|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
Posted by Benjamin D. Thomas
|
|
USN-582-1 fixed several vulnerabilities in Thunderbird. The upstream
fixes were incomplete, and after performing certain actions Thunderbird
would crash due to memory errors. This update fixes the problem.
We apologize for the inconvenience.
|
|
|
Posted by Benjamin D. Thomas
|
|
Jonathan Clarke discovered that the OpenLDAP slapd server did not
properly handle modify requests when using the Berkeley DB backend
and the NOOP control was used. An authenticated user with modify
permissions could send a crafted modify request and cause a denial
of service via application crash. Ubuntu 7.10 is not affected by
this issue. (CVE-2007-6698)
|
|
|
Posted by Benjamin D. Thomas
|
|
Ulf Harnhammar discovered that Evolution did not correctly handle format
strings when processing encrypted emails. A remote attacker could exploit
this by sending a specially crafted email, resulting in arbitrary code
execution.
|
|
|
Posted by Benjamin D. Thomas
|
|
It was discovered that Thunderbird did not properly set the size of a
buffer when parsing an external-body MIME-type. If a user were to open
a specially crafted email, an attacker could cause a denial of service
via application crash or possibly execute arbitrary code as the user.
|
|
|
Posted by Benjamin D. Thomas
|
|
It was discovered that PCRE did not correctly handle very long strings
containing UTF8 sequences. In certain situations, an attacker could
exploit applications linked against PCRE by tricking a user or automated
system in processing a malicious regular expression leading to a denial
of service or possibly arbitrary code execution.
|
|
|
Posted by Benjamin D. Thomas
|
|
Devon Miller discovered that the iso-info and cd-info tools did not
properly perform bounds checking. If a user were tricked into using
these tools with a crafted iso image, an attacker could cause a
denial of service via a core dump, and possibly execute arbitrary
code.
|
|
|
Posted by Benjamin D. Thomas
|
|
It was discovered that QSslSocket did not properly verify SSL
certificates. A remote attacker may be able to trick applications
using QSslSocket into accepting invalid SSL certificates.
|
|
|
<< Start < Prev 154 155 156 Next > End >>
|
| Results 1086 - 1092 of 1359 |
