|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters,
click here.
|
|
|
Foresight: perl
|
12 November 2007
|
|
|
Previous versions of the perl package contain weaknesses when evaluating
regular expressions.
If a system is serving a perl-based web application that evaluates
remote input as a regular expression, an attacker may be be able to
exploit these weaknesses to execute arbitrary, attacker-provided code on
the system, potentially elevating this to a remote, deterministic
unauthorized access vulnerability.
|
|
|
Foresight: ruby
|
12 November 2007
|
|
|
Previous versions of the ruby package include a library, Net::HTTPS, which
does not properly verify the CN (common name) field in ssl certificates,
making it easier to perform a man-in-the-middle attack.
It is believed that Foresight Linux does not include any programs which
rely on this feature of the Net::HTTPS library, and so is not affected by
default. |
|
|
Previous versions of the firefox package are vulnerable to several
types of attacks, some of which are understood to allow compromised
or malicious sites to run arbitrary code as the user running firefox. |
|
|
Previous versions of the initscripts package do not set sufficiently
restrictive permissions on the /var/log/btmp file, leading to an
information exposure issue in which users' passwords may be revealed to
unprivileged users in cases when the passwords have been inadvertently
entered as usernames at some login prompts. |
|
|
Previous versions of Sun's Java implementation are vulnerable to multiple
issues which allow attackers to break the security model of the Java
Virtual Machine and run arbitrary code as the user running Java (most often
a non-root user in a browser setting) via multiple vectors. |
|
|
Previous version of the qt package are vulnerable to a Denial
of Service attack in which a maliciously crafted Unicode string may
cause a heap-based buffer overflow in applications that use the Qt
libraries.
Note that while Foresight ships qt for compatibility with third-party
applications, Foresight Linux does not include any components which use qt,
so a default install is not exposed to this issue. |
|
|
Previous versions of the openssl package are vulnerable to a buffer
overflow, possibly enabling remote attackers to execute arbitrary code
through applications that use the openssl libraries. |
|
|
<< Start < Prev 1 2 3 Next > End >>
|
| Results 15 - 21 of 79 |
