| |
Debian |
| |
Debian: New imagemagick packages fix
several vulnerabilities |
| |
19th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125816
|
| |
| |
Debian: New phpmyadmin packages fix regression |
| |
19th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125817
|
| |
| |
Debian: New gv packages fix arbitrary
code execution |
| |
20th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125838
|
| |
| |
Debian: New xine-lib packages fix execution
of arbitrary code |
| |
20th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125839
|
| |
| |
Debian: New flexbackup packages fix denial
of service |
| |
20th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125840
|
| |
| |
Debian: New linux-ftpd packages fix access
control bypass |
| |
20th, November, 2006
Updated package.
http://www.linuxsecurity.com/content/view/125841
|
| |
| |
Debian: New proftpd packages fix denial
of service |
| |
21st, November, 2006
It was discovered that the proftpd FTP daemon performs insufficient
validation of FTP command buffer size limits, which may lead to denial
of service. CVEID CVE-2006-5815 is addressed by this vulnerability.
http://www.linuxsecurity.com/content/view/125858
|
| |
| |
Gentoo |
| |
Gentoo: libpng Denial of Service |
| |
17th, November, 2006
A vulnerability in libpng may allow a remote attacker to crash
applications that handle untrusted images.
http://www.linuxsecurity.com/content/view/125808
|
| |
| |
Gentoo: WordPress Multiple vulnerabilities |
| |
17th, November, 2006
Flaws in WordPress allow a Denial of Service, the disclosure
of user metadata and the overwriting of restricted files.
http://www.linuxsecurity.com/content/view/125809
|
| |
| |
Gentoo: TikiWiki Multiple vulnerabilities |
| |
20th, November, 2006
TikiWiki allows for the disclosure of MySQL database authentication
credentials and for cross-site scripting attacks.
http://www.linuxsecurity.com/content/view/125834
|
| |
| |
Gentoo: Ruby Denial of Service vulnerability |
| |
20th, November, 2006
The Ruby cgi.rb CGI library is vulnerable to a Denial of Service
attack.
http://www.linuxsecurity.com/content/view/125835
|
| |
| |
Gentoo: Avahi "netlink" message vulnerability |
| |
20th, November, 2006
Avahi fails to verify the origin of netlink messages, which
could allow local users to spoof network changes.
http://www.linuxsecurity.com/content/view/125836
|
| |
| |
Gentoo: TORQUE Insecure temproary file
creation |
| |
20th, November, 2006
TORQUE creates temporary files in an insecure manner which could
lead to the execution of arbitrary code with elevated privileges.
http://www.linuxsecurity.com/content/view/125837
|
| |
| |
Gentoo: qmailAdmin Buffer overflow |
| |
21st, November, 2006
qmailAdmin is vulnerable to a buffer overflow that could lead
to the remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/125854
|
| |
| |
Gentoo: TORQUE Insecure temporary file
creation |
| |
21st, November, 2006
TORQUE creates temporary files in an insecure manner which could
lead to the execution of arbitrary code with elevated privileges.
http://www.linuxsecurity.com/content/view/125855
|
| |
| |
Gentoo: Texinfo Buffer overflow |
| |
21st, November, 2006
Texinfo is vulnerable to a buffer overflow that could lead to
the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/125856
|
| |
| |
Gentoo: fvwm fvwm-menu-directory fvwm
command injection |
| |
23rd, November, 2006
A flaw in fvwm-menu-directory may permit a local attacker to
execute arbitrary commands with the privileges of another user.
http://www.linuxsecurity.com/content/view/125886
|
| |
| |
Mandriva |
| |
Mandriva: Updated libpng packages fix
vulnerabilities |
| |
16th, November, 2006
Buffer overflow in the png_decompress_chunk function in pngrutil.c
in libpng before 1.2.12 allows context-dependent attackers to cause a
denial of service and possibly execute arbitrary code via unspecified
vectors related to "chunk error processing," possibly involving the "chunk_name".
