In each issue you can find information concerning typical use of Linux: safety,
databases, multimedia, scientific tools, entertainment, programming, e-mail,
news and desktop environments.
| |
EnGarde Secure Community 3.0.22 Now Available! (Dec 9) |
| |
Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy. http://www.linuxsecurity.com/content/view/145668
|
|
|
| |
Debian: libthai arbitrary code execution (Jan 14) |
| |
http://www.linuxsecurity.com/content/view/151396
|
| |
Debian: openssl denial of service (Jan 13) |
| |
http://www.linuxsecurity.com/content/view/151378
|
| |
Debian: krb5 denial of service (Jan 12) |
| |
http://www.linuxsecurity.com/content/view/151366
|
| |
Debian: pdns-recursor potential code execution (Jan 8) |
| |
http://www.linuxsecurity.com/content/view/151326
|
| |
Debian: transmission directory traversal (Jan 7) |
| |
http://www.linuxsecurity.com/content/view/151317
|
|
|
| |
Gentoo: Ruby Terminal Control Character Injection (Jan 13) |
| |
=3D=3D=3D=3D=3D=3D=3D=3D An input sanitation flaw in the WEBrick HTTP server included in Ruby might allow remote attackers to inject arbitrary control characters into terminal sessions. http://www.linuxsecurity.com/content/view/151389
|
| |
Gentoo: SquirrelMail Multiple vulnerabilities (Jan 13) |
| |
Multiple vulnerabilities were found in SquirrelMail of which the worst results in remote code execution. http://www.linuxsecurity.com/content/view/151386
|
| |
Gentoo: Blender Untrusted search path (Jan 13) |
| |
An untrusted search path vulnerability in Blender might result in the execution of arbitrary code. http://www.linuxsecurity.com/content/view/151385
|
| |
Gentoo: aria2 Multiple vulnerabilities (Jan 13) |
| |
A buffer overflow and a format string vulnerability in aria2 allow remote attackers to execute arbitrary code. http://www.linuxsecurity.com/content/view/151384
|
| |
Gentoo: net-snmp Authorization bypass (Jan 13) |
| |
A remote attacker can bypass the tcp-wrappers client authorization in net-snmp. http://www.linuxsecurity.com/content/view/151383
|
| |
Gentoo: VirtualBox Multiple vulnerabilities (Jan 13) |
| |
Multiple vulnerabilities in VirtualBox were found, the worst of which allowing for privilege escalation. http://www.linuxsecurity.com/content/view/151382
|
|
|
| |
Mandriva: php (Jan 15) |
| |
Multiple vulnerabilities has been found and corrected in php: The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465 (CVE-2007-5898). The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable (CVE-2009-2626). The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character (CVE-2009-4142). The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/151408
|
| |
Mandriva: virt-manager (Jan 15) |
| |
This is a minor bugfix release for virt-manager: Because of default configuration that may leads to misunderstanding, README.urpmi has been added in virt-manager package so that relocation server option is clear. It explains also how modify this default option. The packages provided with this update addresses this problem. http://www.linuxsecurity.com/content/view/151405
|
| |
Mandriva: logcheck (Jan 14) |
| |
This is a minor bugfix release for logcheck: - wrong permission on configuration file - rebuilt package with correct version of docbook-to-man to fix man pages build The packages provided with this update addresses this problem. http://www.linuxsecurity.com/content/view/151401
|
| |
Mandriva: net-snmp (Jan 14) |
| |
This is a minor bugfix release for net-snmp: The /etc/snmp/snmp.local.conf file contains a line that enable quickprinting features that breaks the output from snmpget for the nagios plugins using it. The packages provided with this update addresses this problem. http://www.linuxsecurity.com/content/view/151400
|
| |
Mandriva: openssh (Jan 14) |
| |
This is a minor bugfix release for openssh: The openssl and makedev packages is needed at install time from cdrom medias in %post for the openssh-server sub package in order to be able to generate the ssh keys files (fixes #55951) The packages provided with this update addresses this problem. http://www.linuxsecurity.com/content/view/151399
|
| |
Mandriva: openvpn (Jan 14) |
| |
A new script has been added in documentation. It can be used to manage nameservers when /etc/resolv.conf is handled by resolvconf. http://www.linuxsecurity.com/content/view/151397
|
| |
Mandriva: krb5 (Jan 13) |
| |
A vulnerability has been found and corrected in krb5: Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid (CVE-2009-4212). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. http://www.linuxsecurity.com/content/view/151388
|
| |
Mandriva: krb5 (Jan 13) |
| |
Multiple vulnerabilities has been found and corrected in krb5: The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer (CVE-2009-0846). The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, related to incorrect calculations with pointer arithmetic (CVE-2009-0847). The updated packages have been patched to correct these issues. http://www.linuxsecurity.com/content/view/151387
|
| |
Mandriva: kdelibs4 (Jan 13) |
| |
- In Mandriva 2009 Spring, plasma crashes when moving a plasmoid from the taskbar to the desktop. This Update fixes this issue. - In mandriva 2009 Spring, we used a specific kde certificate file. This update allows KDE to use rootcert certificate bundle. http://www.linuxsecurity.com/content/view/151381
|
| |
Mandriva: bash (Jan 13) |
| |
A vulnerability have been discovered in Mandriva bash package, which could allow a malicious user to hide files from the ls command, or garble its output by crafting files or directories which contain special characters or escape sequences (CVE-2010-0002). This update fixes the issue by disabling the display of control characters by default. Additionally, this update fixes the unsafe file creation in bash-doc sample scripts (CVE-2008-5374). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. http://www.linuxsecurity.com/content/view/151377
