Section: .. / 0711-advisories /
| /// File Name: |
gadugadu-overflow.txt |
Description:
|
Gadu-Gadu version 7.7 suffers from local and remote buffer overflow vulnerabilities.
| | Author: | j00ru/vx | | File Size: | 6428 | | Last Modified: | Nov 26 21:04:18 2007 |
| MD5 Checksum: | ec542ce11f11309987b28b00e537f6fb |
|
| /// File Name: |
glsa-200711-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-01 - Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names. Versions less than 2.0.18-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3173 | | Related CVE(s): | CVE-2007-3961, CVE-2007-3962 | | Last Modified: | Nov 1 19:29:21 2007 |
| MD5 Checksum: | d1a24e7c8aaf28b4a5e6ef96ba68dbde |
|
| /// File Name: |
glsa-200711-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-02 - Jan Pechanec discovered that OpenSSH uses a trusted X11 cookie when it cannot create an untrusted one. Versions less than 4.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2976 | | Related CVE(s): | CVE-2007-4752 | | Last Modified: | Nov 1 19:29:36 2007 |
| MD5 Checksum: | 923a61c425ebd36a8682043f00698487 |
|
| /// File Name: |
glsa-200711-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-03 - Merrick Manalastas and Nicklous Roberts have discovered multiple vulnerabilities in the WebDAV and Reupload modules. Versions less than 2.2.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2974 | | Related CVE(s): | CVE-2007-4650 | | Last Modified: | Nov 1 19:29:52 2007 |
| MD5 Checksum: | fca538bf60e1b808729a818070d619a2 |
|
| /// File Name: |
glsa-200711-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-04 - The imap_rescan() function of the file camel-imap-folder.c does not properly sanitize the SEQUENCE response sent by an IMAP server before being used to index arrays. Versions less than 1.10.3.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3155 | | Related CVE(s): | CVE-2007-3257 | | Last Modified: | Nov 6 23:20:25 2007 |
| MD5 Checksum: | 73bfd4c7173bb1b3a317305f9d233fdf |
|
| /// File Name: |
glsa-200711-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-05 - Tim Brown discovered these multiple issues: the translation module does not properly sanitize the value to the dir parameter; the translation module also does not sanitize the values of the edit and value parameters which it passes to eval() and include(); the log-in command does not validate the URL to redirect users to after logging in; SiteBar also contains several cross-site scripting vulnerabilities. Versions less than 3.3.9 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 4062 | | Related CVE(s): | CVE-2007-5491, CVE-2007-5492, CVE-2007-5692, CVE-2007-5693, CVE-2007-5694, CVE-2007-5695 | | Last Modified: | Nov 6 23:21:59 2007 |
| MD5 Checksum: | 653c13956ffb694b4e066882a76b4281 |
|
| /// File Name: |
glsa-200711-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-06 - Multiple cross-site scripting vulnerabilities have been discovered in mod_status and mod_autoindex. An error has been discovered in the recall_headers() function in mod_mem_cache. The mod_cache module does not properly sanitize requests before processing them. The Prefork module does not properly check PID values before sending signals. The mod_proxy module does not correctly check headers before processing them. Versions less than 2.2.6 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3980 | | Related CVE(s): | CVE-2006-5752, CVE-2007-1862, CVE-2007-1863, CVE-2007-3304, CVE-2007-3847, CVE-2007-4465 | | Last Modified: | Nov 7 15:27:55 2007 |
| MD5 Checksum: | d0a654e53e1d16a9c2a5fa25a6c1337f |
|
| /// File Name: |
glsa-200711-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-07 - Slythers Bro discovered multiple integer overflows in the imageop module, one of them in the tovideo() method, in various locations in files imageop.c, rbgimgmodule.c, and also in other files. Versions less than 2.4.4-r6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3584 | | Related CVE(s): | CVE-2007-4965 | | Last Modified: | Nov 7 15:28:11 2007 |
| MD5 Checksum: | 5e6a79a6694e21971b2fc94f992cac20 |
|
| /// File Name: |
glsa-200711-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-08 - An off-by-one error when handling ICC profile chunks in the png_set_iCCP() function was discovered. George Cook and Jeff Phillips reported several errors in pngrtran.c, the use of logical instead of a bitwise functions and incorrect comparisons. Tavis Ormandy reported out-of-bounds read errors in several PNG chunk handling functions. Versions less than 1.2.21-r3 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3469 | | Related CVE(s): | CVE-2007-5266, CVE-2007-5268, CVE-2007-5269 | | Last Modified: | Nov 7 15:29:21 2007 |
| MD5 Checksum: | 91774f16eb2509bc91fb7173604d093c |
|
| /// File Name: |
