|
Find the information you need for your favorite open source distribution
 To browse through our weekly Linux Advisory Watch newsletters,
click here.
|
|
|
Foresight: gd
|
06 September 2007
|
|
|
Previous versions of the gd package are vulnerable to multiple attacks in
which an attacker may cause unbounded CPU consumption or application
crashes (Denial of Service), possibly leading to the execution of malicious
code (Unauthorized Access). These attacks are generally limited to uses of
the gd library to load existing images rather than generate new images. |
|
|
Previous versions of the fetchmail package may crash when attempting
to deliver an internal warning or error message through an untrusted
or compromised SMTP server, leading to a possible Denial of Service. Previous versions of the fetchmail package may crash when attempting
to deliver an internal warning or error message through an untrusted
or compromised SMTP server, leading to a possible Denial of Service. |
|
|
Foresight: tar
|
27 August 2007
|
|
|
Previous versions of the tar package are vulnerable to an attack in
which unpacking an intentionally-malformed tar archive can overwrite
arbitrary files to which the user running tar has write access. If the
attacking user knows the name of a vulnerable binary file and overwrites
it, this allows the attacker to place arbitrary code on the system which
is likely to be run. If root is running tar, this includes any file on
the system, which would elevate this to an indirect non-deterministic
remote root unauthorized access vulnerability.
|
|
|
Previous versions of the rsync package contain multiple buffer-overflow
vulnerabilities, possibly allowing remote attackers to execute arbitrary
code using maliciously crafted directory names. |
|
|
Previous versions of the xterm package assigned incorrect ownership and
write permissions to pseudo-terminal devices, permitting local users to
direct output to other users' xterm sessions. |
|
|
|
<< Start < Prev 4 5 6 Next > End >>
|
| Results 28 - 36 of 79 |
