Linux Advisory Watch: February 3rd 2006
Source: LinuxSecurity.com Contributors - Posted by Benjamin D. Thomas   
Linux Advisory Watch Due to several changes in our advisory archiving scripts, Linux Advisory Watch did not go out last week. This has caused an unusually high number of advisories. The purpose of this week's newsletter is to 'catch up' and ensure that every advisory has been published. We apologize for any inconvenience.

Advisories were released for petris, unzip, tetex-bin, koffice, fetchmail, gpdf, tuxpaint, albatross, mantis, antiword, smstools, sudo, ClamAV, kdelibs, crawl, CUPS, trac, libapache-auth-ldap, flyspray, wine, mailman, lsh-utils, ImageMagick, drupal, hylafax, libextractor, unalz, limbmail-audit-perl, pdftohtml, mod_auth_pgsql, poppler, tetex, kdegraphics, ethereal, httpd, openssh, mozilla, firefox, Gallery, LibAST, Paros, MyDNS, xorg-x11, UUlib, SSLeay, mdkonline, gthumb, libgphoto, net-snmp, apache2, thunderbird, bzip2, gzip, libast, gd, and phpMyAdmin. The distributors include Debian, Fedora, Gentoo, Mandriva, Red Hat, and SuSE.


Earn an NSA recognized IA Masters Online

The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/linsec


A Linux Security Look To The Future
By: Pax Dickinson

It's much the same story as last year, Windows worms and viruses continually propagate, crossbreed, and multiply while Linux remains above the fray. Sober and the other "newsmaking" viruses all infect and attack Windows while all Linux admins get out of it are a few hits to our Snort rulesets. Yes, there are worms attacking Linux, and Linux, like any other system, is certainly not immune. Linux is, however, more resistant.

One reason is made clear when the internet is compared to a biosphere. Linux is a mutt. Every Linux distribution does things slightly differently, Linux runs on very varied hardware, many Linux users compile their own software. Things just aren't as standardized in the Linux world, which is viewed as a flaw by many pundits, though it has many benefits when it comes to security. A Linux security flaw may only affect a certain distribution or application, and most distributions and applications lack the massive marketshare to provide enough sustenance for a worm to really get going. Meanwhile, the applications that do possess large marketshare, such as Apache, tend to be generally secure due to their source code availability.

Windows, on the other hand, lacks this genetic diversity. One copy of Windows XP is exactly like the next, and the source is closed so previously unknown flaws are discovered all the time. Yes, Windows does have a greater marketshare making it a bigger target, but I'd wager that if the marketshares of Windows and Linux were even Windows would still have more vulnerabilities. In nature, populations that lack genetic diversity run the risk of being decimated by a virulent disease, and the internet is no different. There's a reason we use biological metaphors like "worm" and "virus" to describe malware. Linux also benefits by tending to not be a primary target for malware authors because they have such a juicy target in Windows. Of course, keeping systems patched has been and will remain key, luckily most Linux distributions available today tend to be very polished in this area, with tools such as apt-get, yum, and portage providing easy application and system upgrades.

So much for the good. Looking to the future, things go from bad to beyond ugly. We Linux users should realize how good we have it right now and recognize that the current security situation will not remain so benevolent for us. In an environment of dumb worms and viruses targeted at the least common denominator, Linux is well prepared to hold fast and remain generally secure. However, sinister trends are developing now that may end this state of complacency and need to be addressed.

Crime related to spam, spyware, and other online illegalities is said by some experts to have recently passed international drug trafficking in dollars earned, and malicious hacking that used to be performed for fun is now a big business. Websites once hacked only so the culprit could deface them and show off are now penetrated in order to steal customer data and engage in identity theft. Botnets of more than a million compromised hosts are not unknown, used to send spam, host child pornography, and perform distributed DoS attacks. An underground market for botnets has made the creation of viruses and trojans into a thriving business opportunity for the unscrupulous.

Read Entire Article:
http://www.linuxsecurity.com/content/view/121230/49/


LinuxSecurity.com Feature Extras:

EnGarde Secure Community 3.0.3 Released - Guardian Digital is happy to announce the release of EnGarde Secure Community 3.0.3 (Version 3.0, Release 3). This release includes several bug fixes and feature enhancements to the Guardian Digital WebTool, the SELinux policy, and the LiveCD environment.

Linux File & Directory Permissions Mistakes - One common mistake Linux administrators make is having file and directory permissions that are far too liberal and allow access beyond that which is needed for proper system operations. A full explanation of unix file permissions is beyond the scope of this article, so I'll assume you are familiar with the usage of such tools as chmod, chown, and chgrp. If you'd like a refresher, one is available right here on linuxsecurity.com.

Introduction: Buffer Overflow Vulnerabilities - Buffer overflows are a leading type of security vulnerability. This paper explains what a buffer overflow is, how it can be exploited, and what countermeasures can be taken to prevent the use of buffer overflow vulnerabilities.

