pam_mount 0.10 through 0.45, when luserconf is enabled, does not verify
mountpoint and source ownership before mounting a user-defined volume,
which allows local users to bypass intended access restrictions via
a local mount.
The updated packages have been patched to fix the issue.
A race condition in OpenAFS 1.3.40 through 1.4.5 allowed remote
attackers to cause a denial of service (daemon crash) by simultaneously
acquiring and giving back file callbacks (CVE-2007-6559).
The updated packages have been patched to prevent this issue.
A number of security vulnerabilities have been discovered and
corrected in the latest Mozilla Thunderbird program, version 2.0.0.17
(CVE-2008-0016, CVE-2008-3835, CVE-2008-4058, CVE-2008-4059,
CVE-2008-4060, CVE-2008-4061, CVE-2008-4062, CVE-2008-4065,
CVE-2008-4066, CVE-2008-4067, CVE-2008-4068, CVE-2008-4070).
This update provides the latest Thunderbird to correct these issues.
Security vulnerabilities have been discovered and corrected in the
latest Mozilla Firefox program, version 2.0.0.17 (CVE-2008-0016,
CVE-2008-3835, CVE-2008-3836, CVE-2008-3837, CVE-2008-4058,
CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,
CVE-2008-4065, CVE-2008-4066, CVE-2008-4067, CVE-2008-4068,
CVE-2008-4069).
This update provides the latest Firefox to correct these issues.
Stefan Cornelius of Secunia Research reported a boundary error when
Blender processed RGBE images which could be used to execute arbitrary
code with the privileges of the user running Blender if a specially
crafted .hdr or .blend file were opened(CVE-2008-1102).
As well, multiple vulnerabilities involving insecure usage of temporary
files had also been reported (CVE-2008-1103).
The updated packages have been patched to prevent these issues.
A cross-site scripting (XSS) vulnerability was found in AWStats that
allowed remote attackers to inject arbitrary web script or HTML via
the query_string (CVE-2008-3714).
A few vulnerabilities and security-related issues have been fixed in
phpMyAdmin since the 2.11.7 release. This update provides version
2.11.9.2 which is the latest stable release of phpMyAdmin and fixes
CVE-2008-3197, CVE-2008-3456, CVE-2008-3457, and CVE-2008-4096.