Section: .. / 0801-advisories /
| /// File Name: |
sa28439.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28439/ | | File Size: | 2864 | | Last Modified: | Jan 11 12:37:52 2008 |
| MD5 Checksum: | a20cd27f10acef2662c7e24064e8a456 |
|
| /// File Name: |
sa28420.txt |
Description:
|
Secunia Security Advisory - Cold z3ro has discovered a vulnerability in osDate, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28420/ | | File Size: | 2603 | | Last Modified: | Jan 10 18:06:11 2008 |
| MD5 Checksum: | bccaa7649eb5d68e4a23be6bb10aaf8b |
|
| /// File Name: |
sa28409.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has discovered a vulnerability in MaxDB, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28409/ | | File Size: | 2336 | | Last Modified: | Jan 10 18:06:04 2008 |
| MD5 Checksum: | 26bb7c30ca1febdd43cb6ba950e0fff6 |
|
| /// File Name: |
USN-567-1.txt |
Description:
|
Ubuntu Security Notice 567-1 - It was discovered that in very rare configurations using LDAP, Dovecot may reuse cached connections for users with the same password. As a result, a user may be able to login as another if the connection is reused. The default Ubuntu configuration of Dovecot was not vulnerable.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 6333 | | Related CVE(s): | CVE-2007-6598 | | Last Modified: | Jan 10 18:05:58 2008 |
| MD5 Checksum: | a4660458a06a9e2858f02c1b75c05236 |
|
| /// File Name: |
dsa-1458-1.txt |
Description:
|
Debian Security Advisory 1458-1 - A race condition in the OpenAFS fileserver allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.
| | Homepage: | http://www.debian.org/security | | File Size: | 22781 | | Related CVE(s): | CVE-2007-6599 | | Last Modified: | Jan 10 18:05:14 2008 |
| MD5 Checksum: | d7721b5e98ac6d83fadecc5ea627fa4e |
|
| /// File Name: |
MDVSA-2008-006.txt |
Description:
|
Mandriva Linux Security Advisory - An integer overflow in the Exiv2 library allows context-dependent attackers to execute arbitrary code via a crafted EXIF file that triggers a heap-based buffer overflow.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3424 | | Related CVE(s): | CVE-2007-6353 | | Last Modified: | Jan 10 18:04:35 2008 |
| MD5 Checksum: | 6998205f7a9adbfba9309a2e6767c2e3 |
|
| /// File Name: |
homehub-upnp.txt |
Description:
|
Information on pwning the BT Home Hub regarding the exploitation of IGDs remotely via UPnP.
| | Author: | pagvac | | Homepage: | http://www.gnucitizen.org/ | | File Size: | 9940 | | Last Modified: | Jan 10 17:57:43 2008 |
| MD5 Checksum: | b881d12f8b72ceedb666cfb0b156a716 |
|
| /// File Name: |
PR07-060708091012.txt |
Description:
|
Sun Java System Identity Manager version 6.0, Sun Java System Identity Manager version 7.0, and Sun Java System Identity Manager version 7.1 are susceptible to cross domain redirection, cross site scripting, and frame injection vulnerabilities.
| | Author: | Adrian Pastor, Jan Fry | | Homepage: | http://www.procheckup.com/ | | File Size: | 3435 | | Last Modified: | Jan 10 17:39:35 2008 |
| MD5 Checksum: | 250ecb0bc50938b9625bb9c96ef414fa |
|
| /// File Name: |
sa28405.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Xen, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28405/ | | File Size: | 2477 | | Last Modified: | Jan 10 17:34:16 2008 |
| MD5 Checksum: | 3589c3b88037c93a13aa97830c90f452 |
|
| /// File Name: |
sa28370.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in vtiger CRM, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/28370/ | | File Size: | 2489 | | Last Modified: | Jan 10 17:33:57 2008 |
| MD5 Checksum: | 894558ee183a347fe596ff4c5aebf669 |
|
| /// File Name: |
sa28383.txt |
Description:
|
Secunia Security Advisory - Luigi Auriemma has reported a vulnerability in VLC Media Player, which can potentially be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28383/ | | File Size: | 2435 | | Last Modified: | Jan 10 17:33:57 2008 |
| MD5 Checksum: | 99323e44a0d5c9f7472d0463e480a5d4 |
|
| /// File Name: |
sa28393.txt |
Description:
|
Secunia Security Advisory - j0j0 has discovered a vulnerability in DomPHP, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/28393/ | | File Size: | 2344 | | Last Modified: | Jan 10 17:33:57 2008 |
| MD5 Checksum: | b3f65e49dcb27e52ce4d12d27bf49222 |
|
| /// File Name: |
sa28394.txt |
Description:
|
Secunia Security Advisory - Ingate has acknowledged a vulnerability in Ingate Firewall and SIParator, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28394/ | | File Size: | 2380 | | Last Modified: | Jan 10 17:33:57 2008 |
| MD5 Checksum: | 3e51aa77896abe2a372f9c9ab9d20625 |
|
| /// File Name: |
sa28404.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/28404/ | | File Size: | 8877 | | Last Modified: | Jan 10 17:33:57 2008 |
| MD5 Checksum: | 1af355c951f6cb045ef2b57f7b6dd0c1 |
|
| /// File Name: |
sa28421.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Kolab Server, where one vulnerability has an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28421/ | | File Size: | 2125 | | Last Modified: | Jan 10 17:33:57 2008 |