|
| |
Mandriva: kde4-style-iaora (Jan 12) |
| |
The last iaora update introduced a litlle regression in some IaOra color schemes, like Iaora-Gray, this new package is correcting this. Also in iaora, the application's name in the titlebar wasn't correctly centered. http://www.linuxsecurity.com/content/view/151365
|
| |
Mandriva: python-gobject (Jan 12) |
| |
A programming error in the Python bindings for GObject would make programs like eliza and Moodvida take up all CPU resources for unnecessary operations while running. This update fixes the problem. http://www.linuxsecurity.com/content/view/151364
|
| |
Mandriva: meta-task (Jan 12) |
| |
This updates the specific rpmsrate and compsUser.pl files for MES5. http://www.linuxsecurity.com/content/view/151363
|
| |
Mandriva: drakx-installer-stage2 (Jan 12) |
| |
The default pam.d/system-auth file contains references to the pam_ccreds.so library.When I added pam_ldap.so to my system-auth file, pam bombed out because it could not find pam_ccreds.so This update addresses that issue. http://www.linuxsecurity.com/content/view/151362
|
| |
Mandriva: sendmail (Jan 12) |
| |
A security vulnerability has been identified and fixed in sendmail: sendmail before 8.14.4 does not properly handle a '\0' (NUL) character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a legitimate Certification Authority, and (2) allows remote attackers to bypass intended access restrictions via a crafted client certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-4565). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides a fix for this vulnerability. http://www.linuxsecurity.com/content/view/151361
|
| |
Mandriva: polkit-gnome (Jan 11) |
| |
Programs like hplip that use polkit to authorize privileged operations fail in desktop environments that don't start their own polkit-agent. This update starts the polkit-agent for GNOME in all desktop environments. http://www.linuxsecurity.com/content/view/151358
|
| |
Mandriva: fetchmail (Jan 11) |
| |
A regression was discovered in fetchmail 6.3.12 The multiline SMTP error fix in release 6.3.12 caused fetchmail to lose message codes 400..599 and treat all of these as temporary error. This would cause messages to be left on the server even if softbounce was turned off. Reported by Thomas Jarosch. This update provides fetchmail 6.3.13, which addresses this problem. http://www.linuxsecurity.com/content/view/151350
|
| |
Mandriva: pidgin (Jan 11) |
| |
A security vulnerability has been identified and fixed in pidgin: Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). This update provides pidgin 2.6.5, which is not vulnerable to this issue. http://www.linuxsecurity.com/content/view/151349
|
| |
Mandriva: pidgin (Jan 11) |
| |
Security vulnerabilities has been identified and fixed in pidgin: The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ and possibly (2) AIM, as demonstrated by the SIM IM client (CVE-2009-3615). Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon (CVE-2010-0013). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.5, which is not vulnerable to these issues. http://www.linuxsecurity.com/content/view/151348
|
| |
Mandriva: consolekit (Jan 11) |
| |
A incorrect initialisation in consolekit daemon could prevent automount of removable media under GNOME or KDE environment. This package update fixes this issue (it requires restarting the system to take effect). http://www.linuxsecurity.com/content/view/151347
|
| |
Mandriva: squid (Jan 11) |
| |
A vulnerability was discovered and corrected in squid: The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function (CVE-2009-2855). This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. http://www.linuxsecurity.com/content/view/151346
|
| |
Mandriva: firefox (Jan 11) |
| |
It was dicovered that the kde4ff theme for firefox 3.5 (firefox-theme-kde4ff) did not work, to address this problem the kfirefox theme (firefox-theme-kfirefox) is provided as a drop in replacement. It was discovered that the beagle extension for firefox (firefox-ext-beagle) had the wrong release number which prevented it from being upgraded. This advisory addresses these problems. http://www.linuxsecurity.com/content/view/151345
|
| |
Mandriva: squidGuard (Jan 11) |
| |
Multiple vulnerabilities has been found and corrected in squidGuard: Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote attackers to cause a denial of service (application hang or loss of blocking functionality) via a long URL with many / (slash) characters, related to emergency mode. (CVE-2009-3700). Multiple buffer overflows in squidGuard 1.4 allow remote attackers to bypass intended URL blocking via a long URL, related to (1) the relationship between a certain buffer size in squidGuard and a certain buffer size in Squid and (2) a redirect URL that contains information about the originally requested URL (CVE-2009-3826). squidGuard was upgraded to 1.2.1 for MNF2/CS3/CS4 with additional upstream security and bug fixes patches applied. This update fixes these vulnerabilities.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. http://www.linuxsecurity.com/content/view/151344
|
| |
Mandriva: freeradius (Jan 11) |
| |
A vulnerability has been found and corrected in freeradius: The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes. NOTE: this is a regression error related to CVE-2003-0967 (CVE-2009-3111). This update provides a solution to this vulnerability.