glsa-200711-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-09 - Clemens Kolbitsch and Sylvester Keil reported an error when processing beacon frames with an overly large length value in the xrates element. Versions less than 0.9.3.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3076 | | Related CVE(s): | CVE-2007-5448 | | Last Modified: | Nov 7 15:46:11 2007 |
| MD5 Checksum: | 961d46ee34c3b0f35bcc3ccf242cf88e |
|
| /// File Name: |
glsa-200711-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-10 - IOActive discovered an error in the Mono.Math.BigInteger class, in the reduction step of the Montgomery-based Pow methods, that could lead to a buffer overflow. Versions less than 1.2.5.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3023 | | Related CVE(s): | CVE-2007-5197 | | Last Modified: | Nov 7 19:16:55 2007 |
| MD5 Checksum: | f7ebfe1aac97f36a4602daa6132aa460 |
|
| /// File Name: |
glsa-200711-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-11 - fabiodds reported a boundary checking error in the check_snmp plugin when processing SNMP GET replies that could lead to a stack-based buffer overflow. Nobuhiro Ban reported a boundary checking error in the redir() function of the check_http plugin when processing HTTP Location: header information which might lead to a buffer overflow. Versions less than 1.4.10-r1 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3536 | | Related CVE(s): | CVE-2007-5198, CVE-2007-5623 | | Last Modified: | Nov 8 18:33:35 2007 |
| MD5 Checksum: | 59425702583a03eb898842fae835be14 |
|
| /// File Name: |
glsa-200711-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-12 - Jan Oravec reported that the /usr/bin/tomboy script sets the LD_LIBRARY_PATH environment variable incorrectly, which might result in the current working directory (.) to be included when searching for dynamically linked libraries of the Mono Runtime application. Versions less than 0.8.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3045 | | Related CVE(s): | CVE-2005-4790 | | Last Modified: | Nov 8 18:33:42 2007 |
| MD5 Checksum: | 5960f033e452769b32ce449af3d5d7d3 |
|
| /// File Name: |
glsa-200711-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-13 - 3proxy contains a double free vulnerability in the ftpprchild() function, which frees param->hostname and calls the parsehostname() function, which in turn attempts to free param->hostname again. Versions less than 0.5.3j are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2951 | | Related CVE(s): | CVE-2007-5622 | | Last Modified: | Nov 8 18:35:01 2007 |
| MD5 Checksum: | 4c693bb5c066662ed6e09a37b427b986 |
|
| /// File Name: |
glsa-200711-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-14 - Multiple vulnerabilities have been reported in Mozilla Firefox and SeaMonkey. Various errors in the browser engine and the Javascript engine can be exploited to cause a memory corruption. Before being used in a request, input passed to the user ID when making an HTTP request with digest authentication is not properly sanitized. The titlebar can be hidden by a XUL markup language document. Additionally, an error exists in the handling of smb: and sftp: URI schemes on systems with gnome-vfs support. An unspecified error in the handling of XPCNativeWrappers and not properly implementing JavaScript onUnload() handlers may allow the execution of arbitrary Javascript code. Another error is triggered by using the addMicrosummaryGenerator sidebar method to access file: URIs. Versions less than 2.0.0.9 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 5565 | | Related CVE(s): | CVE-2007-1095, CVE-2007-2292, CVE-2007-5334, CVE-2007-5335, CVE-2007-5337, CVE-2007-5338, CVE-2007-5339, CVE-2007-5340 | | Last Modified: | Nov 12 23:35:47 2007 |
| MD5 Checksum: | fa96dd3103e47ec1c52a35f012f0fd03 |
|
| /// File Name: |
glsa-200711-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-15 - Sean de Regge reported multiple integer overflows when processing FLAC media files that could lead to improper memory allocations resulting in heap-based buffer overflows. Versions less than 1.2.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3177 | | Related CVE(s): | CVE-2007-4619 | | Last Modified: | Nov 12 23:36:24 2007 |
| MD5 Checksum: | e8a6b3c13ae6bdef5e815020ef25e348 |
|
| /// File Name: |
glsa-200711-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-16 - Alin Rad Pop (Secunia Research) discovered an off-by-one error in the ippReadIO() function when handling Internet Printing Protocol (IPP) tags that might allow to overwrite one byte on the stack. Versions less than 1.2.12-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3287 | | Related CVE(s): | CVE-2007-4351 | | Last Modified: | Nov 12 23:36:46 2007 |
| MD5 Checksum: | b80fe36cdf462f5ee677cccb59c25326 |
