|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
Posted by Benjamin D. Thomas
|
|
Stefan Esser discovered multiple vulnerabilities in the "Month of PHP
bugs".
The substr_compare() function did not sufficiently verify its length
argument. This might be exploited to read otherwise unaccessible
memory, which might lead to information disclosure. (CVE-2007-1375)
The shared memory (shmop) functions did not verify resource types,
thus they could be called with a wrong resource type that might
contain user supplied data. This could be exploited to read and write
arbitrary memory addresses of the PHP interpreter. This issue does
not affect Ubuntu 7.04. (CVE-2007-1376)
|
|
|
Posted by Benjamin D. Thomas
|
|
USN-453-1 provided an updated libx11 package to fix a security
vulnerability. This triggered an error in rdesktop so that it crashed
on startup. This update fixes the problem.
|
|
|
Posted by Benjamin D. Thomas
|
|
Multiple integer overflows were found in the XGetPixel function of
libx11. If a user were tricked into opening a specially crafted XWD
image, remote attackers could execute arbitrary code with user
privileges.
|
|
|
Posted by Benjamin D. Thomas
|
|
The Qt library did not correctly handle truncated UTF8 strings, which
could cause some applications to incorrectly filter malicious strings.
If a Konqueror user were tricked into visiting a web site containing
specially crafted strings, normal XSS prevention could be bypassed
allowing a remote attacker to steal confidential data.
|
|
|
Posted by Benjamin D. Thomas
|
|
The kernel key management code did not correctly handle key reuse. A
local attacker could create many key requests, leading to a denial of
service. (CVE-2007-0006)
|
|
|
Posted by Benjamin D. Thomas
|
|
A flaw was discovered in the IPSec key exchange server "racoon". Remote
attackers could send a specially crafted packet and disrupt established
IPSec tunnels, leading to a denial of service.
|
|
|
Posted by Benjamin D. Thomas
|
|
The krb5 telnet service did not appropriately verify user names. A remote attacker could log in as the root user by requesting a specially crafted user name. |
|
|
<< Start < Prev 175 176 177 Next > End >>
|
| Results 1219 - 1225 of 1353 |
