Section: .. / 0711-advisories /
| /// File Name: |
SUSE-SA-2007-060.txt |
Description:
|
SUSE Security Announcement - Secunia Research reported three security bugs in xpdf. The first problem occurs while indexing an array in DCTStream:: readProgressiveDataUnit(). Another method in the same class named reset() is vulnerable to an integer overflow which leads to an overflow on the heap. The last bug also causes an overflow on the heap but this time in method lookChar() of class CCITTFaxStream.
| | Homepage: | http://www.suse.com | | File Size: | 59756 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 14 21:05:21 2007 |
| MD5 Checksum: | ff6840ca89a9d121a0be10b428b0703d |
|
| /// File Name: |
USN-549-1.txt |
Description:
|
Ubuntu Security Notice 549-1 - Various integer overflows, arbitrary code execution, and denial of service vulnerabilities have been fixed in PHP 5.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 54920 | | Related CVE(s): | CVE-2007-1285, CVE-2007-2872, CVE-2007-3799, CVE-2007-3998, CVE-2007-4657, CVE-2007-4658, CVE-2007-4660, CVE-2007-4661, CVE-2007-4662, CVE-2007-4670, CVE-2007-5898, CVE-2007-5899 | | Last Modified: | Nov 30 01:57:43 2007 |
| MD5 Checksum: | 480e0abf31a634a029d87570b870ea34 |
|
| /// File Name: |
qt_pdat_heapbof.pdf |
Description:
|
QuickTime is prone to a heap overflow vulnerability when parsing malformed Panorama Sample Atoms, which are used in QuickTime Virtual Reality Movies.
| | Author: | Mario Ballano Barcena | | Homepage: | http://www.48Bits.com | | File Size: | 54534 | | Last Modified: | Nov 12 21:50:42 2007 |
| MD5 Checksum: | c3be020bca030b61f2924275b9def402 |
|
| /// File Name: |
USN-542-2.txt |
Description:
|
Ubuntu Security Notice 542-2 - USN-542-1 fixed a vulnerability in poppler. This update provides the corresponding updates for KWord, part of KOffice. Secunia Research discovered several vulnerabilities in poppler. If a user were tricked into loading a specially crafted PDF file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the user's privileges in applications linked against poppler.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 47468 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 16 02:48:42 2007 |
| MD5 Checksum: | bac4e1bd42fa4b7ac989e879f7e27092 |
|
| /// File Name: |
dsa-1409-2.txt |
Description:
|
Debian Security Advisory 1409-2 - The previous security update for samba introduced regressions in the handling of the depreciated filesystem smbfs. This update fixes the regression(s) whilst still fixing the security problems. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 45730 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 26 22:34:18 2007 |
| MD5 Checksum: | c61953cd66f9d45ae2767f3433a17404 |
|
| /// File Name: |
sa27658.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for koffice. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27658/ | | File Size: | 45613 | | Last Modified: | Nov 20 11:17:55 2007 |
| MD5 Checksum: | 0cb4f49f8fa05b4d4ae6a28d78a9ae31 |
|
| /// File Name: |
sa27634.txt |
Description:
|
Secunia Security Advisory - SUSE has issued updates for xpdf, kdegraphics3-pdf, koffice, libextractor, poppler, gpdf, cups, pdf, and pdftohtml. These fix some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27634/ | | File Size: | 45373 | | Last Modified: | Nov 16 02:06:08 2007 |
| MD5 Checksum: | 46f9726f0dfaff686737fb79224fa25f |
|
| /// File Name: |
dsa-1409-3.txt |
Description:
|
Debian Security Advisory 1409-3 - This update fixes all currently known regressions introduced with the previous two revisions of DSA-1409. Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 43013 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 30 01:05:04 2007 |
| MD5 Checksum: | 35eb85ee31049d6fb7c6321f9ecc5f02 |
|
| /// File Name: |
dsa-1409-1.txt |
Description:
|
Debian Security Advisory 1409-1 - Several local/remote vulnerabilities have been discovered in samba, a LanManager-like file and printer server for Unix. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges. Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 41075 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 26 21:03:02 2007 |
| MD5 Checksum: | 01a6d1c5ccb32c0ac079aa4a9191785c |
|
| /// File Name: |
sa27787.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27787/ | | File Size: | 38641 | | Last Modified: | Nov 26 11:56:43 2007 |
| MD5 Checksum: | 1462889ddb171ec252568059db284247 |
|
| /// File Name: |
dsa-1408-1.txt |
Description:
|
Debian Security Advisory 1408-1 - Alin Rad Pop discovered a buffer overflow in kpdf, which could allow the execution of arbitrary code if a malformed PDF file is displayed.
| | Homepage: | http://www.debian.org/security | | File Size: | 37672 | | Related CVE(s): | CVE-2007-5393 | | Last Modified: | Nov 26 18:01:25 2007 |
| MD5 Checksum: | d3bd82722c3c37c0e3e39ebceeb95f80 |
|
| /// File Name: |
dsa-1410-1.txt |
Description:
|
Debian Security Advisory 1410-1 - Several vulnerabilities have been discovered in Ruby, an object-oriented scripting language. It was discovered that the Ruby HTTP(S) module performs insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks. It was discovered that the Ruby modules for FTP, Telnet, IMAP, POP and SMTP perform insufficient validation of SSL certificates, which may lead to man-in-the-middle attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 36378 | | Related CVE(s): | CVE-2007-5162, CVE-2007-5770 | | Last Modified: | Nov 26 22:03:30 2007 |
| MD5 Checksum: | 60a89e291c4c26e67721240a8b989b61 |
|
| /// File Name: |
sa27772.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for kdegraphics. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27772/ | | File Size: | 36006 | | Last Modified: | Nov 26 11:56:43 2007 |
| MD5 Checksum: | 041caeb1e4913b3584a5750128f7ec50 |
|
| /// File Name: |
sa27764.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for ruby1.8. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks.
