Section: .. / 0804-advisories /
| /// File Name: |
sa29767.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for libcairo. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/29767/ | | File Size: | 12129 | | Last Modified: | Apr 10 18:15:45 2008 |
| MD5 Checksum: | dcc0387a491492bf280a05561b354238 |
|
| /// File Name: |
sa29774.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in multiple TIBCO products, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29774/ | | File Size: | 4161 | | Last Modified: | Apr 10 17:19:45 2008 |
| MD5 Checksum: | 322d0802af9c74c4d1c9d64742a2b391 |
|
| /// File Name: |
dsa-1545-1.txt |
Description:
|
Debian Security Advisory 1545-1 - Sebastian Krahmer discovered that an integer overflow in rsync's code for handling extended attributes may lead to arbitrary code execution.
| | Homepage: | http://www.debian.org/security | | File Size: | 4483 | | Related CVE(s): | CVE-2008-1720 | | Last Modified: | Apr 10 17:19:22 2008 |
| MD5 Checksum: | 60c2d47e8f39b7e8a4cb8ba00b9f1eb6 |
|
| /// File Name: |
glsa-200804-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-09 - Tavis Ormandy discovered that, when creating temporary files, the 'expn' utility does not check whether the file already exists. Versions less than 6.1.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2985 | | Related CVE(s): | CVE-2008-1078 | | Last Modified: | Apr 10 17:17:41 2008 |
| MD5 Checksum: | 43fcddc54780075286e471f4c82cc4fb |
|
| /// File Name: |
glsa-200804-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-08 - Julien Cayzax discovered that an insecure default setting exists in mod_userdir in lighttpd. When userdir.path is not set the default value used is $HOME. It should be noted that the nobody user's $HOME is / (CVE-2008-1270). An error also exists in the SSL connection code which can be triggered when a user prematurely terminates his connection (CVE-2008-1531). Versions less than 1.4.19-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2945 | | Related CVE(s): | CVE-2008-1270, CVE-2008-1531 | | Last Modified: | Apr 10 17:17:25 2008 |
| MD5 Checksum: | 4849c526152349264a79a8774c701b82 |
|
| /// File Name: |
MDVSA-2008-083.txt |
Description:
|
Mandriva Linux Security Advisory - Joe Nall reported a stack-based buffer overflow in Audit's log handling that could allow remote attackers to execute arbitrary code via a long command argument.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4780 | | Related CVE(s): | CVE-2008-1628 | | Last Modified: | Apr 10 17:15:22 2008 |
| MD5 Checksum: | b1861deefc509ff4b3368da7903d4b11 |
|
| /// File Name: |
ioactive-zlib.txt |
Description:
|
The zlib extension module in Python version 2.5.2 contains a method for flushing decompression streams that takes an input parameter of how much data to flush. This parameter is a signed integer that is not verified for sanity and is thus potentially negative. When passed a negative value memory is misallocated and then the signed integer is converted to an unsigned integer resulting in buffer overflow.
| | Homepage: | http://www.ioactive.com/ | | File Size: | 6293 | | Last Modified: | Apr 10 17:14:52 2008 |
| MD5 Checksum: | ae7beb198b329c5c2cd1e3698c43348b |
|
| /// File Name: |
USN-599-1.txt |
Description:
|
Ubuntu Security Notice 599-1 - Chris Evans discovered that Ghostscript contained a buffer overflow in its color space handling code. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17458 | | Related CVE(s): | CVE-2008-0411 | | Last Modified: | Apr 10 16:56:36 2008 |
| MD5 Checksum: | 43efa697a0e4c0676a66dd1e0d1a4691 |
|
| /// File Name: |
MDVSA-2008-082.txt |
Description:
|
Mandriva Linux Security Advisory - Daniel Papasian discovered a stack-based buffer overflow in the apc_search_paths() function in APC that can be triggered when processing long filenames. A remote attacker could exploit this vulnerability to execute arbitrary code in PHP applications that pass user-controlled input to the include() function.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3292 | | Related CVE(s): | CVE-2008-1488 | | Last Modified: | Apr 10 16:54:53 2008 |
| MD5 Checksum: | 017ee8b5bcc26ebc0b84a1bfa1f756bb |
|
| /// File Name: |
dsa-1544-1.txt |
Description:
|
Debian Security Advisory 1544-1 - Amit Klein discovered that pdns-recursor, a caching DNS resolver, uses a weak random number generator to create DNS transaction IDs and UDP source port numbers. As a result, cache poisoning attacks were simplified.
| | Homepage: | http://www.debian.org/security | | File Size: | 4181 | | Related CVE(s): | CVE-2008-1637 | | Last Modified: | Apr 10 16:37:42 2008 |
| MD5 Checksum: | 5f318a0c586da19bca411140ef2d5fe4 |
|
| /// File Name: |
dsa-1543-1.txt |
Description:
|
Debian Security Advisory 1543-1 - A fair amount of people have discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc.
