Section: .. / 0703-advisories /
| /// File Name: |
USN-430-1.txt |
Description:
|
Ubuntu Security Notice 430-1 - Miles Egan discovered that mod_python, when used in output filter mode, did not handle output larger than 16384 bytes, and would display freed memory, possibly disclosing private data. Thanks to Jim Garrison of the Software Freedom Law Center for identifying the original bug as a security vulnerability.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5699 | | Related CVE(s): | CVE-2004-2680 | | Last Modified: | Mar 9 01:24:40 2007 |
| MD5 Checksum: | cf8966bd1da80323253d39eaaa117faa |
|
| /// File Name: |
sa24597.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for inkscape. This fixes a vulnerability, which potentially can be exploited to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24597/ | | File Size: | 5613 | | Last Modified: | Mar 22 19:34:38 2007 |
| MD5 Checksum: | c1bec4510ed1ef3e7bc901a13c440693 |
|
| /// File Name: |
sa24423.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for tcpdump. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24423/ | | File Size: | 5579 | | Last Modified: | Mar 8 01:54:52 2007 |
| MD5 Checksum: | 0227b054c6abdf2d5be681968d00562a |
|
| /// File Name: |
glsa-200703-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-04 - Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects Mozilla Firefox 2 only. Various researchers reported some errors in the JavaScript engine potentially leading to memory corruption. Mozilla Firefox also contains minor vulnerabilities involving cache collision and unsafe pop-up restrictions, filtering or CSS rendering under certain conditions. Versions less than 2.0.0.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5477 | | Related CVE(s): | CVE-2006-6077, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0801, CVE-2007-0981, CVE-2007-0995 | | Last Modified: | Mar 6 07:26:26 2007 |
| MD5 Checksum: | 6331191602764866f36202dbe22f78c0 |
|
| /// File Name: |
dsa-1266-1.txt |
Description:
|
Debian Security Advisory 1266-1 - Gerardo Richarte discovered that GnuPG, a free PGP replacement, provides insufficient user feedback if an OpenPGP message contains both unsigned and signed portions. Inserting text segments into an otherwise signed message could be exploited to forge the content of signed messages. This update prevents such attacks; the old behaviour can still be activated by passing the --allow-multiple-messages option.
| | Homepage: | http://www.debian.org/security | | File Size: | 5374 | | Related CVE(s): | CVE-2007-1263 | | Last Modified: | Mar 14 03:57:28 2007 |
| MD5 Checksum: | 8b2c522c226b2b6ee8864850a13d2b8f |
|
| /// File Name: |
glsa-200703-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-08 - Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects SeaMonkey. Various researchers reported some errors in the JavaScript engine potentially leading to memory corruption. SeaMonkey also contains minor vulnerabilities involving cache collision and unsafe pop-up restrictions, filtering or CSS rendering under certain conditions. All those vulnerabilities are the same as in GLSA 200703-04 affecting Mozilla Firefox. Versions less than 1.1.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5292 | | Related CVE(s): | CVE-2006-6077, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0801, CVE-2007-0981, CVE-2007-0995 | | Last Modified: | Mar 14 01:19:53 2007 |
| MD5 Checksum: | 814cb617645155ad1b304d6d41d15070 |
|
| /// File Name: |
sa24450.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Trend Micro products, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24450/ | | File Size: | 5201 | | Last Modified: | Mar 17 03:22:27 2007 |
| MD5 Checksum: | 61b3f3a7f8a2cb46c9b9109404fe2ac2 |
|
| /// File Name: |
dsa-1262-1.txt |
Description:
|
Debian Security Advisory 1262-1 - "Mu Security" discovered that a format string vulnerability in the VoIP solution GnomeMeeting allows the execution of arbitrary code
| | Homepage: | http://www.debian.org/security | | File Size: | 5117 | | Related CVE(s): | CVE-2007-1007 | | Last Modified: | Mar 8 23:45:32 2007 |
| MD5 Checksum: | ec080c4ef8b1ab53843558ca88d1b983 |
|
| /// File Name: |
MDKSA-2007-072.txt |
Description:
|
Mandriva Linux Security Advisory - The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in a FTP PASV command.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5071 | | Related CVE(s): | CVE-2007-1564 | | Last Modified: | Apr 2 23:32:36 2007 |
| MD5 Checksum: | e80664e938b846e1b7aa9f3fb3ee6d61 |
|
| /// File Name: |
USN-434-1.txt |
Description:
|
Ubuntu Security Notice 434-1 - It was discovered that Ekiga had format string vulnerabilities beyond those fixed in USN-426-1. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5058 | | Related CVE(s): | CVE-2007-0999 | | Last Modified: | Mar 13 23:21:35 2007 |
| MD5 Checksum: | 080d2cb4a73acc56818bae6fd1b6446f |
|
| /// File Name: |
conquest-overflow.txt |
Description:
|
Conquest versions 8.2a (svn 691) and below suffer from buffer overflow and memory corruption vulnerabilities.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | File Size: | 5032 | | Last Modified: | Mar 9 03:54:06 2007 |
| MD5 Checksum: | 3da5d084d52b1e3a07f772753d604e34 |
