 Checksum: | 21e3439e7fdf00498df3153eb5505116 |
|
| /// File Name: |
FLSA-2006-152809.txt |
Description:
|
Fedora Legacy Update Advisory - Updated squid package fixes security issues
| | Homepage: | http://www.fedoralegacy.org | | File Size: | 13306 | | Last Modified: | Feb 20 21:39:21 2006 |
| MD5 Checksum: | ad5527f16346e4e158d5415b1a1a7869 |
|
| /// File Name: |
OpenPKG-SA-2006.003.txt |
Description:
|
OpenPKG Security Advisory - Ulrich Drepper discovered [0] a weakness in OpenSSH [1] version 4.2p1 and earlier, caused due to the insecure use of the system(3) function in scp(1) when performing copy operations using filenames that are supplied by the user from the command line. This can be exploited to execute shell commands with privileges of the user running scp(1).
| | Homepage: | http://www.openpkg.org/ | | File Size: | 2358 | | Last Modified: | Feb 20 21:38:30 2006 |
| MD5 Checksum: | cfe3463202634882f2b5699eddc825e5 |
|
| /// File Name: |
OpenPKG-SA-2006.002.txt |
Description:
|
OpenPKG Security Advisory - According to a vendor bug report [0], an incomplete blacklist vulnerability exists in the Sudo [1] utility which can lead to a privilege escalation. The vulnerability exists in Sudo 1.6.8 and earlier and allows local users to gain privileges via the "SHELLOPTS" and "PS4" environment variables before executing a shell script on behalf of another user.
| | Homepage: | http://www.openpkg.org/ | | File Size: | 2328 | | Last Modified: | Feb 20 21:37:32 2006 |
| MD5 Checksum: | d94daefc2e41a02ffbe46c2b9a9d8e94 |
|
| /// File Name: |
OpenPKG-SA-2006.001.txt |
Description:
|
OpenPKG Security Advisory - According to a vendor security advisory [0] based on hints from the Gentoo project, a false positive signature verification bug exists in the GnuPG [1] security tool when unattended signature verification (e.g. by scripts and mail programs) is performed via "gpgv" or "gpg --verify".
| | Homepage: | http://www.openpkg.org/ | | File Size: | 2287 | | Last Modified: | Feb 20 21:36:48 2006 |
| MD5 Checksum: | 5aa5aedb0a9c4bde240e7dc1d1ed0cb8 |
|
| /// File Name: |
MDKSA-2006-043.txt |
Description:
|
Mandriva Linux Security Advisory - Tavis Ormandy discovered it is possible to make gpg incorrectly return success when verifying an invalid signature file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4127 | | Last Modified: | Feb 20 21:32:53 2006 |
| MD5 Checksum: | 4ea1a6bd072313194b504121580ab1de |
|
| /// File Name: |
MDKSA-2006-042.txt |
Description:
|
Mandriva Linux Security Advisory - Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. Although some of the previous updates appear to already catch this issue, this update adds some additional checks.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7300 | | Last Modified: | Feb 20 21:32:05 2006 |
| MD5 Checksum: | 6178602711f29d6907aa5d720b58f39a |
|
| /// File Name: |
MDKSA-2006-041.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in l2cap.c in hcidump allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3271 | | Last Modified: | Feb 20 21:31:34 2006 |
| MD5 Checksum: | dfef4d79a50aaf5d5d59c29fdd5f6264 |
|
| /// File Name: |
MDKSA-2006-040.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5562 | | Last Modified: | Feb 20 21:30:57 2006 |
| MD5 Checksum: | 250021f9ae91dda4362fb15b757a79f8 |
|
| /// File Name: |
USN-253-1.txt |
Description:
|
Ubuntu Security Notice USN-253-1 - A remote Denial of Service vulnerability was discovered in the heimdal implementation of the telnet daemon. A remote attacker could force the server to crash due to a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22775 | | Last Modified: | Feb 20 21:28:58 2006 |
| MD5 Checksum: | 6dddcaee1240a74524ca1fbd6363fe8c |
|
| /// File Name: |
USN-252-1.txt |
Description:
|
Ubuntu Security Notice USN-252-1 - Tavis Ormandy discovered a potential weakness in the signature verification of gnupg. gpgv and gpg --verify returned a successful exit code even if the checked file did not have any signature at all. The recommended way of checking the result is to evaluate the status messages, but some third party applications might just check the exit code for determining whether or not a signature is valid. These applications could be tricked into erroneously reporting a valid signature.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5389 | | Last Modified: | Feb 20 21:28:09 2006 |
| MD5 Checksum: | bd1ca2294bf9f5f2615f22032099965c |
|
| /// File Name: |
dsa-979-1.txt |
Description:
|
Debian Security Advisory DSA 979-1 - Derek Noonburg has fixed several potential vulnerabilities in xpdf, the Portable Document Format (PDF) suite, which are also present in pdfkit.framework, the GNUstep framework for rendering PDF content.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 5177 | | Last Modified: | Feb 20 21:27:12 2006 |
| MD5 Checksum: | 44046740ceeb508383f329892127745f |
|
| /// File Name: |
dsa-978-1.txt |
Description:
|
Debian Security Advisory DSA 978-1 - Tavis Ormandy noticed that gnupg, the GNU privacy guard - a free PGP replacement, verifies external signatures of files successfully even though they don't contain a signature at all.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security/ | | File Size: | 7435 | | Last Modified: | Feb 20 21:26:40 2006 |
| MD5 Checksum: | 6900ca41d318babf409f1e3221cfbb12 |
|
| /// File Name: |
glsa-200602-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200602-10 - Tavis Ormandy of the Gentoo Linux Security Auditing Team discovered that automated systems relying on the return code of GnuPG or gpgv to authenticate digital signatures may be misled by malformed signatures. GnuPG documentation states that a return code of zero (0) indicates success, however gpg and gpgv may also return zero if no signature data was found in a detached signature file. Versions less than 1.4.2.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3079 | | Last Modified: | Feb 20 21:22:35 2006 |
| MD5 Checksum: | a25305af869c11377e193f52d8282158 |
|
| /// File Name: |
sa18961.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for heimdal. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18961/ | | File Size: | 21378 | | Last Modified: | Feb 20 21:08:24 2006 |
| MD5 Checksum: | 67adad0468446add178f74bcedf82a7e |
|
| /// File Name: |
sa18960.txt |
Description:
|
Secunia Security Advisory - Evgeny Legerov has reported some vulnerabilities in Fedora Directory Server, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/18960/ | | File Size: | 2164 | | Last Modified: | Feb 20 21:08:24 2006 |
| MD5 Checksum: | cbeb73b2dc08708e611bf94093a1d46d |
|
| /// File Name: |
sa18956.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for gnupg. This fixes a security issue, which potentially can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/18956/ | | File Size: | 1548 | | Last Modified: | Feb 20 21:08:24 2006 |
| MD5 Checksum: | 405191043688feeeb10b18f1ac40a45f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