Take advantage of our Linux Security discussion list! This mailing list is for general security-related questions and comments. To subscribe send an e-mail to security-discuss-request@linuxsecurity.com with "subscribe" as the subject.

Thank you for reading the LinuxSecurity.com weekly security newsletter. The purpose of this document is to provide our readers with a quick summary of each week's most relevant Linux security headline.


   Debian
  Debian: New petris packages fix buffer overflow
  27th, January, 2006

Steve Kemp from the Debian Security Audit project discovered a buffer overflow in petris, a clone of the Tetris game, which may be exploited to execute arbitary code with group games privileges.

http://www.linuxsecurity.com/content/view/121285
 
  Debian: New unzip packages fix unauthorised permissions modification
  27th, January, 2006

The unzip update in DSA 903 contained a regression so that symbolic links that are resolved later in a zip archive aren't supported anymore. This update corrects this behaviour.

http://www.linuxsecurity.com/content/view/121286
 
  Debian: New tetex-bin packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in tetex-bin, the binary files of teTeX, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121287
 
  Debian: New koffice packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in koffice, the KDE Office Suite, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121288
 
  Debian: New fetchmail packages fix denial of service
  27th, January, 2006

Daniel Drake discovered a problem in fetchmail, an SSL enabled POP3, APOP, IMAP mail gatherer/forwarder, that can cause a crash when the program is running in multidrop mode and receives messages without headers.

http://www.linuxsecurity.com/content/view/121289
 
  Debian: New gpdf packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in gpdf, the GNOME version of the Portable Document Format viewer, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121290
 
  Debian: New tuxpaint packages fix insecure temporary file creation
  27th, January, 2006

Javier Fern�ndez-Sanguino Pe�a from the Debian Security Audit project discovered that a script in tuxpaint, a paint program for young children, creates a temporary file in an insecure fashion.

http://www.linuxsecurity.com/content/view/121291
 
  Debian: New albatross packages fix arbitrary code execution
  27th, January, 2006

A design error has been discovered in the Albatross web application toolkit that causes user supplied data to be used as part of template execution and hence arbitrary code execution.

http://www.linuxsecurity.com/content/view/121292
 
  Debian: New Perl packages fix arbitrary code execution
  27th, January, 2006

Jack Louis discovered an integer overflow in Perl, Larry Wall's Practical Extraction and Report Language, that allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via specially crafted content that is passed to vulnerable format strings of third party software.

http://www.linuxsecurity.com/content/view/121293
 
  Debian: New mantis packages fix several vulnerabilities
  27th, January, 2006

Several security related problems have been discovered in Mantis, a web-based bug tracking system. The Common Vulnerabilities and Exposures project identifies the following problems:

http://www.linuxsecurity.com/content/view/121294
 
  Debian: New antiword packages fix insecure temporary file creation
  27th, January, 2006

Javier Fern�ndez-Sanguino Pe�a from the Debian Security Audit project discovered that two scripts in antiword, utilities to convert Word files to text and Postscript, create a temporary file in an insecure fashion.

http://www.linuxsecurity.com/content/view/121295
 
  Debian: New smstools packages fix format string vulnerability
  27th, January, 2006

Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitary code with root privileges.

http://www.linuxsecurity.com/content/view/121296
 
  Debian: New sudo packages fix privilege escalation
  27th, January, 2006

It has been discovered that sudo, a privileged program, that provides limited super user privileges to specific users, passes several environment variables to the program that runs with elevated privileges. In the case of include paths (e.g. for Perl, Python, Ruby or other scripting languages) this can cause arbitrary code to be executed as privileged user if the attacker points to a manipulated version of a system library.

http://www.linuxsecurity.com/content/view/121297
 
  Debian: New ClamAV packages fix heap overflow
  27th, January, 2006

A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected.

http://www.linuxsecurity.com/content/view/121298
 
  Debian: New kdelibs packages fix buffer overflow
  27th, January, 2006

Maksim Orlovich discovered that the kjs Javascript interpreter, used in the Konqueror web browser and in other parts of KDE, performs insufficient bounds checking when parsing UTF-8 encoded Uniform Resource Identifiers, which may lead to a heap based buffer overflow and the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121299
 
  Debian: New crawl packages fix potential group games execution
  27th, January, 2006

Steve Kemp from the Debian Security Audit project discovered a security related problem in crawl, another console based dungeon exploration game in the vein of nethack and rogue. The program executes commands insecurely when saving or loading games which can allow local attackers to gain group games privileges.

http://www.linuxsecurity.com/content/view/121300
 
  Debian: New CUPS packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf which are also present in CUPS, the Common UNIX Printing System, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121301
 
  Debian: New trac packages fix SQL injection and cross-site scripting
  27th, January, 2006

Several vulnerabilies have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifie the following problems:

http://www.linuxsecurity.com/content/view/121302
 
  Debian: New libapache-auth-ldap packages fix arbitrary code execution
  27th, January, 2006