|
| /// File Name: |
glsa-200711-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-17 - candlerb found that ActiveResource, when processing responses using the Hash.from_xml() function, does not properly sanitize filenames. The session management functionality allowed the session_id to be set in the URL. BCC discovered that the to_json() function does not properly sanitize input before returning it to the user. Versions less than 1.2.5 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3506 | | Related CVE(s): | CVE-2007-3227, CVE-2007-5379, CVE-2007-5380 | | Last Modified: | Nov 14 21:12:01 2007 |
| MD5 Checksum: | dc5f1796319d91545f0c0f7455838bc9 |
|
| /// File Name: |
glsa-200711-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-18 - A buffer overflow vulnerability in the safer_name_suffix() function in GNU cpio has been discovered. Versions less than 2.9-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2823 | | Related CVE(s): | CVE-2007-4476 | | Last Modified: | Nov 14 21:12:08 2007 |
| MD5 Checksum: | 8f79f9df7168b3a8e16794ea3234dbbd |
|
| /// File Name: |
glsa-200711-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-19 - Stefan Esser reported that a previous vulnerability was not properly fixed in TikiWiki 1.9.8.1. The TikiWiki development team also added several checks to avoid file inclusion. Versions less than 1.9.8.3 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3088 | | Related CVE(s): | CVE-2007-5423, CVE-2007-5682 | | Last Modified: | Nov 14 21:13:11 2007 |
| MD5 Checksum: | 756e25fd4face3714ba508cfca928d4a |
|
| /// File Name: |
glsa-200711-20-04.txt |
Description:
|
Gentoo Linux Security Advisory [ERRATA UPDATE] GLSA 200711-20:04 - Roland Clobus discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones. Bas Wijnen discovered an error when closing connections which can lead to a failed assertion. Versions less than 0.11.3-r1 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3003 | | Related CVE(s): | CVE-2007-5933, CVE-2007-6010 | | Last Modified: | Nov 30 00:38:19 2007 |
| MD5 Checksum: | 2f449d948a4a3611043470e9b3383b10 |
|
| /// File Name: |
glsa-200711-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-20 - Bas Wijnen discovered that the Pioneers server may free sessions objects while they are still in use, resulting in access to invalid memory zones. Versions less than 0.11.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2797 | | Related CVE(s): | CVE-2007-5933 | | Last Modified: | Nov 14 21:13:20 2007 |
| MD5 Checksum: | 5da6825de9348088c32d2d8d06d10924 |
|
| /// File Name: |
glsa-200711-21.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-21 - Tavis Ormandy of the Google Security Team discovered a heap-based overflow vulnerability in the NE2000 driver. He also discovered a divide-by-zero error in the emulated floppy disk controller. Versions less than 2.3 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2997 | | Related CVE(s): | CVE-2007-2893, CVE-2007-2894 | | Last Modified: | Nov 26 16:10:43 2007 |
| MD5 Checksum: | 701b06a54668212a4a8bfe55c424261c |
|
| /// File Name: |
glsa-200711-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-22 - Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the Stream.cc file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows. He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption. Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Versions less than 0.6.1-r1 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 5073 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 26 16:42:57 2007 |
| MD5 Checksum: | cf524b80ddac93d7e85c3902d5b2422a |
|
| /// File Name: |
glsa-200711-23.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200711-23 - Multiple vulnerabilities have been discovered in several VMware products. Neel Mehta and Ryan Smith (IBM ISS X-Force) discovered that the DHCP server contains an integer overflow vulnerability, an integer underflow vulnerability and another error when handling malformed packets, leading to stack-based buffer overflows or stack corruption. Rafal Wojtczvk (McAfee) discovered two unspecified errors that allow authenticated users with administrative or login privileges on a guest operating system to corrupt memory or cause a Denial of Service. Another unspecified vulnerability related to untrusted virtual machine images was discovered. Versions less than 6.0.1.55017 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 6028 | | Related CVE(s): | CVE-2004-0813, CVE-2006-3619, CVE-2006-4146, CVE-2006-4600, CVE-2007-0061, CVE-2007-0062, CVE-2007-0063, CVE-2007-1716, CVE-2007-4496, CVE-2007-4497, CVE-2007-5617 | | Last Modified: | Nov 26 16:44:54 2007 |
| MD5 Checksum: | a15a426e0b804db611464609d58fe90d |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
