Section: .. / 0803-advisories /
| /// File Name: |
dsa-1493-2.txt |
Description:
|
Debian Security Advisory 1493-2 - An oversight led to the version number of the Debian 4.0 Etch update for advisory DSA 1493-1 being lower than the version in the main archive, making it uninstallable. This update corrects the version number. Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2.
| | Homepage: | http://www.debian.org/security | | File Size: | 12889 | | Related CVE(s): | CVE-2007-6697, CVE-2008-0554 | | Last Modified: | Mar 17 14:48:20 2008 |
| MD5 Checksum: | 551c44af8fe4179badea1fe6e5782ea7 |
|
| /// File Name: |
USN-593-1.txt |
Description:
|
Ubuntu Security Notice 593-1 - It was discovered that the default configuration of dovecot could allow access to any email files with group "mail" without verifying that a user had valid rights. An attacker able to create symlinks in their mail directory could exploit this to read or delete another user's email. By default, dovecot passed special characters to the underlying authentication systems. While Ubuntu releases of dovecot are not known to be vulnerable, the authentication routine was proactively improved to avoid potential future problems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12819 | | Related CVE(s): | CVE-2008-1199, CVE-2008-1218 | | Last Modified: | Mar 26 18:00:16 2008 |
| MD5 Checksum: | 4a2fd40b872bf6b94fc599b98e0f26b3 |
|
| /// File Name: |
MDVSA-2008-066.txt |
Description:
|
Mandriva Linux Security Advisory - Jurgen Weigert found a directory traversal vulnerability in fastjar versions prior to 0.93. This vulnerability allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filename with ../ sequences.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 12532 | | Related CVE(s): | CVE-2006-3619 | | Last Modified: | Mar 13 16:42:16 2008 |
| MD5 Checksum: | d44b1a87f91fbceb277c852597cd642c |
|
| /// File Name: |
USN-584-1.txt |
Description:
|
Ubuntu Security Notice 584-1 - Jonathan Clarke discovered that the OpenLDAP slapd server did not properly handle modify requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modify permissions could send a crafted modify request and cause a denial of service via application crash. Ubuntu 7.10 is not affected by this issue. Ralf Haferkamp discovered that the OpenLDAP slapd server did not properly handle modrdn requests when using the Berkeley DB backend and the NOOP control was used. An authenticated user with modrdn permissions could send a crafted modrdn request and possibly cause a denial of service via application crash.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 12117 | | Related CVE(s): | CVE-2007-6698, CVE-2007-6698 | | Last Modified: | Mar 12 14:43:37 2008 |
| MD5 Checksum: | b8bd914311af7fc9f581d6b14e854301 |
|
| /// File Name: |
sa29256.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29256/ | | File Size: | 11858 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 6a1ce0340693bec163b74705ac432135 |
|
| /// File Name: |
sa29557.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for dovecot. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29557/ | | File Size: | 11802 | | Last Modified: | Mar 27 17:28:31 2008 |
| MD5 Checksum: | 1e12f4589cf3b43e042d94d2f330c876 |
|
| /// File Name: |
AST-2008-002.txt |
Description:
|
Asterisk Project Security Advisory - Two buffer overflows exist in the RTP payload handling code of Asterisk. Both overflows can be caused by an INVITE or any other SIP packet with SDP. The request may need to be authenticated depending on configuration of the Asterisk installation.
| | Author: | Joshua Colp | | Homepage: | http://www.asterisk.org/security | | File Size: | 10835 | | Related CVE(s): | CVE-2008-1289 | | Last Modified: | Mar 18 22:34:40 2008 |
| MD5 Checksum: | 9af18bb93f79be77066637b6ba8f4e94 |
|
| /// File Name: |
sa29424.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for krb5. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29424/ | | File Size: | 10582 | | Last Modified: | Mar 20 16:39:31 2008 |
| MD5 Checksum: | 5aac28338b83d7ef6bee6e5eebb2c667 |
|
| /// File Name: |
cisco-sa-20080313-ipm.txt |
Description:
|
Cisco Security Advisory - CiscoWorks Internetwork Performance Monitor (IPM) version 2.6 for Sun Solaris and Microsoft Windows operating systems contains a vulnerability that allows remote, unauthenticated users to execute arbitrary commands. There are no workarounds for this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 10443 | | Related CVE(s): | CVE-2008-1157 | | Last Modified: | Mar 13 19:17:07 2008 |
| MD5 Checksum: | 03214c50b616aef81dc635cc4b89a345 |
|
| /// File Name: |
sa29420.txt |
Description:
|
Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
| | Homepage: | http://secunia.com/advisories/29420/ | | File Size: | 10410 | | Last Modified: | Mar 20 16:39:31 2008 |
| MD5 Checksum: | 3f1f0ac638b023c81b4f6cd966fd3e71 |
|
| /// File Name: |
USN-591-1.txt |
Description:
|
Ubuntu Security Notice 591-1 - Will Drewry discovered that libicu did not properly handle '\0' when processing regular expressions. If an application linked against libicu processed a crafted regular expression, an attacker could execute arbitrary code with privileges of the user invoking the program. Will Drewry discovered that libicu did not properly limit its backtracking stack size. If an application linked against libicu processed a crafted regular expression, an attacker could cause a denial of service via resource exhaustion.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9833 | | Related CVE(s): | CVE-2007-4770, CVE-2007-4771 | | Last Modified: | Mar 24 18:47:19 2008 |
