LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu
Find the information you need for your favorite open source distribution

To browse through our weekly Linux Advisory Watch newsletters, click here.



Ubuntu: 1069-1: Mailman vulnerabilities  22 February 2011 
Posted by Benjamin D. Thomas   
It was discovered that Mailman did not properly sanitize certain fields,resulting in cross-site scripting (XSS) vulnerabilities. With cross-sitescripting vulnerabilities, if a user were tricked into viewing serveroutput during a crafted server request, a remote attacker could exploitthis to modify the contents, or steal confidential data, within the same [More...]
 
Ubuntu: 1067-1: Telepathy Gabble vulnerability  17 February 2011 
Posted by Benjamin D. Thomas   
It was discovered that Gabble did not verify the from field of googlejingleinfo updates. This could allow a remote attacker to perform manin the middle attacks (MITM) on streamed media. [More...]
 
Ubuntu: 1065-1: shadow vulnerability  15 February 2011 
Posted by Benjamin D. Thomas   
Kees Cook discovered that some shadow utilities did not correctly validateuser input. A local attacker could exploit this flaw to inject newlines intothe /etc/passwd file. If the system was configured to use NIS, this couldlead to existing NIS groups or users gaining or losing access to the system,resulting in a denial of service or unauthorized access. [More...]
 
Ubuntu: 1063-1: QEMU vulnerability  14 February 2011 
Posted by Benjamin D. Thomas   
Neil Wilson discovered that if VNC passwords were blank in QEMUconfigurations, access to VNC sessions was allowed without a passwordinstead of being disabled. A remote attacker could connect to runningVNC sessions of QEMU and directly control the system. By default, QEMUdoes not start VNC sessions. [More...]
 
Ubuntu: 1060-1: Exim vulnerabilities  10 February 2011 
Posted by Benjamin D. Thomas   
It was discovered that Exim contained a design flaw in the way it processedalternate configuration files. An attacker that obtained privileges of the"Debian-exim" user could use an alternate configuration file to obtainroot privileges. (CVE-2010-4345) [More...]
 
Ubuntu: 1059-1: Dovecot vulnerabilities  07 February 2011 
Posted by Benjamin D. Thomas   
It was discovered that the ACL plugin in Dovecot would incorrectlypropagate ACLs to new mailboxes. A remote authenticated user could possiblyread new mailboxes that were created with the wrong ACL. (CVE-2010-3304) [More...]
 
Ubuntu: 1058-1: PostgreSQL vulnerability  03 February 2011 
Posted by Benjamin D. Thomas   
Geoff Keating reported that a buffer overflow exists in the intarraymodule's input function for the query_int type. This could allow anattacker to cause a denial of service or possibly execute arbitrarycode as the postgres user. [More...]
 
<< Start < Prev 184 185 186 Next > End >>

Results 1296 - 1302 of 1927
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.