"Seregorn" discovered a format string vulnerability in the logging function of libapache-auth-ldap, an LDAP authentication module for the Apache webserver, that can lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121303
 
  Debian: New flyspray packages fix cross-site scripting
  27th, January, 2006

Several cross-site scripting vulnerabilities have been discovered in flyspray, a lightweight bug tracking system, which allows attackers to insert arbitary script code into the index page.

http://www.linuxsecurity.com/content/view/121304
 
  Debian: New wine packages fix arbitrary code execution
  27th, January, 2006

H D Moore that discovered that Wine, a free implemention of the Microsoft Windows APIs, inherits a design flaw from the Windows GDI API, which may lead to the execution of code through GDI escape functions in WMF files.

http://www.linuxsecurity.com/content/view/121305
 
  Debian: New clamav packages fix heap overflow
  27th, January, 2006

A heap overflow has been discovered in ClamAV, a virus scanner, which could allow an attacker to execute arbitrary code by sending a carefully crafted UPX-encoded executable to a system runnig ClamAV. In addition, other potential overflows have been corrected.

http://www.linuxsecurity.com/content/view/121306
 
  Debian: New xpdf packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121307
 
  Debian: New mailman packages fix denial of service
  27th, January, 2006

Two denial of service bugs were found in the mailman list server. In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash. In another, a message containing a bad date string could cause a server crash.

http://www.linuxsecurity.com/content/view/121308
 
  Debian: New lsh-utils packages fix local vulnerabilities
  27th, January, 2006

Stefan Pfetzing discovered that lshd, a Secure Shell v2 (SSH2) protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and with some more effort, maybe also crack session keys.

http://www.linuxsecurity.com/content/view/121309
 
  Debian: New ImageMagick packages fix arbitrary command execution
  27th, January, 2006

Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird.

http://www.linuxsecurity.com/content/view/121310
 
  Debian: New drupal packages fix several vulnerabilities
  27th, January, 2006

Several security related problems have been discovered in drupal, a fully-featured content management/discussion engine. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities:

http://www.linuxsecurity.com/content/view/121311
 
  Debian: New kpdf packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, that can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code. The same code is present in kpdf which is part of the kdegraphics package.

http://www.linuxsecurity.com/content/view/121312
 
  Debian: New hylafax packages fix arbitrary command execution
  27th, January, 2006

Patrice Fournier found that hylafax passes unsanitized user data in the notify script, allowing users with the ability to submit jobs to run arbitrary commands with the privileges of the hylafax server.

http://www.linuxsecurity.com/content/view/121313
 
  Debian: New pound packages fix multiple vulnerabilities
  27th, January, 2006

Two vulnerabilities have been discovered in Pound, a reverse proxy and load balancer for HTTP. The Common Vulnerabilities and Exposures project identifies the following problems:

http://www.linuxsecurity.com/content/view/121314
 
  Debian: New smstools packages fix format string vulnerability
  27th, January, 2006

Ulf Harnhammar from the Debian Security Audit project discovered a format string attack in the logging code of smstools, which may be exploited to execute arbitary code with root privileges.

http://www.linuxsecurity.com/content/view/121315
 
  Debian: New libapache2-mod-auth-pgsql packages fix arbitrary code execution
  27th, January, 2006

iDEFENSE reports that a format string vulnerability in mod_auth_pgsql, a library used to authenticate web users against a PostgreSQL database, could be used to execute arbitrary code with the privileges of the httpd user.

http://www.linuxsecurity.com/content/view/121316
 
  Debian: New libextractor packages fix arbitrary code execution
  27th, January, 2006

"infamous41md" and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the application or possibly to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121317
 
  Debian: New trac packages fix SQL injection and cross-site scripting
  30th, January, 2006

This update corrects the search feature in trac, an enhanced wiki and issue tracking system for software development projects, which broke with the last security update.

http://www.linuxsecurity.com/content/view/121444
 
  Debian: New unalz packages fix arbitrary code execution
  30th, January, 2006

Ulf H�rnhammer from the Debian Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive.

http://www.linuxsecurity.com/content/view/121446
 
  Debian: New ImageMagick packages fix arbitrary command execution
  31st, January, 2006

Florian Weimer discovered that delegate code in ImageMagick is vulnerable to shell command injection using specially crafted file names. This allows attackers to encode commands inside of graphic commands. With some user interaction, this is exploitable through Gnus and Thunderbird. This update filters out the '$' character as well, which was forgotton in the former update.

http://www.linuxsecurity.com/content/view/121451
 
  Debian: New libmail-audit-perl packages fix insecure temporary file use
  31st, January, 2006

Niko Tyni discovered that the Mail::Audit module, a Perl library for creating simple mail filters, logs to a temporary file with a predictable filename in an insecure fashion when logging is turned on, which is not the case by default.

http://www.linuxsecurity.com/content/view/121452
 
  Debian: New libmail-audit-perl packages fix insecure temporary file use
  31st, January, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121461
 
