Section: .. / 0703-advisories /
| /// File Name: |
sa24609.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mysql. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24609/ | | File Size: | 9459 | | Last Modified: | Mar 22 19:34:38 2007 |
| MD5 Checksum: | 0e12df68ae146950703155b7ce5aa3da |
|
| /// File Name: |
sa24518.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and potentially gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/24518/ | | File Size: | 9448 | | Last Modified: | Mar 17 03:22:27 2007 |
| MD5 Checksum: | 8d77cd5f18db52feb3289101a60a35c8 |
|
| /// File Name: |
sa24638.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for nas. This fixes some vulnerabilities, which potentially can be exploited by malicious, local users to gain escalated privileges or malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24638/ | | File Size: | 9390 | | Last Modified: | Mar 28 17:52:50 2007 |
| MD5 Checksum: | 73881535bf1bd4d74faaa6fe5248c5d9 |
|
| /// File Name: |
USN-440-1.txt |
Description:
|
Ubuntu Security Notice 440-1 - Stefan Streichbier and B. Mueller of SEC Consult discovered that MySQL subselect queries using "ORDER BY" could be made to crash the MySQL server. An attacker with access to a MySQL instance could cause an intermittent denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9054 | | Related CVE(s): | CVE-2007-1420 | | Last Modified: | Mar 24 02:15:10 2007 |
| MD5 Checksum: | d1deaf66ff150d319683750959167b0a |
|
| /// File Name: |
MDKSA-2007-050-1.txt |
Description:
|
Mandriva Linux Security Advisory - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox program, version 1.5.0.10.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8735 | | Related CVE(s): | CVE-2006-6077, CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0981, CVE-2007-0995, CVE-2007-0996, CVE-2007-1092 | | Last Modified: | Mar 8 23:28:15 2007 |
| MD5 Checksum: | 272b47bdd64a3e3aed526ce2a414c45e |
|
| /// File Name: |
MDKSA-2007-060.txt |
Description:
|
Mandriva Linux Security Advisory - Many vulnerabilities were discovered and corrected in the Linux 2.6 kernel. The 2.6.17 kernel and earlier, when running on IA64 and SPARC platforms would allow a local user to cause a DoS (crash) via a malformed ELF file. The mincore function in the Linux kernel did not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. An unspecified vulnerability in the listxattr system call, when a "bad inode" is present, could allow a local user to cause a DoS (data corruption) and possibly gain privileges via unknown vectors. The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption. The ext3fs_dirhash function could allow local users to cause a DoS (crash) via an ext3 stream with malformed data structures. When SELinux hooks are enabled, the kernel could allow a local user to cause a DoS (crash) via a malformed file stream that triggers a NULL pointer derefernece. The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash via vectors thatr trigger a null dereference. The Linux kernel version 2.6.13 to 2.6.20.1 allowed a remote attacker to cause a DoS (oops) via a crafted NFSACL2 ACCESS request that triggered a free of an incorrect pointer. A local user could read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump; a variant of CVE-2004-1073.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8647 | | Related CVE(s): | CVE-2006-4538, CVE-2006-4814, CVE-2006-5753, CVE-2006-5823, CVE-2006-6053, CVE-2006-6056, CVE-2007-0006, CVE-2007-0772, CVE-2007-0958 | | Last Modified: | Mar 13 23:56:17 2007 |
| MD5 Checksum: | 186a8d105b5a3c8a35936f0a69d24e0a |
|
| /// File Name: |
sa24462.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for xine-lib. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24462/ | | File Size: | 8397 | | Last Modified: | Mar 13 23:06:07 2007 |
| MD5 Checksum: | 3910bb9c65608282e0e832faf5819757 |
|
| /// File Name: |
sa24651.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for evolution. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/24651/ | | File Size: | 8059 | | Last Modified: | Mar 28 04:15:18 2007 |
| MD5 Checksum: | 415c6a098a7270133b98d0aaaafb8d74 |
|
| /// File Name: |
USN-435-1.txt |
Description:
|
Ubuntu Security Notice 435-1 - Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7962 | | Related CVE(s): | CVE-2007-1387 | | Last Modified: | Mar 14 03:09:01 2007 |
| MD5 Checksum: | 85ce8bc9f5fb53091f8de673817d7bc9 |
|
| /// File Name: |
USN-433-1.txt |
Description:
|
Ubuntu Security Notice 433-1 - Moritz Jodeit discovered that the DMO loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7955 | | Related CVE(s): | CVE-2007-1246 | | Last Modified: | Mar 13 23:20:43 2007 |
| MD5 Checksum: | 642d4cf4141d799f5662f91164e441f5 |
|
| /// File Name: |
sa24384.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for MozillaFirefox and seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and spoofing attacks, gain knowledge of sensitive information, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24384/ | | File Size: | 7892 | | Last Modified: | Mar 8 01:54:52 2007 |
| MD5 Checksum: | 6eb596dbe7d4bae364119c9ec33ff4ac |
|
| /// File Name: |
sa24420.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for gnupg. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions when applications use GnuPG in an insecure manner.
