Advisory: Gentoo Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It may be possible to make Ethereal crash or run arbitrary code by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file.
phpSysInfo contains two vulnerabilities which could allow local files to be read or arbitrary PHP code to be executed, under the privileges of the web server process. [More...]
A bug in the getgrouplist function can cause a buffer overflow if the size of the group list is too small to hold all the user's groups. This overflow can cause segmentation faults in user applications. This vulnerability exists [More...]
There is a bug in the part of libnids code responsible for TCP reassembly. The flaw probably allows remote code execution. [More...]
Quote from : Potential security issues have been discovered in the following protocol [More...]
A buffer overflow could occur in mod_alias and mod_rewrite when a regular expression with more than 9 captures is configured.
Due to an error in the SSL/TLS protocol handling, a server will parsea client certificate when one is not specifically requested.
mpg123 contains a heap based buffer overflow that would allow an remoteattacker to execute arbitrary code on the victims machine.
teapop suffers from a sql injection in the postgresql and mysql authentication module.
ISS X-Force discovered a vulnerability that could be triggered when a specially crafted file is uploaded to a proftpd server.
A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header.
Portable OpenSSH versions 3.7p1 and 3.7.1p1 contain multiplevulnerabilities in the new PAM code. At least one of these bugsis remotely exploitable (under a non-standard configuration,with privsep disabled).
Fix a buffer overflow in address parsing. Fix a potential buffer overflow in ruleset parsing. This problemis not exploitable in the default sendmail configuration.
ll versions of OpenSSH's sshd prior to 3.7 contain a buffer managementerror. It is uncertain whether this error is potentially exploitable,however, we prefer to see bugs fixed proactively.
There's a heap overflow in all versions of exim3 and exim4 priorto version 4.21. It can be exercised by anyone who can make anSMTP connection to the exim daemon.
Anyone with global administrative privileges on a MySQL server may execute arbitrary code even on a host he isn't supposed to have a shell on, with the privileges of the system account running the MySQL server.
atari800 contains a buffer overflow which could be used by an attackerto gain root privileges.
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1through 1.3.4 allows remote attackers to insert arbitrary web script viathe searchstring parameter.
Previous eroaster versions allowwed local users to overwrite arbitraryfiles via a symlink attack on a temporary file that is used as a lockfile.
Mindi creates files in /tmp which could allow local user to overwritearbitrary files.