  Debian: New pdfkit.framework packages fix arbitrary code execution
  1st, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121462
 
  Debian: New pdftohtml packages fix arbitrary code execution
  1st, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121463
 
  Debian: New mydns packages fix denial of service
  2nd, February, 2006

Updated package.

http://www.linuxsecurity.com/content/view/121475
 
   Fedora
  Fedora Core 4 Update: cups-1.1.23-15.3
  27th, January, 2006

This update fixes the pdftops filter's handling of some incorrectly-formed PDF files. Issues fixed are CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627.

http://www.linuxsecurity.com/content/view/121373
 
  Fedora Core 3 Update: cups-1.1.22-0.rc1.8.9
  27th, January, 2006

This update fixes the pdftops filter's handling of some incorrectly-formed PDF files. Issues fixed are CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627.

http://www.linuxsecurity.com/content/view/121374
 
  Fedora Core 4 Update: kernel-2.6.14-1.1656_FC4
  27th, January, 2006

This update fixes several low-priority security problems that were discovered during the development of 2.6.15, and backported. Notably, CVE-2005-4605.

http://www.linuxsecurity.com/content/view/121377
 
  Fedora Core 3 Update: mod_auth_pgsql-2.0.1-6.2
  27th, January, 2006

Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. Red Hat would like to thank iDefense for reporting this issue.

http://www.linuxsecurity.com/content/view/121378
 
  Fedora Core 4 Update: mod_auth_pgsql-2.0.1-8.1
  27th, January, 2006

Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is used for user authentication. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-3656 to this issue. Please note that this issue only affects servers which have mod_auth_pgsql installed and configured to perform user authentication against a PostgreSQL database. Red Hat would like to thank iDefense for reporting this issue.

http://www.linuxsecurity.com/content/view/121379
 
  Fedora Core 3 Update: gpdf-2.8.2-7.2
  27th, January, 2006

Chris Evans discovered several flaws in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.

http://www.linuxsecurity.com/content/view/121392
 
  Fedora Core 4 Update: poppler-0.4.4-1.1
  27th, January, 2006

Chris Evans discovered several flaws in the way poppler processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.

http://www.linuxsecurity.com/content/view/121393
 
  Fedora Core 4 Update: xpdf-3.01-0.FC4.6
  27th, January, 2006

Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-3193 to these issues. Users of xpdf should upgrade to this updated package, which contains a patch to resolve these issues.

http://www.linuxsecurity.com/content/view/121395
 
  Fedora Core 4 Update: tetex-3.0-9.FC4
  27th, January, 2006

Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues. This package also updates bindings in texdoc and causes the local texmf tree to be searched first.

http://www.linuxsecurity.com/content/view/121396
 
  Fedora Core 3 Update: tetex-2.0.2-21.7.FC3
  27th, January, 2006

Several flaws were discovered in the way teTeX processes PDF files. An attacker could construct a carefully crafted PDF file that could cause poppler to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the names CVE-2005-3624, CVE-2005-3625, CVE-2005-3626, and CVE-2005-3627 to these issues.

http://www.linuxsecurity.com/content/view/121397
 
  Fedora Core 4 Update: kdegraphics-3.5.0-0.2.fc4
  27th, January, 2006

Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause xpdf to crash or possibly execute arbitrary code when opened. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-3193 to these issues. Users of kdegraphics should upgrade to this updated package, which contains a patch to resolve these issues.

http://www.linuxsecurity.com/content/view/121404
 
  Fedora Core 3 Update: ethereal-0.10.14-1.FC3.1
  27th, January, 2006

This update fixes a DoS in Ethereal.

http://www.linuxsecurity.com/content/view/121408
 
  Fedora Core 4 Update: kdelibs-3.5.0-0.4.fc4
  27th, January, 2006

A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue

http://www.linuxsecurity.com/content/view/121415
 
  Fedora Core 4 Update: httpd-2.0.54-10.3
  27th, January, 2006

This update includes fixes for three security issues in the Apache HTTP Server.

http://www.linuxsecurity.com/content/view/121420
 
  Fedora Core 4 Update: openssh-4.2p1-fc4.10
  27th, January, 2006

This is a minor security update which fixes double shell expansion in local to local and remote to remote copy with scp. It also fixes a few other minor non-security issues.