http://www.linuxsecurity.com/content/view/125794
|
| |
| |
Mandriva: Updated syslinux packages to
fix embedded libpng vulnerabilities |
| |
16th, November, 2006
SYSLINUX is a boot loader for the Linux operating system which
operates off an MS-DOS/Windows FAT filesystem. It is built with a private
copy of libpng, and as such could be susceptible to some of the same vulnerabilities.
http://www.linuxsecurity.com/content/view/125795
|
| |
| |
Mandriva: Updated pxelinux packages to
fix embedded libpng vulnerabilities |
| |
16th, November, 2006
PXELINUX is a PXE bootloader. It is built with a private copy
of libpng, and as such could be susceptible to some of the same vulnerabilities.
http://www.linuxsecurity.com/content/view/125796
|
| |
| |
Mandriva: Updated doxygen packages to
fix embedded libpng vulnerabilities |
| |
16th, November, 2006
Doxygen is a documentation system for C, C++ and IDL. It is
built with a private copy of libpng, and as such could be susceptible
to some of the same vulnerabilities.
http://www.linuxsecurity.com/content/view/125803
|
| |
| |
Mandriva: Updated chromium packages to
fix embedded libpng vulnerabilities |
| |
16th, November, 2006
Chromium is an OpenGL-based shoot them up game with fine graphics.
It is built with a private copy of libpng, and as such could be susceptible
to some of the same vulnerabilities.
http://www.linuxsecurity.com/content/view/125804
|
| |
| |
Mandriva: Updated gv packages fix buffer
overflow vulnerability |
| |
17th, November, 2006
Stack-based buffer overflow in the ps_gettext function in ps.c
for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted
attackers to execute arbitrary code via a PostScript (PS) file with certain
headers that contain long comments, as demonstrated using the DocumentMedia
header.
http://www.linuxsecurity.com/content/view/125814
|
| |
| |
Mandriva: Updated xorg-x11/XFree86 packages
fix integer overflow vulnerabilities |
| |
18th, November, 2006
Local exploitation of an integer overflow vulnerability in the
'CIDAFM()' function in the X.Org and XFree86 X server could allow an attacker
to execute arbitrary code with privileges of the X server, typically root
(CVE-2006-3739).
http://www.linuxsecurity.com/content/view/125815
|
| |
| |
Mandriva: Updated avahi packages fix
netlink vulnerability |
| |
20th, November, 2006
Steve Grubb discovered that netlink messages were not being
checked for their sender identity. This could lead to local users manipulating
the Avahi service.
http://www.linuxsecurity.com/content/view/125842
|
| |
| |
Mandriva: Updated links packages fix
smb vulnerability |
| |
20th, November, 2006
The links web browser with smbclient installed allows remote
attackers to execute arbitrary code via shell metacharacters in an smb://
URI, as demonstrated by using PUT and GET statements.
http://www.linuxsecurity.com/content/view/125843
|
| |
| |
Mandriva: Updated proftpd packages fix
vulnerabilities |
| |
20th, November, 2006
As disclosed by an exploit (vd_proftpd.pm) and a related vendor
bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server
ProFTPD, up to and including version 1.3.0. The flaw is due to both a
potential bus error and a definitive buffer overflow in the code which
determines the FTP command buffer size limit. The vulnerability can be
exploited only if the "CommandBufferSize" directive is explicitly used
in the server configuration, which is not the case in the default configuration
of ProFTPD.
http://www.linuxsecurity.com/content/view/125848
|
| |
| |
Mandriva: Updated openldap packages fixes
Bind vulnerability |
| |
21st, November, 2006
An unspecified vulnerability in OpenLDAP allows remote attackers
to cause a denial of service (daemon crash) via a certain combination
of SASL Bind requests that triggers an assertion failure in libldap. Packages
have been patched to correct this issue. Packages for Corp4 were built
from the wrong src.rpm, breaking Heimdal Kerboros and possibly other support.