Update:
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. http://www.linuxsecurity.com/content/view/151343
|
| |
Mandriva: firefox (Jan 10) |
| |
Security issues were identified and fixed in firefox 3.5.x: The nsObserverList::FillObserverArray function in xpcom/ds/nsObserverList.cpp in Mozilla Firefox before 3.5.7 allows remote attackers to cause a denial of service (application crash) via a crafted web site that triggers memory consumption and an accompanying Low Memory alert dialog, and also triggers attempted removal of an observer from an empty observers array (CVE-2010-0220). Additionally, some packages which require so, have been rebuilt and are being provided as updates. http://www.linuxsecurity.com/content/view/151341
|
| |
Mandriva: firefox (Jan 10) |
| |
A regression was discovered with 3.0.16 when using NTLM authentication. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. Additionally, some packages which require so, have been rebuilt and are being provided as updates. http://www.linuxsecurity.com/content/view/151340
|
| |
Mandriva: spamassassin (Jan 10) |
| |
A bug was discovered in the FH_DATE_PAST_20XX rules that affects vanilla spamassassin 3.2 installations after the first of January 2010 (aka. the y2k10 rule bug). This update fixes this issue. http://www.linuxsecurity.com/content/view/151339
|
| |
Mandriva: expat (Jan 9) |
| |
A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720 (CVE-2009-3560). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
Update:
The previous (MDVSA-2009:316-2) updates provided packages for 2008.0/2009.0/2009.1/2010.0/mes5 that did not have an increased release number which prevented the packages from hitting the mirrors. http://www.linuxsecurity.com/content/view/151338
|
| |
Mandriva: expat (Jan 8) |
| |
A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720 (CVE-2009-3560). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
Update:
SUSE discovered a regression with the previous patch fixing CVE-2009-3560. This regression is now being addressed with this update. http://www.linuxsecurity.com/content/view/151329
|
| |
Mandriva: kdebase4 (Jan 8) |
| |
In kde4.3 this is not possible to execute a bash script when double clicking on it. This update fixes this issue. http://www.linuxsecurity.com/content/view/151327
|
| |
Mandriva: kdepim4 (Jan 8) |
| |
In mandriva 2010.0, there was a layout pb in the Kontact Planner plugin. In Korganizer, in the TODO Mode, the first line of text wasn't viewable in non rich text mode. This update fixes these issues. http://www.linuxsecurity.com/content/view/151328
|
| |
Mandriva: expat (Jan 8) |
| |
A vulnerability has been found and corrected in expat: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720 (CVE-2009-3560). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities.