http://www.linuxsecurity.com/content/view/121421
 
  Fedora Core 4 Update: mozilla-1.7.12-1.5.2
  2nd, February, 2006

Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Igor Bukanov discovered a bug in the way Mozilla's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Mozilla's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Mozilla to execute arbitrary JavaScript when a user runs Mozilla. (CVE-2006-0296) A denial of service bug was found in the way Mozilla saves history information. If a user visits a web page with a very long title, it is possible Mozilla will crash or take a very long time to start the next time it is run. (CVE-2005-4134)

http://www.linuxsecurity.com/content/view/121496
 
  Fedora Core 4 Update: firefox-1.0.7-1.2.fc4
  2nd, February, 2006

Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's JavaScript interpreter dereferences objects. If a user visits a malicious web page, Firefox could crash or execute arbitrary code as the user running Firefox. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0292 to this issue. moz_bug_r_a4 discovered a bug in Firefox's XULDocument.persist() function. A malicious web page could inject arbitrary RDF data into a user's localstore.rdf file, which can cause Firefox to execute arbitrary JavaScript when a user runs Firefox. (CVE-2006-0296) A denial of service bug was found in the way Firefox saves history information. If a user visits a web page with a very long title, it is possible Firefox will crash or take a very long time to start the next time it is run. (CVE-2005-4134)

http://www.linuxsecurity.com/content/view/121497
 
   Gentoo
  Gentoo: HylaFAX Multiple vulnerabilities
  27th, January, 2006

HylaFAX is vulnerable to arbitrary code execution and unauthorized access vulnerabilities.

http://www.linuxsecurity.com/content/view/121318
 
  Gentoo: KPdf, KWord Multiple overflows in included Xpdf code
  27th, January, 2006

KPdf and KWord both include vulnerable Xpdf code to handle PDF files, making them vulnerable to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121319
 
  Gentoo: xine-lib, FFmpeg Heap-based buffer overflow
  27th, January, 2006

xine-lib and FFmpeg are vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121320
 
  Gentoo: ClamAV Remote execution of arbitrary code
  27th, January, 2006

ClamAV is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121321
 
  Gentoo: HylaFAX Multiple vulnerabilities
  27th, January, 2006

HylaFAX is vulnerable to arbitrary code execution and unauthorized access vulnerabilities.

http://www.linuxsecurity.com/content/view/121322
 
  Gentoo: Blender Heap-based buffer overflow
  27th, January, 2006

Blender is vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121323
 
  Gentoo: Wine Windows Metafile SETABORTPROC vulnerability
  27th, January, 2006

Fixed packages were issued to fix this vulnerability in Wine, but some of the fixed packages were missing the correct patch. All Wine users should re-emerge Wine to make sure they are safe. The corrected sections appear below.

http://www.linuxsecurity.com/content/view/121324
 
  Gentoo: KDE kjs URI heap overflow vulnerability
  27th, January, 2006

KDE fails to properly validate URIs when handling javascript, potentially resulting in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121325
 
  Gentoo: Trac Cross-site scripting vulnerability
  27th, January, 2006

Trac is vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.

http://www.linuxsecurity.com/content/view/121326
 
  Gentoo: Gallery Cross-site scripting vulnerability
  27th, January, 2006

Gallery is possibly vulnerable to a cross-site scripting attack that could allow arbitrary JavaScript code execution.

http://www.linuxsecurity.com/content/view/121327
 
  Gentoo: mod_auth_pgsql Multiple format string vulnerabilities
  27th, January, 2006

Format string vulnerabilities in mod_auth_pgsql may lead to the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121328
 
  Gentoo: xine-lib, FFmpeg Heap-based buffer overflow
  27th, January, 2006

xine-lib and FFmpeg are vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121329
 
  Gentoo: VMware Workstation Vulnerability in NAT networking
  27th, January, 2006

VMware guest operating systems can execute arbitrary code with elevated privileges on the host operating system through a flaw in NAT networking.

http://www.linuxsecurity.com/content/view/121330
 
  Gentoo: ClamAV Remote execution of arbitrary code
  27th, January, 2006

ClamAV is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121331
 
  Gentoo: Blender Heap-based buffer overflow
  27th, January, 2006

Blender is vulnerable to a buffer overflow that may be exploited by attackers to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121332
 
  Gentoo: Wine Windows Metafile SETABORTPROC vulnerability
  27th, January, 2006

There is a flaw in Wine in the handling of Windows Metafiles (WMF) files, which could possibly result in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121333
 
  Gentoo: Sun and Blackdown Java Applet privilege escalation
  27th, January, 2006

Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate their privileges.

http://www.linuxsecurity.com/content/view/121334
 
  Gentoo: Wine Windows Metafile SETABORTPROC vulnerability
  27th, January, 2006

There is a flaw in Wine in the handling of Windows Metafiles (WMF) files, which could possibly result in the execution of arbitrary code.

http://www.linuxsecurity.com/content/view/121335
 
  Gentoo: LibAST Privilege escalation
  29th, January, 2006

A buffer overflow in LibAST may result in execution of arbitrary code with escalated privileges.

http://www.linuxsecurity.com/content/view/121434
 
  Gentoo: Paros Default administrator password
  29th, January, 2006

Paros's database component is installed without a password, allowing execution of arbitrary system commands.

http://www.linuxsecurity.com/content/view/121435
 
  Gentoo: MyDNS Denial of Service
  30th, January, 2006

MyDNS contains a vulnerability that may lead to a Denial of Service attack.