|
| /// File Name: |
USN-438-1.txt |
Description:
|
Ubuntu Security Notice 438-1 - A flaw was discovered in Inkscape's use of format strings. If a user were tricked into opening a specially crafted URI in Inkscape, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4988 | | Related CVE(s): | CVE-2007-1463 | | Last Modified: | Mar 21 04:15:47 2007 |
| MD5 Checksum: | 79a11892b12c63d3461ac7a995594950 |
|
| /// File Name: |
dsa-1272-1.txt |
Description:
|
Debian Security Advisory 1272-1 - Moritz Jodeit discovered an off-by-one buffer overflow in tcpdump, a powerful tool for network monitoring and data acquisition, which allows denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 4935 | | Related CVE(s): | CVE-2007-1218 | | Last Modified: | Mar 24 02:50:26 2007 |
| MD5 Checksum: | 967484a637f57ff0a8471d719be2af2e |
|
| /// File Name: |
USN-429-1.txt |
Description:
|
Ubuntu Security Notice 429-1 - Moritz Jodeit discovered that tcpdump had an overflow in the 802.11 packet parser. Remote attackers could send specially crafted packets, crashing tcpdump, possibly leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4931 | | Related CVE(s): | CVE-2007-1218 | | Last Modified: | Mar 9 01:23:52 2007 |
| MD5 Checksum: | 418390d32d6eefff4b70c64add466220 |
|
| /// File Name: |
sa24379.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gnomemeeting and ekiga. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/24379/ | | File Size: | 4896 | | Last Modified: | Mar 6 00:12:53 2007 |
| MD5 Checksum: | a300baff8c7d36e77b6d73ef52458e23 |
|
| /// File Name: |
secunia-interactual.txt |
Description:
|
Secunia Research has discovered a vulnerability in InterActual Player and CinePlayer, which can be exploited by malicious people to compromise a user's system. Affected software include InterActual Player 2.60.12.0717 and CinePlayer 3.2.Other versions may also be affected.
| | Author: | Carsten Eiram | | Homepage: | http://secunia.com/ | | File Size: | 4786 | | Related CVE(s): | CVE-2007-0348 | | Last Modified: | Mar 22 02:37:34 2007 |
| MD5 Checksum: | 41fce4c67b06f5e16221aa2c30b2dd91 |
|
| /// File Name: |
sa24499.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/24499/ | | File Size: | 4753 | | Last Modified: | Mar 17 03:22:27 2007 |
| MD5 Checksum: | d89babe2c83e4d1b07a5241c63450f9c |
|
| /// File Name: |
sa24511.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gnupg. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions when applications use GnuPG in an insecure manner.
| | Homepage: | http://secunia.com/advisories/24511/ | | File Size: | 4687 | | Last Modified: | Mar 17 03:22:27 2007 |
| MD5 Checksum: | 3a1894b3e288f9ec56194d93d504c86a |
|
| /// File Name: |
TA07-072A.txt |
Description:
|
Technical Cyber Security Alert TA07-072A - Apple has released Security Update 2007-003 to correct multiple vulnerabilities affecting Apple Mac OS X and Mac OS X Server. The most serious of these vulnerabilities may allow a remote attacker to execute arbitrary code. Attackers may take advantage of the less serious vulnerabilities to bypass security restrictions or cause a denial of service.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4644 | | Last Modified: | Mar 20 03:57:08 2007 |
| MD5 Checksum: | 5818caa857489bc6d013b81030b14eeb |
|
| /// File Name: |
secunia-xmms.txt |
Description:
|
Secunia Research has discovered two vulnerabilities in XMMS, which can be exploited by malicious people to compromise a user's system. Version 1.2.10 for Linux is affected. Other versions may also be affected.
| | Author: | Sven Krewitt | | Homepage: | http://secunia.com/ | | File Size: | 4578 | | Related CVE(s): | CVE-2007-0653, CVE-2007-0654 | | Last Modified: | Mar 22 02:45:07 2007 |
| MD5 Checksum: | b2798eb352e52bac1f567653e0e2c1dc |
|
| /// File Name: |
MDKSA-2007-068.txt |
Description:
|
Mandriva Linux Security Advisory - Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4567 | | Related CVE(s): | CVE-2007-1560 | | Last Modified: | Mar 24 02:26:05 2007 |
| MD5 Checksum: | 2c0f39f2da4abe6a9be9a9c530b026b8 |
|
| /// File Name: |
sa24583.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for tcpdump. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/24583/ | | File Size: | 4556 | | Last Modified: | Mar 20 03:46:32 2007 |
| MD5 Checksum: | 3c4d56712467451125efc6b6bb07e20a |
|
| /// File Name: |
TA07-065A.txt |
Description:
|
Technical Cyber Security Alert TA07-065A - Apple QuickTime contains multiple vulnerabilities. Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 4523 | | Last Modified: | Mar 9 01:22:35 2007 |
| MD5 Checksum: | f8320697666b1b2ebc497fa01dfeb98c |
|
| /// File Name: |
MDKSA-2007-059.txt |
Description:
|
Mandriva Linux Security Advisory - GnuPG prior to 1.4.7 and GPGME prior to 1.1.4, when run from the command line, did not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components. This could allow a remote attacker to forge the contents of an email message without detection.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4516 | | Related CVE(s): | CVE-2007-1263 | | Last Modified: | Mar 13 23:22:54 2007 |
| MD5 Checksum: | 29fac82d9f9fa0eb344ffaba8fac4c09 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
