Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.22 (Version 3.0, Release 22). This release includes many updated packages and bug fixes and some feature enhancements to the EnGarde Secure Linux Installer and the SELinux policy.

CVE-2009-4895 Kyle Bader reported an issue in the tty subsystem that allows local users to create a denial of service (NULL pointer dereference). [More...]

Two security issues have been discovered in Ghostscript, the GPL PostScript/PDF interpreter. The Common Vulnerabilities and Exposures project identifies the following problems: [More...]

A regression was found in the patch applied in DSA 1919-1 to smarty, which caused compilation failures on some specific templates. This update corrects the fix. For reference, the full advisory text below. [More...]

Dan Rosenberg discovered that in lxr-cvs, a code-indexing tool with a web frontend, not enough sanitation of user input is performed; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks. [More...]

SquirrelMail, a webmail application, does not employ a user-specific token for webforms. This allows a remote attacker to perform a Cross Site Request Forgery (CSRF) attack. The attacker may hijack the authentication of unspecified victims and send messages or change user preferences among other [More...]

Multiple vulnerabilities has been found and corrected in mysql: MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# [More...]

Multiple vulnerabilities has been found and corrected in cabextract: The MS-ZIP decompressor in cabextract before 1.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed MSZIP archive in a .cab file during a test or extract action, related [More...]

Multiple vulnerabilities has been found and corrected in apache: The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path (CVE-2010-1452). [More...]

A vulnerabilitiy has been found and corrected in apache: The mod_cache and mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path (CVE-2010-1452). [More...]

A vulnerability has been discovered and corrected in libmikmod: Multiple heap-based buffer overflows might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file (CVE-2009-3995). [More...]

A vulnerability has been discovered and corrected in libsndfile: The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service [More...]

A vulnerability has been discovered and corrected in freetype2: Multiple stack overflow flaws have been reported in the way FreeType font rendering engine processed certain CFF opcodes. An attacker could use these flaws to create a specially-crafted font file that, [More...]

A security vulnerability has been identified and fixed in pidgin: The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and [More...]

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. [More...]

Updated kvm packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

Updated qspice packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More...]

Updated kernel-rt packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise MRG 1.2. The Red Hat Security Response Team has rated this update as having [More...]

This SUSE Linux Enterprise 10 SP3 kernel was updated to fix various bugs and one security issue. CVE-2010-1087: The nfs_wait_on_request function in fs/nfs/pagelist.c in the Linux kernel allows attackers to cause a denial of service (Oops) [More...]

To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. List of vulnerabilities in this summary include: gpg2, krb5, kvirc, libpcsclite1/pcsc-lite, libpython2_6-1_0, libvorbis, libwebkit, squidGuard, strongswan.

Flash Player was updated to version 10.1.82.76 fixing several critical security issues: - CVE-2010-0209: CVSS v2 Base Score: 9.3: Code Injection (CWE-94) Details unknown. - CVE-2010-2188: CVSS v2 Base Score: 6.8: Buffer Errors (CWE-119) [More...]

Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memorymanager did not properly handle when applications grow stacks into adjacentmemory regions. A local attacker could exploit this to gain control ofcertain applications, potentially leading to privilege escalation, asdemonstrated in attacks against the X server. (CVE-2010-2240) [More...]

Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that theXpdf used in KOffice contained multiple security issues in its JBIG2decoder. If a user or automated system were tricked into opening a craftedPDF file, an attacker could cause a denial of service or execute arbitrarycode with privileges of the user invoking the program. (CVE-2009-0146, [More...]

It was discovered that FreeType did not correctly handle certain malformedfont files. If a user were tricked into using a specially crafted fontfile, a remote attacker could cause FreeType to crash or possibly executearbitrary code with user privileges. [More...]

It was discovered that the IcedTea plugin did not correctly check certainaccesses. If a user or automated system were tricked into running aspecially crafted Java applet, a remote attacker could read arbitraryfiles with user privileges, leading to a loss of privacy. (CVE-2010-2548,CVE-2010-2783) [More...]

A vulnerability has been fixed in GnuPG, which can be exploited by malicious people to potentially compromise a user's system.

Multiple vulnerabilities have been fixed in cabextract.

Multiple vulnerabilities have been fixed in Firefox.

A denial of service vulnerability has been fixed in Iputils.

A vulnerability has been fixed in Vte, which an allow malicious users to execute arbitrary code

Multiple vulnerabilities have been fixed in kernel

Multiple vulnerabilities have been fixed in Wireshark.

Multiple vulnerabilities have been fixed in FreeType.

A vulnerability was fixed in kvirc, which can be used by malicious people to execute arbitrary IRC commands via CTCP request.

Universal XSS vulnerability has been fixed in Rekonq.

A flaw has been fixed in Pidgin, which can allow remote attackers to cause denial of service via X-Status message.

Multiple vulnerabilities have been fixed in Qt.