| MD5 Checksum: | 94624e41b0c50ecd39866afcfdde6e6c |
|
| /// File Name: |
USN-566-1.txt |
Description:
|
Ubuntu Security Notice 566-1 - Jan Pechanec discovered that ssh would forward trusted X11 cookies when untrusted cookie generation failed. This could lead to unintended privileges being forwarded to a remote host.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17844 | | Related CVE(s): | CVE-2007-4752 | | Last Modified: | Jan 10 04:03:19 2008 |
| MD5 Checksum: | c6ed217cdd53a78d53de2f219184508b |
|
| /// File Name: |
USN-565-1.txt |
Description:
|
Ubuntu Security Notice 565-1 - It was discovered that Squid did not always clean up cache memory correctly. A remote attacker could manipulate cache update replies and cause Squid to use all available memory, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11991 | | Related CVE(s): | CVE-2007-6239 | | Last Modified: | Jan 10 04:02:30 2008 |
| MD5 Checksum: | e583af601499be6eeb7d2910464b3896 |
|
| /// File Name: |
glsa-200801-06-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-06:02 - Gregory Andersen reported that the Xfce4 panel does not correctly calculate memory boundaries, leading to a stack-based buffer overflow in the launcher_update_panel_entry() function. Daichi Kawahata reported libxfcegui4 did not copy provided values when creating SessionClient structs, possibly leading to access of freed memory areas. Versions less than 4.4.2 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3613 | | Related CVE(s): | CVE-2007-6531, CVE-2007-6532 | | Last Modified: | Jan 10 04:01:48 2008 |
| MD5 Checksum: | 7e43cdfab9de04bfef1814baf88c1668 |
|
| /// File Name: |
glsa-200801-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-05 - The Wikimedia Foundation reported a memory leak vulnerability when performing cache updates. Versions less than 2.6.17 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2666 | | Related CVE(s): | CVE-2007-6239 | | Last Modified: | Jan 10 04:00:41 2008 |
| MD5 Checksum: | 7719e041147ed282424f799f890a0196 |
|
| /// File Name: |
glsa-200801-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-04 - Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists. Versions less than 1.4.6 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2705 | | Related CVE(s): | CVE-2007-6599 | | Last Modified: | Jan 10 04:00:26 2008 |
| MD5 Checksum: | 6b5aad31b93012e51d36460c8bd5f2fd |
|
| /// File Name: |
glsa-200801-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-03 - Nico Golde from Debian reported that the sylprint.pl script that is part of the Claws Mail tools creates temporary files in an insecure manner. Versions less than 3.0.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2796 | | Related CVE(s): | CVE-2007-6208 | | Last Modified: | Jan 10 03:59:59 2008 |
| MD5 Checksum: | 799386edc6a54a3e975997ed6014fdd0 |
|
| /// File Name: |
glsa-200801-02-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200801-02:02 - R includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities (GLSA 200711-30). Versions less than 2.2.1-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2983 | | Last Modified: | Jan 10 03:58:53 2008 |
| MD5 Checksum: | c2e2105d9bf21493d35cac31ab4bc05c |
|
| /// File Name: |
MDVSA-2008-005.txt |
Description:
|
Mandriva Linux Security Advisory - An infinite recursion flaw was found in the way that libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash. An integer overflow flaw was also found in how libexif parses Exif image tags. A carefully crafted Exif image file opened by an application linked against libexif could cause the application to crash or execute arbitrary code with the privileges of the user executing the application.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5429 | | Related CVE(s): | CVE-2007-6351, CVE-2007-6352 | | Last Modified: | Jan 10 03:58:29 2008 |
| MD5 Checksum: | 568437399ebadc129149c3644322a1d7 |
|
| /// File Name: |
dsa-1457-1.txt |
Description:
|
Debian Security Advisory 1457-1 - It was discovered that Dovecot, a POP3 and IMAP server, only when used with LDAP authentication and a base that contains variables, could allow a user to log in to the account of another user with the same password.
| | Homepage: | http://www.debian.org/security | | File Size: | 9314 | | Related CVE(s): | CVE-2007-6598 | | Last Modified: | Jan 10 03:56:56 2008 |
| MD5 Checksum: | 4ebef8ae0a51ae1198b6ccd0c34bb63a |
|
| /// File Name: |
dsa-1456-1.txt |
Description:
|
Debian Security Advisory 1456-1 - Daniel B. Cid discovered that fail2ban, a tool to block IP addresses that cause login failures, is too liberal about parsing SSH log files, allowing an attacker to block any IP address.
| | Homepage: | http://www.debian.org/security | | File Size: | 2948 | | Related CVE(s): | CVE-2007-4321 | | Last Modified: | Jan 10 03:56:22 2008 |
| MD5 Checksum: | 357bf1534b3a8974f4f11f7a453f6ab9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