Update:
This vulnerability was discovered in the bundled expat code in various softwares besides expat itself. As a precaution the affected softwares has preemptively been patched to prevent presumptive future exploitations of this issue. http://www.linuxsecurity.com/content/view/151324
|
| |
Mandriva: apache-conf (Jan 7) |
| |
This is a maintenance and bugfix release of apache-conf that mainly fixes so that the httpd service is handled more gracefully when reloading the apache server (#56857). Other fixes (where appliable): - fix #53887 (obsolete favicon.ico file in Apache default www pages) - workaround #47992 (apache does not start occasionally) - added logic to make it possible to set limits from the init script in an attempt to address #30849 and similar problems - added logic to easy debugging with gdb in the initscript Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. http://www.linuxsecurity.com/content/view/151313
|
|
|
| |
RedHat: pidgin (Jan 14) |
| |
Updated pidgin packages that fix a security issue are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/151390
|
| |
RedHat: php (Jan 13) |
| |
Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/151380
|
| |
RedHat: gcc and gcc4 (Jan 13) |
| |
Updated gcc and gcc4 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/151379
|
| |
RedHat: acroread (Jan 13) |
| |
Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/151376
|
| |
RedHat: acroread security and bug fix update (Jan 13) |
| |
Updated acroread packages that fix multiple security issues and three bugs are now available for Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/151375
|
| |
RedHat: krb5 (Jan 12) |
| |
Updated krb5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise Linux 4.7, 5.2, and 5.3 Extended Update Support. This update has been rated as having critical security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/151367
|
| |
RedHat: kernel (Jan 7) |
| |
Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/151320
|
| |
RedHat: kernel (Jan 7) |
| |
Updated kernel packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/151319
|
| |
RedHat: dbus (Jan 7) |
| |
Updated dbus packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. http://www.linuxsecurity.com/content/view/151318
|
|
|
| |
SuSE: Linux kernel (Jan 14) |
| |
http://www.linuxsecurity.com/content/view/151398
|
| |
SuSE: IBM Java 6 security update (Jan 12) |
| |
http://www.linuxsecurity.com/content/view/151360
|
| |
SuSE: IBM Java 1.4.2 (Jan 12) |
| |
http://www.linuxsecurity.com/content/view/151359
|
| |
SuSE: IBM Java 5 (Jan 11) |
| |
http://www.linuxsecurity.com/content/view/151351
|
| |
SuSE: Linux kernel (Jan 7) |
| |
http://www.linuxsecurity.com/content/view/151315
|
|
|
| |
Ubuntu: PHP vulnerabilities (Jan 12) |
| |
Maksymilian Arciemowicz discovered that PHP did not properly handle the ini_restore function. An attacker could exploit this issue to obtain random memory contents or to cause the PHP server to crash, resulting in a denial of service. (CVE-2009-2626) It was discovered that the htmlspecialchars function did not properly handle certain character sequences, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. (CVE-2009-4142) Stefan Esser discovered that PHP did not properly handle session data. An attacker could exploit this issue to bypass safe_mode or open_basedir restrictions. (CVE-2009-4143) http://www.linuxsecurity.com/content/view/151369
|
| |
Ubuntu: network-manager-applet vulnerabilities (Jan 12) |
| |
It was discovered that NetworkManager did not ensure that the Certification Authority (CA) certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. (CVE-2009-4144) It was discovered that the connection editor GUI would incorrectly export objects over D-Bus. A local user could read D-Bus signals to view other users' network connection passwords and pre-shared keys. (CVE-2009-4145) http://www.linuxsecurity.com/content/view/151368
|
| |
Ubuntu: GIMP vulnerabilities (Jan 7) |
| |
Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user's privileges. (CVE-2009-1570) Stefan Cornelius discovered that GIMP did not correctly handle certain malformed PSD files. If a user were tricked into opening a specially crafted PSD file, an attacker could execute arbitrary code with the user's privileges. This issue only applied to Ubuntu 8.10, 9.04 and 9.10. (CVE-2009-3909) http://www.linuxsecurity.com/content/view/151314
|
|
|
| |
Pardus: 4suite: Denial of Service (Jan 9) |
| |
A vulnerability was found in 4suite, which can be exploited by malicious people to cause Denial of Service via crafted XML document. http://www.linuxsecurity.com/content/view/151332
|
| |
Pardus: Torcs: Denial of Service (Jan 9) |
| |
A vulnerability was found in Torcs, which can be exploited by malicious people to cause Denial of Service via crafted XML document. http://www.linuxsecurity.com/content/view/151333
|
| |
Pardus: Simgear: Denial of Service (Jan 9) |
| |
A vulnerability was found in Simgear, which can be exploited by malicious people to cause Denial of Service via crafted XML document. http://www.linuxsecurity.com/content/view/151334
|
| |
Pardus: libwww: Denial of Service (Jan 9) |
| |
A vulnerability was found in libwww, which can be exploited by malicious people to cause Denial of Service via crafted XML document. http://www.linuxsecurity.com/content/view/151335
|
| |
Pardus: Dstat: Privilege Escalation (Jan 9) |
| |
A security issue has been reported in Dstat, which can be exploited by malicious, local users to gain escalated privileges http://www.linuxsecurity.com/content/view/151336
|
| |
Pardus: Poppler-bindings: Integer Overflows (Jan 9) |
| |
Multiple integer overflows have been found in Poppler bindings, which can be exploited by malicious people to compromise the system. http://www.linuxsecurity.com/content/view/151337
|
Only registered users can write comments.
Please login or register.
