Section: .. / 0805-advisories /
| /// File Name: |
MDVSA-2008-105.txt |
Description:
|
Mandriva Linux Security Advisory - Denial of service, out of bounds, race condition, and various other vulnerabilities have been patched in the Linux 2.6 kernel.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7717 | | Related CVE(s): | CVE-2007-3740, CVE-2007-3851, CVE-2007-4133, CVE-2007-4573, CVE-2007-4997, CVE-2007-5093, CVE-2008-1375, CVE-2008-1669 | | Last Modified: | May 22 01:14:01 2008 |
| MD5 Checksum: | 3fa1ea0631b7512016f57ab83beef01d |
|
| /// File Name: |
MDVSA-2008-102.txt |
Description:
|
Mandriva Linux Security Advisory - Will Drewry of the Google Security Team reported several vulnerabilities in how libvorbis processed audio data. An attacker could create a carefully crafted OGG audio file in such a way that it would cause an application linked to libvorbis to crash or possibly execute arbitrary code when opened.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7637 | | Related CVE(s): | CVE-2008-1419, CVE-2008-1420, CVE-2008-1423 | | Last Modified: | May 19 15:44:00 2008 |
| MD5 Checksum: | d34aae58445046348cb13faa447c0a16 |
|
| /// File Name: |
sa30119.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for vorbis-tools. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30119/ | | File Size: | 7459 | | Last Modified: | May 9 20:07:29 2008 |
| MD5 Checksum: | dcfd6bbea498e78b3fa358b94f580f42 |
|
| /// File Name: |
sa30099.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for ldm. This fixes a security issue, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/30099/ | | File Size: | 7433 | | Last Modified: | May 7 20:31:38 2008 |
| MD5 Checksum: | d5193cc2ee331364c2a329e7e1316c64 |
|
| /// File Name: |
USN-612-3.txt |
Description:
|
Ubuntu Security Notice 612-3 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of shared encryption keys and SSL/TLS certificates in OpenVPN. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7395 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 15:37:41 2008 |
| MD5 Checksum: | fbc9eb044bb2cb99c735320b168eeffe |
|
| /// File Name: |
SSRT080034.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Netscape Directory Server (NDS). The vulnerability could be used locally to gain extended privileges.
| | Homepage: | http://www.hp.com/ | | File Size: | 7308 | | Related CVE(s): | CVE-2008-0892 | | Last Modified: | May 6 16:42:02 2008 |
| MD5 Checksum: | d484200e5c25c9765700282b3a715e10 |
|
| /// File Name: |
USN-611-2.txt |
Description:
|
Ubuntu Security Notice 611-2 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for ogg123, part of vorbis-tools. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7294 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 9 13:30:57 2008 |
| MD5 Checksum: | a2c8b46ce1f3301d099c7eb67973f3b0 |
|
| /// File Name: |
SSRT071403-2.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The Denial of Service (DoS) affects the ftp server application only.
| | Homepage: | http://www.hp.com/ | | File Size: | 7258 | | Related CVE(s): | CVE-2008-0713 | | Last Modified: | May 28 20:16:21 2008 |
| MD5 Checksum: | 5bbef96b3358b35c2b29f08a4f90efd6 |
|
| /// File Name: |
SSRT071403.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running ftp. The vulnerability could be exploited remotely to create a Denial of Service (DoS). The Denial of Service (DoS) affects the ftp server application only.
| | Homepage: | http://www.hp.com/ | | File Size: | 7219 | | Related CVE(s): | CVE-2008-0713 | | Last Modified: | May 12 16:04:01 2008 |
| MD5 Checksum: | 775ab8659a58b7670f90f607b3a6d47e |
|
| /// File Name: |
USN-610-1.txt |
Description:
|
Ubuntu Security Notice 610-1 - Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network. A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7189 | | Related CVE(s): | CVE-2008-1293 | | Last Modified: | May 7 13:36:46 2008 |
| MD5 Checksum: | 77ac0e795794d36deede12c886ccdf18 |
|
| /// File Name: |
SSRT071454-2.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified HP-UX running the useradd(1M) command. The vulnerability could be exploited locally to allow unauthorized access to directories or files.
| | Homepage: | http://www.hp.com/ | | File Size: | 7063 | | Related CVE(s): | CVE-2008-1660 | | Last Modified: | May 27 19:32:07 2008 |
| MD5 Checksum: | 6a15f7701a6c7e29bf912a9181f066d6 |
|
| /// File Name: |
SSRT071454.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified HP-UX running the useradd(1M) command. The vulnerability could be exploited locally to allow unauthorized access to directories or files.