http://www.linuxsecurity.com/content/view/121447
 
  Gentoo: Xpdf, Poppler, GPdf, libextractor, pdftohtml Heap overflows
  30th, January, 2006

Xpdf, Poppler, GPdf, libextractor and pdftohtml are vulnerable to integer overflows that may be exploited to execute arbitrary code.

http://www.linuxsecurity.com/content/view/121449
 
   Mandriva
  Mandriva: Updated koffice packages fix several vulnerabilities
  27th, January, 2006

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121337
 
  Mandriva: Updated poppler packages fix several vulnerabilities
  27th, January, 2006

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121338
 
  Mandriva: Updated cups packages fix several vulnerabilities
  27th, January, 2006

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121340
 
  Mandriva: Updated tetex packages fix several vulnerabilities
  27th, January, 2006

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121341
 
  Mandriva: Updated xorg-x11 packages to address several bugs.
  27th, January, 2006

Issues have been reported with display corruption for various cards, including several ATI and Nvidia cards when using the free drivers. There was also an issue with the Greek keyboard layout. These should be corrected by the upstream 6.9.0 final, which this package is based on. Updated packages should correct these issues.

http://www.linuxsecurity.com/content/view/121342
 
  Mandriva: Updated kdegraphics packages fix several vulnerabilities
  27th, January, 2006

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121343
 
  Mandriva: Updated kolab packages fix vulnerability
  27th, January, 2006

A problem exists in how the Kolab Server transports emails bigger than 8KB in size and if a dot (".") character exists in the wrong place. If these conditions are met, kolabfilter will double this dot and a modified email will be delivered, which could lead to broken clear-text signatures or broken attachments. The updated packages have been patched to correct these problems.

http://www.linuxsecurity.com/content/view/121344
 
  Mandriva: Updated pdftohtml packages fix several vulnerabilities
  27th, January, 2006

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121345
 
  Mandriva: Updated wine packages fix WMF vulnerability
  27th, January, 2006

A vulnerability was discovered by H D Moore in Wine which implements the SETABORTPROC GDI Escape function for Windows Metafile (WMF) files. This could be abused by an attacker who is able to entice a user to open a specially crafted WMF file from within a Wine-execute Windows application, possibly resulting in the execution of arbitrary code with the privileges of the user runing Wine. The updated packages have been patched to correct these problems.

http://www.linuxsecurity.com/content/view/121346
 
  Mandriva: Updated hylafax packages fix eval injection vulnerabilities
  27th, January, 2006

Patrice Fournier discovered the faxrcvd/notify scripts (executed as the uucp/fax user) run user-supplied input through eval without any attempt at sanitising it first. This would allow any user who could submit jobs to HylaFAX, or through telco manipulation control the representation of callid information presented to HylaFAX to run arbitrary commands as the uucp/fax user. (CVE-2005-3539, only 'notify' in the covered versions) Updated packages were also reviewed for vulnerability to an issue where if PAM is disabled, a user could log in with no password. (CVE-2005-3538) In addition, some fixes to the packages for permissions, and the %pre/%post scripts were backported from cooker. (#19679) The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/121348
 
  Mandriva: Updated clamav packages fix vulnerability
  27th, January, 2006

A heap-based buffer overflow was discovered in ClamAV versions prior to 0.88 which allows remote attackers to cause a crash and possibly execute arbitrary code via specially crafted UPX files. This update provides ClamAV 0.88 which corrects this issue and also fixes some other bugs.

http://www.linuxsecurity.com/content/view/121349
 
  Mandriva: Updated mod_auth_ldap packages fix vulnerability
  27th, January, 2006

A format string flaw was discovered in the way that auth_ldap logs information which may allow a remote attacker to execute arbitrary code as the apache user if auth_ldap is used for authentication. This update provides version 1.6.1 of auth_ldap which corrects the problem. Only Corporate Server 2.1 shipped with a supported auth_ldap package.

http://www.linuxsecurity.com/content/view/121355
 
  Mandriva: Updated kernel packages fix several vulnerabilities
  27th, January, 2006

A number of vulnerabilites have been corrected in the Linux kernel.

http://www.linuxsecurity.com/content/view/121356
 
  Mandriva: Updated kdelibs packages fix vulnerability
  27th, January, 2006

A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpretter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the site. The updated packages have been patched to correct this problem.

http://www.linuxsecurity.com/content/view/121357
 
  Mandriva: Subject: [Security Announce] Updated ipsec-tools packages fix vulnerability
  27th, January, 2006

The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in ipsec-tools racoon before 0.6.3, when running in aggressive mode, allows remote attackers to cause a denial of service (null dereference and crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. The updated packages have been patched to correct this problem.

http://www.linuxsecurity.com/content/view/121359
 
  Mandriva: Updated xpdf packages fix several vulnerabilities
  27th, January, 2006

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121360
 
  Mandriva: Subject: [Security Announce] Updated mozilla-thunderbird packages fix vulnerability
  27th, January, 2006

GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-complicit attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. The updated packages have been patched to correct this problem.

