|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
Posted by Benjamin D. Thomas
|
|
Michael Skladnikiewicz discovered that SDL_image did not correctly load
GIF images. If a user or automated system were tricked into processing
a specially crafted GIF, a remote attacker could execute arbitrary code
or cause a crash, leading to a denial of service. (CVE-2007-6697)
David Raulo discovered that SDL_image did not correctly load ILBM images.
If a user or automated system were tricked into processing a specially
crafted ILBM, a remote attacker could execute arbitrary code or cause
a crash, leading to a denial of service. (CVE-2008-0544)
|
|
|
Posted by Benjamin D. Thomas
|
|
Alexey Proskuryakov, Yosuke Hasegawa and Simon Montagu discovered flaws
in Firefox's character encoding handling. If a user were tricked into
opening a malicious web page, an attacker could perform cross-site
scripting attacks. (CVE-2008-0416)
|
|
|
Posted by Benjamin D. Thomas
|
|
It was discovered that bzip2 did not correctly handle certain malformed
archives. If a user or automated system were tricked into processing
a specially crafted bzip2 archive, applications linked against libbz2
could be made to crash, possibly leading to a denial of service.
|
|
|
Posted by Benjamin D. Thomas
|
|
Will Drewry discovered that libicu did not properly handle '\0' when
processing regular expressions. If an application linked against libicu
processed a crafted regular expression, an attacker could execute
arbitrary code with privileges of the user invoking the program.
|
|
|
Posted by Benjamin D. Thomas
|
|
Tavis Ormandy discovered that unzip did not correctly clean up pointers.
If a user or automated service was tricked into processing a specially
crafted ZIP archive, a remote attacker could execute arbitrary code with
user privileges.
|
|
|
Posted by Benjamin D. Thomas
|
|
Masaaki Hirose discovered that MySQL could be made to dereference
a NULL pointer. An authenticated user could cause a denial of service
(application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA
table. This issue only affects Ubuntu 6.06 and 6.10. (CVE-2006-7232)
Alexander Nozdrin discovered that MySQL did not restore database access
privileges when returning from SQL SECURITY INVOKER stored routines. An
authenticated user could exploit this to gain privileges. This issue
does not affect Ubuntu 7.10. (CVE-2007-2692)
|
|
|
Posted by Benjamin D. Thomas
|
|
It was discovered that krb5 did not correctly handle certain krb4
requests. An unauthenticated remote attacker could exploit this flaw
by sending a specially crafted traffic, which could expose sensitive
information, cause a crash, or execute arbitrary code. (CVE-2008-0062,
CVE-2008-0063)
|
|
|
<< Start < Prev 160 161 162 Next > End >>
|
| Results 1121 - 1127 of 1403 |
