|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters, click here.
|
|
|
Posted by Benjamin D. Thomas
|
|
It was discovered that the MIT-SHM extension of X.org did not correctly
validate the location of memory during an image copy. An authenticated
attacker could exploit this to read arbitrary memory locations within X,
exposing sensitive information. (CVE-2008-1379)
|
|
|
Posted by Benjamin D. Thomas
|
|
USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by introducing openssl-blacklist to aid in
detecting vulnerable private keys. This update enhances the
openssl-vulnkey tool to check Certificate Signing Requests, accept
input from STDIN, and check moduli without a certificate.
It was also discovered that additional moduli are vulnerable if
generated with OpenSSL 0.9.8g or higher. While it is believed that
there are few of these vulnerable moduli in use, this update
includes updated RSA-1024 and RSA-2048 blacklists. RSA-512
blacklists are also included in the new openssl-blacklist-extra
package.
|
|
|
Posted by Benjamin D. Thomas
|
|
USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by adding checks for vulnerable certificates
and keys to OpenVPN. A regression was introduced in OpenVPN when
using TLS with password protected certificates which caused OpenVPN
to not start when used with applications such as NetworkManager.
|
|
|
Posted by Benjamin D. Thomas
|
|
Alin Rad Pop of Secunia Research discovered that Evolution did not
properly validate timezone data when processing iCalendar attachments.
If a user disabled the ITip Formatter plugin and viewed a crafted
iCalendar attachment, an attacker could cause a denial of service or
possibly execute code with user privileges. Note that the ITip
Formatter plugin is enabled by default in Ubuntu. (CVE-2008-1108)
|
|
|
Posted by Benjamin D. Thomas
|
|
It was discovered that PowerPC kernels did not correctly handle reporting
certain system details. By requesting a specific set of information,
a local attacker could cause a system crash resulting in a denial
of service. (CVE-2007-6694)
|
|
|
Posted by Benjamin D. Thomas
|
|
USN-612-3 addressed a weakness in OpenSSL certificate and key
generation in OpenVPN by introducing openssl-blacklist to aid in
detecting vulnerable private keys. This update enhances the
openssl-vulnkey tool to check X.509 certificates as well, and
provides the corresponding update for Ubuntu 6.06. While the
OpenSSL in Ubuntu 6.06 was not vulnerable, openssl-blacklist is
now provided for Ubuntu 6.06 for checking certificates and keys
that may have been imported on these systems.
|
|
|
Posted by Benjamin D. Thomas
|
|
Multiple flaws were discovered in the connection handling of GnuTLS.
A remote attacker could exploit this to crash applications linked
against GnuTLS, or possibly execute arbitrary code with permissions of
the application's user.
|
|
|
<< Start < Prev 1 2 3 Next > End >>
|
| Results 8 - 14 of 324 |
