Section: .. / 0711-advisories /
| /// File Name: |
MDKSA-2007-222.txt |
Description:
|
Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in koffice. An attacker could create a malicious PDF file that would cause koffice to crash or potentially execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16096 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 26 16:06:26 2007 |
| MD5 Checksum: | b1b3fdc38e368c4d50af7677b8475a7f |
|
| /// File Name: |
dsa-1407-1.txt |
Description:
|
Debian Security Advisory 1407-1 - Alin Rad Pop discovered that the Common UNIX Printing System is vulnerable to an off-by-one buffer overflow in the code to process IPP packets, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 16033 | | Related CVE(s): | CVE-2007-4351 | | Last Modified: | Nov 26 16:36:09 2007 |
| MD5 Checksum: | b0d8e1d4860d5ee1f39cbf7446d0a39f |
|
| /// File Name: |
sa27538.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for pcre3. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose sensitive information, or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27538/ | | File Size: | 15213 | | Last Modified: | Nov 6 22:14:24 2007 |
| MD5 Checksum: | 449fe7a60e430e47c68b78d967d0370a |
|
| /// File Name: |
sa27712.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for cupsys. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27712/ | | File Size: | 15167 | | Last Modified: | Nov 20 11:17:55 2007 |
| MD5 Checksum: | 668eb85ea54da70be2a476c8f65a5eb5 |
|
| /// File Name: |
USN-547-1.txt |
Description:
|
Ubuntu Security Notice 547-1 - Tavis Ormandy and Will Drewry discovered multiple flaws in the regular expression handling of PCRE. By tricking a user or service into running specially crafted expressions via applications linked against libpcre3, a remote attacker could crash the application, monopolize CPU resources, or possibly execute arbitrary code with the application's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 14953 | | Related CVE(s): | CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768 | | Last Modified: | Nov 26 23:00:48 2007 |
| MD5 Checksum: | 17583c6a6e227729add8aa3816fbb5ce |
|
| /// File Name: |
MDKSA-2007-230.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in the t1lib library where an attacker could create a malicious file that would cause tetex to crash or possibly execute arbitrary code when opened. Alin Rad Pop found several flaws in how PDF files are handled in tetex. An attacker could create a malicious PDF file that would cause tetex to crash or potentially execute arbitrary code when opened. A stack-based buffer overflow in dvips in tetex allows for user-assisted attackers to execute arbitrary code via a DVI file with a long href tag. A vulnerability in dvips in tetex allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. Multiple buffer overflows in dviljk in tetext may allow users-assisted attackers to execute arbitrary code via a crafted DVI input file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 14433 | | Related CVE(s): | CVE-2007-5937, CVE-2007-4352, CVE-2007-5392, CVE-2007-5393, CVE-2007-5935, CVE-2007-5936, CVE-2007-4033 | | Last Modified: | Nov 26 17:44:04 2007 |
| MD5 Checksum: | 187635521c833ac66c89ca720f5fcc3d |
|
| /// File Name: |
sa27697.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for pcre. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose sensitive information, or potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27697/ | | File Size: | 14320 | | Last Modified: | Nov 27 21:51:05 2007 |
| MD5 Checksum: | 4474d36761896fcd7a4e6969fb3f366a |
|
| /// File Name: |
sa27732.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for apache2. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to conduct cross-site scripting attacks or to cause a DoS.
| | Homepage: | http://secunia.com/advisories/27732/ | | File Size: | 13795 | | Last Modified: | Nov 23 18:42:38 2007 |
| MD5 Checksum: | 9788b7f83809e1af11b6579520bf1abb |
|
| /// File Name: |
sa27643.txt |
Description:
|
Secunia Security Advisory - Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
| | Homepage: | http://secunia.com/advisories/27643/ | | File Size: | 12731 | | Last Modified: | Nov 16 02:06:08 2007 |
| MD5 Checksum: | b841645992a41d6b76c5a92ec8f88092 |
|
| /// File Name: |
dsa-1415-1.txt |
Description:
|
Debian Security Advisory 1415-1 - It was discovered that Tk, a cross-platform graphical toolkit for Tcl performs insufficient input validation in the code used to load GIF images, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 11197 | | Related CVE(s): | CVE-2007-5378 | | Last Modified: | Nov 27 23:03:06 2007 |
| MD5 Checksum: | 8f5ae52053dcd2fe0de03dc5bf8ba870 |
|
| /// File Name: |
EEYE-flac.txt |
Description:
|
eEye Digital Security has discovered 14 vulnerabilities in the processing of FLAC (Free-Lossless Audio Codec) files affecting various applications. Processing a malicious FLAC file within a vulnerable application could result in the execution of arbitrary code at the privileges of the application or the current user (depending on OS).