| MD5 Checksum: | 709c3b4e0e8ffb4ab82d69a87f5b976e |
|
| /// File Name: |
sa29542.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for sdl-image. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/29542/ | | File Size: | 9810 | | Last Modified: | Mar 28 16:26:02 2008 |
| MD5 Checksum: | 851fa5d77bacf668f7e4293c82679218 |
|
| /// File Name: |
sa29294.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for libicu. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/29294/ | | File Size: | 9807 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | 6f802f1be02976217f8218ee4825e6d0 |
|
| /// File Name: |
USN-595-1.txt |
Description:
|
Ubuntu Security Notice 595-1 - Michael Skladnikiewicz discovered that SDL_image did not correctly load GIF images. If a user or automated system were tricked into processing a specially crafted GIF, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service. David Raulo discovered that SDL_image did not correctly load ILBM images. If a user or automated system were tricked into processing a specially crafted ILBM, a remote attacker could execute arbitrary code or cause a crash, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 9803 | | Related CVE(s): | CVE-2008-0544, CVE-2007-6697 | | Last Modified: | Mar 26 18:02:04 2008 |
| MD5 Checksum: | 56a5c4510b1bed524cff5c00ce259ee5 |
|
| /// File Name: |
dsa-1516-1.txt |
Description:
|
Debian Security Advisory 1516-1 - Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory by other means (for example, through an SSH login) could read mailboxes owned by other users for which they do not have direct write access. In addition, an internal interpretation conflict in password handling has been addressed pro-actively, even though it is not known to be exploitable.
| | Homepage: | http://www.debian.org/security | | File Size: | 9746 | | Related CVE(s): | CVE-2008-1199, CVE-2008-1218 | | Last Modified: | Mar 15 16:18:30 2008 |
| MD5 Checksum: | d6c71042d5fe1b86af653cd58247a574 |
|
| /// File Name: |
MDVSA-2008-058.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability was found in slapo-pcache in slapd of OpenLDAP prior to 2.3.39 when running as a proxy-caching server. It would allocate memory using a malloc variant rather than calloc, which prevented an array from being properly initialized and could possibly allow attackers to cause a denial of service. Two vulnerabilities were found in how slapd handled modify (prior to 2.3.26) and modrdn (prior to 2.3.29) requests with NOOP control on objects stored in the BDB backend. An authenticated user with permission to perform modify or modrdn operations could cause slapd to crash.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9673 | | Related CVE(s): | CVE-2007-6698, CVE-2008-0658, CVE-2007-5708 | | Last Modified: | Mar 12 14:39:09 2008 |
| MD5 Checksum: | 94308e6a1ff488b41a71b7877ec02f38 |
|
| /// File Name: |
AST-2008-003.txt |
Description:
|
Asterisk Project Security Advisory - Unauthenticated calls can be made via the SIP channel driver using an invalid From header. This acts similarly to the SIP configuration option 'allowguest=yes', in that calls with a specially crafted From header would be sent to the PBX in the context specified in the general section of sip.conf.
| | Author: | Jason Parker | | Homepage: | http://www.asterisk.org/security | | File Size: | 9431 | | Related CVE(s): | CVE-2008-1332 | | Last Modified: | Mar 18 22:36:42 2008 |
| MD5 Checksum: | 4503d7ec5e28b9a90bfa07d4c16f2dd4 |
|
| /// File Name: |
SSRT080028.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 9318 | | Last Modified: | Mar 18 21:50:59 2008 |
| MD5 Checksum: | 6482a164639b3bbd56076d6992d4fd6a |
|
| /// File Name: |
MDVSA-2008-078.txt |
Description:
|
Mandriva Linux Security Advisory - OpenSSH allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9256 | | Related CVE(s): | CVE-2008-1483 | | Last Modified: | Mar 27 02:27:42 2008 |
| MD5 Checksum: | de77ae8f4d8fdb1e6877407958c10937 |
|
| /// File Name: |
dsa-1515-1.txt |
Description:
|
Debian Security Advisory 1515-1 - Several remote vulnerabilities have been discovered in libnet-dns-perl. It was discovered that libnet-dns-perl generates very weak transaction IDs when sending queries. Compression loops in domain names resulted in an infinite loop in the domain name expander written in Perl. Decoding malformed A records could lead to a crash (via an uncaught Perl exception) of certain applications using libnet-dns-perl.
| | Homepage: | http://www.debian.org/security | | File Size: | 9075 | | Related CVE(s): | CVE-2007-3377, CVE-2007-3409, CVE-2007-6341 | | Last Modified: | Mar 13 00:49:08 2008 |
| MD5 Checksum: | 96e00d35300c28a7d23ec47818dab7e7 |
|
| /// File Name: |
sa29251.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29251/ | | File Size: | 8813 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 7014e3417c43487550941e9c4db00f1c |
|
| /// File Name: |
sa29456.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for asterisk. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29456/ | | File Size: | 8703 | | Last Modified: | Mar 21 19:24:01 2008 |
| MD5 Checksum: | b004224eccbbf4f5398abd6818f22510 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