| | Homepage: | http://secunia.com/advisories/27764/ | | File Size: | 34093 | | Last Modified: | Nov 26 21:10:48 2007 |
| MD5 Checksum: | c85b27e7a7f2255c7ee87956bd390e24 |
|
| /// File Name: |
USN-544-2.txt |
Description:
|
Ubuntu Security Notice 544-2 - USN-544-1 fixed two vulnerabilities in Samba. Fixes for CVE-2007-5398 are unchanged, but the upstream changes for CVE-2007-4572 introduced a regression in all releases which caused Linux smbfs mounts to fail. Additionally, Dapper and Edgy included an incomplete patch which caused configurations using NetBIOS to fail. A proper fix for these regressions does not exist at this time, and so the patch addressing CVE-2007-4572 has been removed. This vulnerability is believed to be an unexploitable denial of service, but a future update will address this issue. We apologize for the inconvenience.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 32338 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 26 15:57:07 2007 |
| MD5 Checksum: | 72259e6752df012d7870529f5775034a |
|
| /// File Name: |
USN-544-1.txt |
Description:
|
Ubuntu Security Notice 544-1 - Samba developers discovered that nmbd could be made to overrun a buffer during the processing of GETDC logon server requests. When samba is configured as a Primary or Backup Domain Controller, a remote attacker could send malicious logon requests and possibly cause a denial of service. Alin Rad Pop of Secunia Research discovered that nmbd did not properly check the length of netbios packets. When samba is configured as a WINS server, a remote attacker could send multiple crafted requests resulting in the execution of arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 31890 | | Related CVE(s): | CVE-2007-5398, CVE-2007-4572 | | Last Modified: | Nov 16 02:51:57 2007 |
| MD5 Checksum: | 16bd422ddf2c0a218797ed724276624b |
|
| /// File Name: |
sa27679.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for samba. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27679/ | | File Size: | 30567 | | Last Modified: | Nov 20 11:17:55 2007 |
| MD5 Checksum: | 59b613fe7f34ee6efd49c3b469dc2885 |
|
| /// File Name: |
USN-546-1.txt |
Description:
|
Ubuntu Security Notice 546-1 - It was discovered that Firefox incorrectly associated redirected sites as the origin of "jar:" contents. A malicious web site could exploit this to modify or steal confidential data (such as passwords) from other web sites. Various flaws were discovered in the layout and JavaScript engines. By tricking a user into opening a malicious web page, an attacker could execute arbitrary code with the user's privileges. Gregory Fleischer discovered that it was possible to use JavaScript to manipulate Firefox's Referer header. A malicious web site could exploit this to conduct cross-site request forgeries against sites that relied only on Referer headers for protection from such attacks.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 29356 | | Related CVE(s): | CVE-2007-5947, CVE-2007-5959, CVE-2007-5960 | | Last Modified: | Nov 26 22:59:34 2007 |
| MD5 Checksum: | 10d2c398e4ffa3201d0f41270a7d2f8a |
|
| /// File Name: |
sa27796.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks and potentially to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27796/ | | File Size: | 28213 | | Last Modified: | Nov 27 21:51:05 2007 |
| MD5 Checksum: | 7864c4c08ad21201c7fedf142c1331c7 |
|
| /// File Name: |
sa27624.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for multiple KDE packages. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27624/ | | File Size: | 28197 | | Last Modified: | Nov 14 21:10:34 2007 |
| MD5 Checksum: | 7e96a7465ce5deded31ed2d5eb67eecb |
|
| /// File Name: |
MDKSA-2007-221.txt |
Description:
|
Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in kpdf. An attacker could create a malicious PDF file that would cause kpdf to crash or potentially execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 27708 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 16 03:01:45 2007 |
| MD5 Checksum: | 653876dc602521aaabe631ca6bf660a3 |
|
| /// File Name: |
sa27823.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mysql-dfsg, mysql-dfsg-5.0, and mysql-dfsg-4.1. This fixes some security issues and vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, gain escalated privileges, or cause a DoS (Denial of Service), and by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/27823/ | | File Size: | 27477 | | Last Modified: | Nov 27 21:51:05 2007 |
| MD5 Checksum: | c94947bdccb13edc455c5e8c86eeae20 |
|
| /// File Name: |
USN-540-1.txt |
Description:
|
Ubuntu Security Notice 540-1 - Sean de Regge discovered that flac did not properly perform bounds checking in many situations. An attacker could send a specially crafted FLAC audio file and execute arbitrary code as the user or cause a denial of service in flac or applications that link against flac.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 25995 | | Related CVE(s): | CVE-2007-4619 | | Last Modified: | Nov 14 00:27:56 2007 |
| MD5 Checksum: | ea879a662e58a1fdb8ade00919919880 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