http://www.linuxsecurity.com/content/view/121361
 
  Mandriva: Updated perl-Convert-UUlib packages fix vulnerability
  27th, January, 2006

A buffer overflow was discovered in the perl Convert::UUlib module in versions prior to 1.051, which could allow remote attackers to execute arbitrary code via a malformed parameter to a read operation. This update provides version 1.051 which is not vulnerable to this flaw.

http://www.linuxsecurity.com/content/view/121362
 
  Mandriva: Updated perl-Net_SSLeay packages fix vulnerability
  27th, January, 2006

Javier Fernandez-Sanguino Pena discovered that the perl Net::SSLeay module used the file /tmp/entropy as a fallback entropy source if a proper source was not set via the environment variable EGD_PATH. This could potentially lead to weakened cryptographic operations if an attacker was able to provide a /tmp/entropy file with known content. The updated packages have been patched to correct this problem.

http://www.linuxsecurity.com/content/view/121363
 
  Mandriva: Updated ImageMagick packages fix vulnerabilities
  27th, January, 2006

The delegate code in ImageMagick 6.2.4.x allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command. (CVE-2005-4601) A format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3, and other versions, allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program. (CVE-2006-0082) The updated packages have been patched to correct these issues.

http://www.linuxsecurity.com/content/view/121364
 
  Mandriva: Updated mdkonline package provides url fixes
  27th, January, 2006

The mdkonline package for MNF2 was incorrectly connecting to mandrivaonline.net rather than mandrivaonline.com. This update corrects the problem.

http://www.linuxsecurity.com/content/view/121365
 
  Mandriva: Updated dynamic packages fix USB device and Palm detection issues
  27th, January, 2006

Dynamic was not calling scripts correctly when hardware was plugged/unplugged. Plugging a digital camera (not usb mass storage, like a Canon camera) was not creating an icon on Desktop (for GNOME) or in the Devices window (for KDE). Dynamic was also creating a "pilot" symlink in / (in addition to /dev/pilot) when a Palm was connected, and this file was not removed when the Palm was unplugged. Now, this file is not longer created. If the symlink is already on the user's system, it can safely be removed manually. Updated packages have been patched to correct the issue.

http://www.linuxsecurity.com/content/view/121366
 
  Mandriva: Update gthumb packages to fix corrupted UI after photo import
  27th, January, 2006

A bug was discovered in gthumb were the UI (User Interface) can get corrupted when importing photos in some non-UTF8 locales (such as French). Some text strings (returned from libgphoto) where not converted into UTF-8 before being used by GTK+. Updated packages have been patched to correct the issue.

http://www.linuxsecurity.com/content/view/121367
 
  Mandriva: Updated libgphoto packages fix bug on disconnection of digital camera
  27th, January, 2006

A bug was discovered with libgphoto which was preventing the removal of icons on the desktop (in GNOME) or in the Devices window (in KDE) when a digital camera was unplugged. Updated packages have been patched to correct the issue.

http://www.linuxsecurity.com/content/view/121368
 
  Mandriva: Updated gpdf packages fix several vulnerabilities
  27th, January, 2006

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. (CVE-2005-3191)

http://www.linuxsecurity.com/content/view/121369
 
  Mandriva: Updated net-snmp packages fix vulnerabilities
  27th, January, 2006

The fixproc application in Net-SNMP creates temporary files with predictable file names which could allow a malicious local attacker to change the contents of the temporary file by exploiting a race condition, which could possibly lead to the execution of arbitrary code. As well, a local attacker could create symbolic links in the /tmp directory that point to a valid file that would then be overwritten when fixproc is executed (CVE-2005-1740). A remote Denial of Service vulnerability was also discovered in the SNMP library that could be exploited by a malicious SNMP server to crash the agent, if the agent uses TCP sockets for communication (CVE-2005-2177). The updated packages have been patched to correct these problems.

http://www.linuxsecurity.com/content/view/121370
 
  Mandriva: Updated apache2 packages fix vulnerabilities
  27th, January, 2006

A flaw was discovered in mod_imap when using the Referer directive with image maps that could be used by a remote attacker to perform a cross- site scripting attack, in certain site configurations, if a victim could be forced to visit a malicious URL using certain web browsers (CVE-2005-3352). Also, a NULL pointer dereference flaw was found in mod_ssl that affects server configurations where an SSL virtual host was configured with access controls and a custom 400 error document. This could allow a remote attacker to send a carefully crafted request to trigger the issue and cause a crash, but only with the non-default worker MPM (CVE-2005-3357). The provided packages have been patched to prevent these problems.

http://www.linuxsecurity.com/content/view/121371
 
  Mandriva: Updated mozilla-thunderbird packages merge dropped changes
  27th, January, 2006

Recent security updates to mozilla-thunderbird did not include some changes made to the build from the community branch of 2006.0. The changes include corrections to the packaging of language files and some corrections to the uninstall scripts. New builds of the enigmail-es and enigmail-it packages are also included. Updated packages merge both of these builds.

