|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
Two security problems were fixed in the ISC BIND nameserver version 9.3.4, which are addressed by this advisory |
|
|
This update fixes several format string bugs that can be exploited remotely with user-assistance to execute arbitrary code. Since SUSE Linux version 10.1 format string bugs are not exploitable anymore. (CVE-2007-0017) |
|
|
This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// URLs. (CVE-2007-0247) Additionally the 10.2 package needed a fix for another DoS bug (CVE-2007-0248) and for max_user_ip handling in ntlm_auth. |
|
|
The Adobe Acrobat Reader has been updated to version 7.0.9. This update also includes following security fixes: CVE-2006-5857: A memory corruption problem was fixed in Adobe Acrobat Reader can potentially lead to code execution. CVE-2007-0044: Universal Cross Site Request Forgery (CSRF) problems were fixed in the Acrobat Reader plugin which could be exploited by remote attackers to conduct CSRF attacks using any site that is providing PDFs. CVE-2007-0045: Cross site scripting problems in the Acrobat Reader plugin were fixed, which could be exploited by remote attackers to conduct XSS attacks against any site that is providing PDFs. CVE-2007-0046: A double free problem in the Acrobat Reader plugin was fixed which could be used by remote attackers to potentially execute arbitrary code. Note that all platforms using Adobe Reader currently have counter measures against such attack where it will just cause a controlled abort(). CVE-2007-0047 and CVE-2007-0048 affect only Microsoft Windows and Internet Explorer. Please note that the Acrobat Reader on SUSE Linux Enterprise Server 9 is affected too, but can not be updated currently due to GTK+ 2.4 requirements. We are trying to find a solution. Acrobat Reader on SUSE Linux Enterprise Server 8 and SUSE Linux Desktop 1 is no longer supported and should be deinstalled. |
|
|
Various security problems and bugs have been fixed in the IBMJava JRE and SDK. The IBM Java packages were updated to: IBM Java 1.4.2 to Service Refresh 7. IBM JAVA 1.3.10 to Service Refresh 10. It contains several security fixes also fixed in SUN Java including: CVE-2006-4339: fix for the RSA exponent padding attack. CVE-2006-6736,CVE-2006-6737: 2 unspecified vulnerabilities that allow untrusted applets to access data in other applets. CVE-2006-6745: Multiple unspecified vulnerabilities that allow applets to gain privileges related to serialization bugs in the JRE. CVE-2006-6731: Multiple buffer overflows in java image handling routines that allow attackers to potentially read/write/execute local files. |
|
|
This update brings the Opera Web browser to version 9.10, including fixes for the following 2 security problems: CVE-2007-0126: Opera processes a JPEG DHT marker incorrectly, which can potentially lead to remote code execution. CVE-2007-0127: Opera is affected by a typecasting bug in its Javascripts SVG implementation which could potentially be used to execute code. |
|
|
This update fixes three memory corruptions within the X server which could be used by local attackers with access to this display to crash the X server and potentially execute code. The following CVEIDs are addressed by this vulnerability: CVE-2006-6101, CVE-2006-6102, CVE-2006-6103 |
|
|
<< Start < Prev 4 5 6 Next > End >>
|
| Results 36 - 42 of 433 |