| | Homepage: | http://www.hp.com/ | | File Size: | 6995 | | Related CVE(s): | CVE-2008-1660 | | Last Modified: | May 20 16:23:58 2008 |
| MD5 Checksum: | 2ec5cd03dd2da29b6abd5663ef86fbe3 |
|
| /// File Name: |
MDVSA-2008-100.txt |
Description:
|
Mandriva Linux Security Advisory - A double free vulnerability in Perl 5.8.8 and earlier versions, allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6987 | | Related CVE(s): | CVE-2008-1927 | | Last Modified: | May 12 10:37:41 2008 |
| MD5 Checksum: | 513fa7b59cd18f23cdf5a4d38273458e |
|
| /// File Name: |
SSRT080072.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be exploited locally to gain unauthorized access and create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 6965 | | Related CVE(s): | CVE-2008-1483 | | Last Modified: | May 22 19:41:08 2008 |
| MD5 Checksum: | 50c454b6000fc9686c5ccbb2e49c15d2 |
|
| /// File Name: |
aid-051408.asc |
Description:
|
Aruba Networks Security Advisory - A user authentication vulnerability was discovered during standard bug reporting procedures in the Aruba Mobility Controller. This vulnerability only affects customers using TACACS authentication for Controller management users. Cross-site scripting vulnerabilities were discovered during standard bug reporting procedures in the Aruba Mobility Controller. Certain malformed inputs to the web UI allow the injection of cross-site scripting (XSS) components, leading to a potential compromise of client web session integrity.
| | Homepage: | http://www.arubanetworks.com/ | | File Size: | 6764 | | Last Modified: | May 15 13:16:38 2008 |
| MD5 Checksum: | 66fe78e297c3c703c1907d3bf9ea75e9 |
|
| /// File Name: |
dsa-1585-1.txt |
Description:
|
Debian Security Advisory 1585-1 - It was discovered that speex, The Speex codec command line tools, did not correctly did not correctly deal with negative offsets in a particular header field. This could allow a malicious file to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 6408 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 22 01:48:25 2008 |
| MD5 Checksum: | 6e6b3fb8c6b928ee12e90b4ebedd2f50 |
|
| /// File Name: |
SE-2008-02.txt |
Description:
|
PHP versions 5.2.5 and below and 4.4.8 and below suffer from a weak random number seed vulnerability in GENERATE_SEED().
| | Author: | Stefan Esser | | Homepage: | http://www.sektioneins.de/ | | File Size: | 6356 | | Last Modified: | May 6 19:02:00 2008 |
| MD5 Checksum: | 4b0cca74264389c41d1fdf9224233459 |
|
| /// File Name: |
FICORA-130447.txt |
Description:
|
CERT-FI Vulnerability Advisory on GnuTLS - GnuTLS versions prior to 2.2.4 suffer from denial of service and buffer overflow vulnerabilities.
| | Author: | Ossi Herrala, Jukka Taimisto | | Homepage: | http://www.cert.fi/ | | File Size: | 6341 | | Last Modified: | May 20 16:35:24 2008 |
| MD5 Checksum: | 73fe6ff310a9b93a567dbdc4ea52afb8 |
|
| /// File Name: |
dsa-1587-1.txt |
Description:
|
Debian Security Advisory 1587-1 - Adam Zabrocki discovered that under certain circumstances mtr, a full screen ncurses and X11 traceroute tool, could be tricked into executing arbitrary code via overly long reverse DNS records.
| | Homepage: | http://www.debian.org/security | | File Size: | 6180 | | Related CVE(s): | CVE-2008-2357 | | Last Modified: | May 27 18:19:29 2008 |
| MD5 Checksum: | f426ed28ca331fc3ed2e887d5d814207 |
|
| /// File Name: |
MDVSA-2008-098.txt |
Description:
|
Mandriva Linux Security Advisory - A vulnerability in OpenSSH 4.4 through 4.8 allowed local attackers to bypass intended security restrictions enabling them to execute commands other than those specified by the ForceCommand directive, provided they are able to modify to ~/.ssh/rc.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6090 | | Related CVE(s): | CVE-2008-1657 | | Last Modified: | May 7 13:29:56 2008 |
| MD5 Checksum: | c05d37c906d149b687d05a12d3686dbb |
|
| /// File Name: |
SE-2008-03.txt |
Description:
|
PHP versions 5.2.5 and below and 4.4.8 and below suffer from a multibyte shell command escaping bypass vulnerability.
| | Author: | Stefan Esser | | Homepage: | http://www.sektioneins.de/ | | File Size: | 6019 | | Last Modified: | May 6 19:03:07 2008 |
| MD5 Checksum: | 75f252427e7c381d010f1b575b551982 |
|
| /// File Name: |
sa30136.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openvpn. This fixes a security issue, which can lead to weak cryptographic key material.
| | Homepage: | http://secunia.com/advisories/30136/ | | File Size: | 5937 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | ebb821fb15bf4b037d9609b782c0ad5d |
|
| /// File Name: |
CA-caloggerdxdr.txt |
Description:
|
CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2008-2241, is due to insufficient path verification by the logging service, caloggerd. An attacker can append data to arbitrary files, which can lead to system compromise. The second vulnerability, CVE-2008-2242, is due to insufficient bounds checking by multiple xdr functions. An attacker can cause an overflow and execute arbitrary code.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 5864 | | Related CVE(s): | CVE-2008-2241, CVE-2008-2242 | | Last Modified: | May 19 21:36:12 2008 |
| MD5 Checksum: | 612eed8dc378f0b53f234e2a163e0464 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