| | Homepage: | http://secunia.com/advisories/24420/ | | File Size: | 7863 | | Last Modified: | Mar 8 19:52:08 2007 |
| MD5 Checksum: | 3c3a1f150ee505e370c1c9551b990250 |
|
| /// File Name: |
USN-442-1.txt |
Description:
|
Ubuntu Security Notice 442-1 - Ulf Harnhammar of Secunia Research discovered that Evolution did not correctly handle format strings when displaying shared memos. If a remote attacker tricked a user into viewing a specially crafted shared memo, they could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7566 | | Related CVE(s): | CVE-2007-1002 | | Last Modified: | Mar 27 05:44:52 2007 |
| MD5 Checksum: | 3e3dbb8356f31c519561d2ff221e1274 |
|
| /// File Name: |
ndistapi.txt |
Description:
|
The NDISTAPI.sys kernel-mode component of Microsoft Windows XP SP2 and Microsoft Windows 2003 Server SP1 is exposed to unprivileged users.
| | Author: | Ruben Santamarta | | Homepage: | http://www.reversemode.com/ | | File Size: | 7516 | | Last Modified: | Mar 20 16:36:25 2007 |
| MD5 Checksum: | 5b2a01374c341e50b8d84313b4532179 |
|
| /// File Name: |
USN-432-2.txt |
Description:
|
Ubuntu Security Notice 432-2 - USN-432-1 fixed a vulnerability in GnuPG. This update provides the corresponding updates for GnuPG2 and the GPGME library. Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7515 | | Related CVE(s): | CVE-2007-1263 | | Last Modified: | Mar 14 03:21:42 2007 |
| MD5 Checksum: | 8a90ad61541ac9fcd89bcbaa69897621 |
|
| /// File Name: |
USN-432-1.txt |
Description:
|
Ubuntu Security Notice 432-1 - Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message. An attacker could inject an unsigned message, which could fool the user into thinking the message was entirely signed by the original sender.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7467 | | Related CVE(s): | CVE-2007-1263 | | Last Modified: | Mar 9 04:13:23 2007 |
| MD5 Checksum: | d76fe00ba7ed0901c41309e218dcf780 |
|
| /// File Name: |
USN-445-1.txt |
Description:
|
Ubuntu Security Notice 445-1 - Sven Krewitt of Secunia Research discovered that XMMS did not correctly handle BMP images when loading GUI skins. If a user were tricked into loading a specially crafted skin, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7157 | | Related CVE(s): | CVE-2007-0653, CVE-2007-0654 | | Last Modified: | Mar 28 17:59:56 2007 |
| MD5 Checksum: | eb9c1ef1b4852eb92a7d5dce510544e6 |
|
| /// File Name: |
MDKSA-2007-067.txt |
Description:
|
Mandriva Linux Security Advisory - Jean-Sebastien Guay-Leroux discovered an integer underflow in the file_printf() function in file prior to 4.20 that allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6563 | | Related CVE(s): | CVE-2007-1536 | | Last Modified: | Mar 24 02:25:27 2007 |
| MD5 Checksum: | 6ccdb78a84adf2a14a3e1a6067d53d8a |
|
| /// File Name: |
sa24338.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for snort. This fixes some vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24338/ | | File Size: | 6467 | | Last Modified: | Mar 6 00:12:53 2007 |
| MD5 Checksum: | a268ef0a6adbbcee98d37c8ad5d69e8d |
|
| /// File Name: |
sa24424.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for modpython. This fixes a security issue, which can potentially be exploited to disclose certain sensitive information.
| | Homepage: | http://secunia.com/advisories/24424/ | | File Size: | 6382 | | Last Modified: | Mar 8 01:54:52 2007 |
| MD5 Checksum: | a900161c29946d96e27955255c073a17 |
|
| /// File Name: |
MDKSA-2007-062.txt |
Description:
|
Mandriva Linux Security Advisory - The DS_VideoDecoder_Open function in DirectShow/DS_VideoDecoder.c in xine-lib does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6207 | | Related CVE(s): | CVE-2007-1387 | | Last Modified: | Mar 14 03:36:50 2007 |
| MD5 Checksum: | 06e46c8ad429f82aa08b671166e7a5a8 |
|
| /// File Name: |
fortinet-mcafee.txt |
Description:
|
Multiple remote buffer overflow vulnerabilities exist in the ActiveX Control named "SiteManager.Dll" of McAfee ePolicy Orchestrator. A remote attacker who successfully exploit these vulnerabilities can completely take control of the affected system. Affected software versions include McAfee ePolicy Orchestrator 3.6.1 and McAfee ePolicy Orchestrator 3.5 patch 6.
| | Author: | cocoruder | | Homepage: | http://www.fortinet.com/ | | File Size: | 6206 | | Last Modified: | Mar 20 03:59:23 2007 |
| MD5 Checksum: | 796dbbbee6e2d7dd23564ff29854fb73 |
|
| /// File Name: |
MDKSA-2007-057.txt |
Description:
|
Mandriva Linux Security Advisory - The DMO_VideoDecoder_Open function in dmo/DMO_VideoDecoder.c in xine-lib does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6201 | | Related CVE(s): | CVE-2007-1246 | | Last Modified: | Mar 9 04:18:35 2007 |
| MD5 Checksum: | 562e47f8063bed302281781b8b55331b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