| | Author: | Greg Linares | | Homepage: | http://www.eeye.com/ | | File Size: | 11134 | | Last Modified: | Nov 16 02:38:58 2007 |
| MD5 Checksum: | 706194b7826e52d2af09ba987033b92e |
|
| /// File Name: |
MDKSA-2007-218.txt |
Description:
|
Mandriva Linux Security Advisory - IOActive Inc. found a buffer overflow in Mono.Math.BigInteger class in Mono 1.2.5.1 and previous versions, which allows arbitrary code execution by context-dependent attackers.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10853 | | Related CVE(s): | CVE-2007-5197 | | Last Modified: | Nov 14 21:06:50 2007 |
| MD5 Checksum: | b1e5330b867bb04e20e4390d03d41ec1 |
|
| /// File Name: |
sa27801.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for tk8.4. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/27801/ | | File Size: | 10742 | | Last Modified: | Nov 28 19:37:31 2007 |
| MD5 Checksum: | 8e55db29765186da6d67ec150e5fb0dd |
|
| /// File Name: |
MDKSA-2007-210.txt |
Description:
|
Mandriva Linux Security Advisory - Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow. The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap corruption.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9860 | | Related CVE(s): | CVE-2007-4568, CVE-2007-4990 | | Last Modified: | Nov 6 23:23:27 2007 |
| MD5 Checksum: | 03cfdc844269ee8302005df8fc4b54f0 |
|
| /// File Name: |
advisory-2007-11-14.txt |
Description:
|
Microsoft Windows 2003 SP2 and Microsoft Windows 2000 SP4 Server suffer from a predictable DNS transaction ID vulnerability.
| | Homepage: | http://www.scanit.be/ | | File Size: | 9628 | | Related CVE(s): | CVE-2007-3898 | | Last Modified: | Nov 14 20:57:23 2007 |
| MD5 Checksum: | 3b83bbcf9f9e2e26908f782de3e8b2c3 |
|
| /// File Name: |
sa27445.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27445/ | | File Size: | 9354 | | Last Modified: | Nov 2 12:12:25 2007 |
| MD5 Checksum: | 60b7eadabcdbddd3ef30ac27ae1c911e |
|
| /// File Name: |
MDKSA-2007-215.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in the way OpenLDAP's slapd daemon handled malformed objectClasses LDAP attributes was discovered. A local or remote attacker could create an LDAP request that could cause a denial of service by crashing slapd.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9124 | | Related CVE(s): | CVE-2007-5707 | | Last Modified: | Nov 9 12:47:28 2007 |
| MD5 Checksum: | 5d3921b9fc271172e06128bea9f59b94 |
|
| /// File Name: |
MDKSA-2007-225.txt |
Description:
|
Mandriva Linux Security Advisory - The SNMP agent in net-snmp 5.4.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a GETBULK request with a large max-repeaters value.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9096 | | Related CVE(s): | CVE-2007-5846 | | Last Modified: | Nov 26 17:18:10 2007 |
| MD5 Checksum: | aff94627279169e507cae4278624e45b |
|
| /// File Name: |
MDKSA-2007-228.txt |
Description:
|
Mandriva Linux Security Advisory - Alin Rad Pop found several flaws in how PDF files are handled in cups. An attacker could create a malicious PDF file that would cause cups to crash or potentially execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8508 | | Related CVE(s): | CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 | | Last Modified: | Nov 26 17:27:13 2007 |
| MD5 Checksum: | 3b63964426b583b7859d5d456d6c969d |
|
| /// File Name: |
SSRT071498.txt |
Description:
|
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
| | Homepage: | http://www.hp.com/ | | File Size: | 8493 | | Last Modified: | Nov 26 22:29:13 2007 |
| MD5 Checksum: | 6a9e01625b66130071659acf429cd464 |
|
| /// File Name: |
MDKSA-2007-214.txt |
Description:
|
Mandriva Linux Security Advisory - A security vulnerability was discovered in how flac processed audio data. An attacker could create a carefully crafted FLAC audio file that could cause an application linked against the flac libraries to crash or execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8457 | | Related CVE(s): | CVE-2007-4619 | | Last Modified: | Nov 8 20:30:54 2007 |
| MD5 Checksum: | 62e4d6981f1022eb559be7cfe4998e45 |
|
| /// File Name: |
MDKSA-2007-204.txt |
Description:
|
Mandriva Linux Security Advisory - Alin Rad Pop of Secunia Research discovered a vulnerability in CUPS that can be exploited by malicious individuals to execute arbitrary code. This flaw is due to a boundary error when processing IPP (Internet Printing Protocol) tags.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8420 | | Related CVE(s): | CVE-2007-4351 | | Last Modified: | Nov 1 19:29:14 2007 |
| MD5 Checksum: | 44babeda85cd8ca51254fec4e4811a3f |
|
| /// File Name: |
sa27773.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for pcre. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/27773/ | | File Size: | 8375 | | Last Modified: | Nov 26 21:10:47 2007 |
| MD5 Checksum: | b0ed00422b238246a59f85d5db7c7df4 |
|
| /// File Name: |
sa27618.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for koffice. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27618/ | | File Size: | 8284 | | Last Modified: | Nov 20 11:17:55 2007 |
| MD5 Checksum: | ac78ec785f9e8c43391210433fb69126 |
|
| /// File Name: |
dsa-1402-1.txt |
Description:
|
Debian Security Advisory 1402-1 - Steve Kemp from the Debian Security Audit project discovered that gforge, a collaborative development tool, used temporary files insecurely which could allow local users to truncate files upon the system with the privileges of the gforge user, or create a denial of service attack.
| | Homepage: | http://www.debian.org/security | | File Size: | 8173 | | Related CVE(s): | CVE-2007-3921 | | Last Modified: | Nov 7 15:30:00 2007 |
| MD5 Checksum: | 17dfaca82f3706e5ee00af94e90356b1 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