Updated packages are being provided to correct this issue.
http://www.linuxsecurity.com/content/view/125867
|
| |
| |
Mandriva: Updated apache-mod_auth_kerb
packages fixes DoS vulnerability |
| |
23rd, November, 2006
An off-by-one error in the der_get_oid function in mod_auth_kerb
5.0 allows remote attackers to cause a denial of service (crash) via a
crafted Kerberos message that triggers a heap-based buffer overflow in
the component array. Packages have been patched to correct this issue.
http://www.linuxsecurity.com/content/view/125887
|
| |
| |
SuSE |
| |
SuSE: Mozilla Firefox, Thunderbird, |
| |
16th, November, 2006
The following CVEIDs are addresed by this vulnerability: CVE-2006-5464
CVE-2006-5747 CVE-2006-5748 CVE-2006-5462 CVE-2006-5463
http://www.linuxsecurity.com/content/view/125790
|
| |
| |
SuSE: asterisk (SUSE-SA:2006:069) |
| |
16th, November, 2006
Two security problem have been found and fixed in the PBX software
Asterisk. CVE-2006-5444: Integer overflow in the get_input function in
the Skinny channel driver (chan_skinny.c) as used by Cisco SCCP phones,
allows remote attackers to potentially execute arbitrary code via a certain
dlen value that passes a signed integer comparison and leads to a heap-based
buffer overflow. CVE-2006-5445: A vulnerability in the SIP channel driver
(channels/chan_sip.c) in Asterisk on SUSE Linux 10.1 allows remote attackers
to cause a denial of service (resource consumption) via unspecified vectors
that result in the creation of "a real pvt structure" that uses more resources
than necessary.
http://www.linuxsecurity.com/content/view/125791
|
| |
| |
SuSE: powerdns denial of service |
| |
16th, November, 2006
Two security problems that have been found in PowerDNS are fixed
by this update: CVE-2006-4251: The PowerDNS Recursor can be made to crash
by sending malformed questions to it over TCP potentially executing code.
CVE-2006-4252: Zero second CNAME TTLs can make PowerDNS exhaust allocated
stack space and crash.
http://www.linuxsecurity.com/content/view/125792
|
| |
| |
Ubuntu |
| |
Ubuntu: libpng vulnerability |
| |
17th, November, 2006
Tavis Ormandy discovered that libpng did not correctly calculate
the size of sPLT structures when reading an image. By tricking a user
or an automated system into processing a specially crafted PNG file, an
attacker could exploit this weakness to crash the application using the
library.
http://www.linuxsecurity.com/content/view/125806
|
| |
| |
Ubuntu: OpenLDAP vulnerability |
| |
20th, November, 2006
Evgeny Legerov discovered that the OpenLDAP libraries did not
correctly truncate authcid names. This situation would trigger an assert
and abort the program using the libraries. A remote attacker could send
specially crafted bind requests that would lead to an LDAP server denial
of service.
http://www.linuxsecurity.com/content/view/125849
|
| |
| |
Ubuntu: Thunderbird vulnerabilities |
| |
21st, November, 2006
USN-352-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack which
the original fix did not cover. (CVE-2006-5462) Various flaws have been
reported that allow an attacker to execute arbitrary code with user privileges
by tricking the user into opening a malicious email containing JavaScript.
Please note that JavaScript is disabled by default for emails, and it
is not recommended to enable it. (CVE-2006-5463, CVE-2006-5464, CVE-2006-5747,
CVE-2006-5748)
http://www.linuxsecurity.com/content/view/125860
|
| |
| |
Ubuntu: Firefox vulnerabilities |
| |
21st, November, 2006
USN-351-1 fixed a flaw in the verification of PKCS certificate
signatures. Ulrich Kuehn discovered a variant of the original attack which
the original fix did not cover. (CVE-2006-5462) Various flaws have been
reported that allow an attacker to execute arbitrary code with user privileges
by tricking the user into opening a malicious web page containing JavaScript.
(CVE-2006-5463, CVE-2006-5464, CVE-2006-5747, CVE-2006-5748)
http://www.linuxsecurity.com/content/view/125861
|
| |
Only registered users can write comments.
Please login or register.
