Section: .. / 0805-advisories /
| /// File Name: |
USN-609-1.txt |
Description:
|
Ubuntu Security Notice 609-1 - It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of Quattro Pro, EMF, and OLE files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 62628 | | Related CVE(s): | CVE-2007-4575, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320 | | Last Modified: | May 7 13:36:08 2008 |
| MD5 Checksum: | a3deee4ad320e4a22639ce04c53c56e9 |
|
| /// File Name: |
sa30100.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30100/ | | File Size: | 58436 | | Last Modified: | May 7 20:31:38 2008 |
| MD5 Checksum: | fdb3d090247e10ea38ab7ba9829ccf28 |
|
| /// File Name: |
dsa-1572-1.txt |
Description:
|
Debian Security Advisory 1572-1 - Several vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language. The glob function allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter. Integer overflow allows context-dependent attackers to cause a denial of service and possibly have other impact via a printf format parameter with a large width specifier. Stack-based buffer overflow in the FastCGI SAPI. The escapeshellcmd API function could be attacked via incomplete multibyte chars.
| | Homepage: | http://www.debian.org/security | | File Size: | 40512 | | Related CVE(s): | CVE-2007-3806, CVE-2008-1384, CVE-2008-2050, CVE-2008-2051 | | Last Modified: | May 12 10:39:51 2008 |
| MD5 Checksum: | 65c9c530978f313191386160ca68b3a9 |
|
| /// File Name: |
sa30158.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for php5. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, malicious users to bypass certain security restrictions, and malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30158/ | | File Size: | 37324 | | Last Modified: | May 13 11:01:47 2008 |
| MD5 Checksum: | 06918163035e7adeb93187c96a7492fe |
|
| /// File Name: |
dsa-1565-1.txt |
Description:
|
Debian Security Advisory 1565-1 - Several local vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Cyrill Gorcunov reported a NULL pointer dereference in code specific to the CHRP PowerPC platforms. Local users could exploit this issue to achieve a Denial of Service (DoS). Nick Piggin of SuSE discovered a number of issues in subsystems which register a fault handler for memory mapped areas. This issue can be exploited by local users to achieve a Denial of Service (DoS) and possibly execute arbitrary code. David Peer discovered that users could escape administrator imposed cpu time limitations (RLIMIT_CPU) by setting a limit of 0. Alexander Viro discovered a race condition in the directory notification subsystem that allows local users to cause a Denial of Service (oops) and possibly result in an escalation of privileges.
| | Homepage: | http://www.debian.org/security | | File Size: | 37278 | | Related CVE(s): | CVE-2007-6694, CVE-2008-0007, CVE-2008-1294, CVE-2008-1375 | | Last Modified: | May 1 18:34:19 2008 |
| MD5 Checksum: | ae6543607f059d419bb854fa3f84d205 |
|
| /// File Name: |
dsa-1575-1.txt |
Description:
|
Debian Security Advisory 1575-1 - A vulnerability has been discovered in the Linux kernel that may lead to a denial of service. Alexander Viro discovered a race condition in the fcntl code that may permit local users on multi-processor systems to execute parallel code paths that are otherwise prohibited and gain re-ordered access to the descriptor table.
| | Homepage: | http://www.debian.org/security | | File Size: | 36131 | | Related CVE(s): | CVE-2008-1669 | | Last Modified: | May 13 11:04:01 2008 |
| MD5 Checksum: | a095807a32a3fc4ee13e1e39f557b145 |
|
| /// File Name: |
sa30018.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for the kernel. This fixes some vulnerabilities and security issues, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), or to potentially gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/30018/ | | File Size: | 34675 | | Last Modified: | May 7 20:31:38 2008 |
| MD5 Checksum: | 678ba979fe0c07712335b6f6cd6d9399 |
|
| /// File Name: |
sa30164.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/30164/ | | File Size: | 33780 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 0b3bb329832ac3cc912bea4c8c5a4b2f |
|
| /// File Name: |
USN-607-1.txt |
Description:
|
Ubuntu Security Notice 607-1 - It was discovered that Emacs did not account for precision when formatting integers. If a user were tricked into opening a specially crafted file, an attacker could cause a denial of service or possibly other unspecified actions. This issue does not affect Ubuntu 8.04. Steve Grubb discovered that the vcdiff script as included in Emacs created temporary files in an insecure way when used with SCCS. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23245 | | Related CVE(s): | CVE-2008-1694, CVE-2007-6109 | | Last Modified: | May 6 19:10:40 2008 |
| MD5 Checksum: | a268f077c248e418988b3225432e51aa |
|
| /// File Name: |
sa30109.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for emacs. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/30109/ | | File Size: | 21899 | | Last Modified: | May 7 20:31:38 2008 |
| MD5 Checksum: | c50cf55e4fbe2abf2de2b8d6a656a706 |
|
| /// File Name: |
USN-612-2.txt |