http://www.linuxsecurity.com/content/view/121433
 
  Mandriva: Updated bzip2 packages fix bzgrep vulnerabilities
  30th, January, 2006

A bug was found in the way that bzgrep processed file names. If a user could be tricked into running bzgrep on a file with a special file name, it would be possible to execute arbitrary code with the privileges of the user running bzgrep. As well, the bzip2 package provided with Mandriva Linux 2006 did not the patch applied to correct CVE-2005-0953 which was previously fixed by MDKSA-2005:091; those packages are now properly patched. The updated packages have been patched to correct these problems.

http://www.linuxsecurity.com/content/view/121448
 
  Mandriva: Updated gzip packages fix zgrep vulnerabilities
  30th, January, 2006

Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. This was previously corrected in MDKSA-2005:092, however the fix was incomplete. These updated packages provide a more comprehensive fix to the problem.

http://www.linuxsecurity.com/content/view/121450
 
  Mandriva: Updated php packages fix XSS and response splitting vulnerabilities
  1st, February, 2006

Multiple response splitting vulnerabilities in PHP allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors, possibly involving a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. (CVE-2006-0207) Multiple cross-site scripting (XSS) vulnerabilities in PHP allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in "certain error conditions." (CVE-2006-0208).

http://www.linuxsecurity.com/content/view/121474
 
  Mandriva: Updated libast packages fixes buffer overflow vulnerability
  2nd, February, 2006

Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X argument. The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/121491
 
  Mandriva: Updated poppler packages fixes heap-based buffer overflow vulnerability
  2nd, February, 2006

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Poppler uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/121492
 
  Mandriva: Updated kdegraphics packages fixes heap-based buffer overflow vulnerability
  2nd, February, 2006

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as such has the same issues. The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/121493
 
  Mandriva: Updated xpdf packages fixes heap-based buffer overflow vulnerability
  2nd, February, 2006

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. The updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/121494
 
  Mandriva: Updated OpenOffice.org packages fix issue with disabled hyperlinks
  2nd, February, 2006

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. Updated packages are patched to address this issue.

http://www.linuxsecurity.com/content/view/121495
 
   Red Hat
  RedHat: Important: kernel security update
  27th, January, 2006

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available.

This security advisory has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121279
 
  RedHat: Moderate: tetex security update
  27th, January, 2006

Updated tetex packages that fix several integer overflows are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121280
 
  RedHat: Critical: kdelibs security update
  27th, January, 2006

Updated kdelibs packages are now available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121281
 
  RedHat: Important: kernel security update
  1st, February, 2006

Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (64 bit architectures). This security advisory has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121471
 
  RedHat: Important: kernel security update
  1st, February, 2006

Updated kernel packages that fix a number of security issues as well as other bugs are now available for Red Hat Enterprise Linux 2.1 (32 bit architectures) This security advisory has been rated as having important security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121472
 
  RedHat: Moderate: gd security update
  1st, February, 2006

Updated gd packages that fix several buffer overflow flaws are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121473
 
  RedHat: Critical: mozilla security update
  2nd, February, 2006

Updated mozilla packages that fix several security bugs are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121482
 
  RedHat: Critical: firefox security update
  2nd, February, 2006

An updated firefox package that fixes several security bugs is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team.

http://www.linuxsecurity.com/content/view/121483
 
   SuSE
  SuSE: xpdf,kpdf,gpdf,kword
  27th, January, 2006

"infamous41md", Chris Evans and Dirk Mueller discovered multiple places in xpdf code where integer variables are insufficiently checked for range or overflow. Specially crafted PDF files could lead to executing arbitrary code.

http://www.linuxsecurity.com/content/view/121427
 
  SuSE: novell-nrm remote heap overflow
  27th, January, 2006

iDEFENSE reported a security problem with the Novell Remote Manager.

http://www.linuxsecurity.com/content/view/121428
 
  SuSE: kdelibs3 (SUSE-SA:2006:003)
  27th, January, 2006

Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attackers could trick users into visiting specially crafted web sites that exploit this bug (CVE-2006-0019).

http://www.linuxsecurity.com/content/view/121429
 
  SuSE: phpMyAdmin (SUSE-SA:2006:004)
  27th, January, 2006

Stefan Esser discovered a bug in in the register_globals emulation of phpMyAdmin that allowes to overwrite variables. An attacker could exploit the bug to ultimately execute code (CVE-2005-4079). Additionally several cross-site-scripting bugs were discovered (CVE-2005-3787, CVE-2005-3665).

http://www.linuxsecurity.com/content/view/121430
 
  SuSE: nfs-server/rpc.mountd remote code
  27th, January, 2006

An remotely exploitable problem exists in the rpc.mountd service in the user space NFS server package "nfs-server".

http://www.linuxsecurity.com/content/view/121431
 

Only registered users can write comments.
Please login or register.

Powered by AkoComment!