| | Homepage: | http://www.debian.org/security | | File Size: | 23070 | | Related CVE(s): | CVE-2007-6681, CVE-2007-6682, CVE-2007-6683, CVE-2008-0295, CVE-2008-0296, CVE-2008-0073, CVE-2008-0984, CVE-2008-1489 | | Last Modified: | Apr 10 16:36:51 2008 |
| MD5 Checksum: | f21e2006584c648bf8aafc1ba9d3afa2 |
|
| /// File Name: |
sa29692.txt |
Description:
|
Secunia Security Advisory - Simon Ryeo has reported a vulnerability in CDNetworks Nefficient Download, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29692/ | | File Size: | 2488 | | Last Modified: | Apr 10 16:17:17 2008 |
| MD5 Checksum: | 5d9c32c656e0ec81a3b33c3d5c6f3e4a |
|
| /// File Name: |
sa29716.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been discovered in KnowledgeQuest, which can be exploited by malicious people to conduct SQL injection attacks or to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29716/ | | File Size: | 3169 | | Last Modified: | Apr 10 16:17:17 2008 |
| MD5 Checksum: | bdcfa4f864dc632ba555c0ddbb7f428b |
|
| /// File Name: |
sa29725.txt |
Description:
|
Secunia Security Advisory - t0pP8uZz has reported two vulnerabilities in iScripts SocialWare, which can be exploited by malicious users to compromise a vulnerable system, and by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/29725/ | | File Size: | 2878 | | Last Modified: | Apr 10 16:17:17 2008 |
| MD5 Checksum: | 1ce4f15db08c2d23286efbd727f49e22 |
|
| /// File Name: |
sa29751.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Openfire, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29751/ | | File Size: | 2143 | | Last Modified: | Apr 10 16:17:17 2008 |
| MD5 Checksum: | f28badac478c96940c0b398515216554 |
|
| /// File Name: |
sa29772.txt |
Description:
|
Secunia Security Advisory - A security issue has been reported in the Simple Access module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/29772/ | | File Size: | 2313 | | Last Modified: | Apr 10 16:17:17 2008 |
| MD5 Checksum: | fcdbc11ef65438430359cb198567eb51 |
|
| /// File Name: |
dsa-1542-1.txt |
Description:
|
Debian Security Advisory 1542-1 - Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously-crafted PNG image, the vulnerability allows the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 12772 | | Related CVE(s): | CVE-2007-5503 | | Last Modified: | Apr 10 10:12:48 2008 |
| MD5 Checksum: | 2fe7514d32330d4652a01caf2edba8f8 |
|
| /// File Name: |
TA08-100A.txt |
Description:
|
Technical Cyber Security Alert TA08-100A - Adobe has released Security advisory APSB08-11 to address multiple vulnerabilities affecting Adobe Flash. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
| | Homepage: | http://www.us-cert.gov/ | | File Size: | 3968 | | Last Modified: | Apr 10 10:11:41 2008 |
| MD5 Checksum: | aaecb686c739ae7287dc60f8b5b2039f |
|
| /// File Name: |
glsa-200804-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200804-07 - Daniel Papasian discovered a stack-based buffer overflow in the apc_search_paths() function in the file apc.c when processing long filenames. Versions less than 3.0.16-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2565 | | Related CVE(s): | CVE-2008-1488 | | Last Modified: | Apr 10 10:10:40 2008 |
| MD5 Checksum: | dc1269be607bb75edc00a86f3c893ae5 |
|
| /// File Name: |
sa27477.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/27477/ | | File Size: | 2703 | | Last Modified: | Apr 10 10:08:38 2008 |
| MD5 Checksum: | 4e3fae24c75a2423b86f37c5c922629a |
|
| /// File Name: |
sa27567.txt |
Description:
|
Secunia Security Advisory - Red Hat has issued an update for flash-plugin. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/27567/ | | File Size: | 2393 | | Last Modified: | Apr 10 10:08:38 2008 |
| MD5 Checksum: | a31a70f459abd25c0cf5610741e6b480 |
|
| /// File Name: |
sa28083.txt |
Description:
|
Secunia Security Advisory - Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28083/ | | File Size: | 4631 | | Last Modified: | Apr 10 10:08:38 2008 |
| MD5 Checksum: | 2498d04b1ac336c9c6868dcbeb983986 |
|
| /// File Name: |
sa29682.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for openldap2.3. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29682/ | | File Size: | 8140 | | Last Modified: | Apr 10 10:08:38 2008 |
| MD5 Checksum: | c910084aba0856eddf8c8e6eb0bec303 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