Description:
|
Ubuntu Security Notice 612-2 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 19137 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 11:11:26 2008 |
| MD5 Checksum: | 08b7a276f7d12fdf3ce857fbdc45404e |
|
| /// File Name: |
USN-605-1.txt |
Description:
|
Ubuntu Security Notice 605-1 - Various flaws were discovered in the JavaScript engine. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker could escalate privileges within Thunderbird, perform cross-site scripting attacks and/or execute arbitrary code with the user's privileges. Several problems were discovered in Thunderbird which could lead to crashes and memory corruption. If a user had JavaScript enabled and were tricked into opening a malicious email, an attacker may be able to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 18180 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237 | | Last Modified: | May 6 19:12:13 2008 |
| MD5 Checksum: | 0b243038ac4bfd44eec2a7fae256dc22 |
|
| /// File Name: |
USN-606-1.txt |
Description:
|
Ubuntu Security Notice 606-1 - Thomas Pollet discovered that CUPS did not properly validate the size of PNG images. A local attacker, and a remote attacker if printer sharing is enabled, could send a crafted file and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 18105 | | Related CVE(s): | CVE-2008-1722 | | Last Modified: | May 5 14:00:06 2008 |
| MD5 Checksum: | 7d5d5bc230258dce039aa660f76063ad |
|
| /// File Name: |
sa30078.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for cups. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/30078/ | | File Size: | 17530 | | Last Modified: | May 6 18:57:38 2008 |
| MD5 Checksum: | e62a764ed001c572b3e5df4c293c08ab |
|
| /// File Name: |
sa30105.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30105/ | | File Size: | 17513 | | Last Modified: | May 7 20:31:38 2008 |
| MD5 Checksum: | d2d0972862e6d73880ad922200276c3f |
|
| /// File Name: |
CORE-2008-0129.txt |
Description:
|
Core Security Technologies Advisory - A vulnerability was found in Wonderware SuiteLink Service ('slssvc.exe') that could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet. Exploitation of the vulnerability for remote code execution has not been proven, but it has not been eliminated as a potential scenario.
| | Author: | Sebastian Muniz | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 17419 | | Related CVE(s): | CVE-2008-2005 | | Last Modified: | May 6 16:21:55 2008 |
| MD5 Checksum: | cbba5446dc9d1e16b74a4f9c8d3500c9 |
|
| /// File Name: |
cisco-sa-20080514-csm.txt |
Description:
|
Cisco Security Advisory - The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.
| | Homepage: | http://www.cisco.com/ | | File Size: | 17388 | | Related CVE(s): | CVE-2008-1749 | | Last Modified: | May 15 04:25:13 2008 |
| MD5 Checksum: | 0a7dfcd9f771e114ed6eafdd02388931 |
|
| /// File Name: |
dsa-1574-1.txt |
Description:
|
Debian Security Advisory 1574-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. "moz_bug_r_a4" discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered that incorrect principal handling can lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. "georgi", "tgirmann" and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 16567 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237 | | Last Modified: | May 12 15:57:20 2008 |
| MD5 Checksum: | 88c086a46a80505846192144f8ae384e |
|
| /// File Name: |
USN-612-5.txt |
Description:
|
Ubuntu Security Notice 612-5 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16139 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:46:36 2008 |
| MD5 Checksum: | 12c2407158560e7b8cd3525552c71aec |
|
| /// File Name: |
USN-612-1.txt |
Description:
|
Ubuntu Security Notice 612-1 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15288 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 11:01:40 2008 |
| MD5 Checksum: | 4798966590d2c04dbeae52eda8904882 |
|
| /// File Name: |
USN-611-3.txt |
Description:
|
Ubuntu Security Notice 611-3 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15260 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 9 13:31:28 2008 |
| MD5 Checksum: | 26dd30b7333f05b291b099650b8a9e89 |
|
| /// File Name: |
dsa-1576-1.txt |
Description:
|
Debian Security Advisory 1576-1 - The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied.
| | Homepage: | http://www.debian.org/security | | File Size: | 15197 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:50:46 2008 |
| MD5 Checksum: | a79fd4e6e656f73f69d8c73cf16f3723 |
|
| /// File Name: |
sa30239.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openssh. This fixes a security issue, which can lead to weak cryptographic key material.
| | Homepage: | http://secunia.com/advisories/30239/ | | File Size: | 15102 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 9fa7cd5070cac2fafc2f6f1ca54178b2 |
|
| /// File Name: |
sa30016.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for icedove. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30016/ | | File Size: | 14985 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | a542c3f6ccf8d80c9d587940c8c55705 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
