Advisory: Gentoo Essential and Critical Security Patch Updates
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
An input validation vulnerability has been discovered in Horde-IMP. This only affects users of Internet Explorer.
SpamAssassin is vulnerable to a Denial of Service attack when handling certain malformed messages.
Several new vulnerabilities were found and fixed in Opera, including one allowing an attacker to read the local filesystem remotely.
PuTTY contains a vulnerability allowing a SSH server to execute arbitrary code on the connecting client.
libpng contains numerous vulnerabilities potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code. [More...]
The SqWebMail web application, included in the Courier suite, is vulnerable to cross-site scripting attacks.
When compiled with GUI support MPlayer is vulnerable to a remotely exploitable buffer overflow attack.
SoX contains two buffer overflow vulnerabilities in the WAV header parser code.
Multiple vulnerabilities in phpMyAdmin may allow a remote attacker with a valid user account to alter configuration variables and execute arbitrary PHP code. [More...]
Two buffer overflows vulnerabilities were found in Samba, potentially allowing the remote execution of arbitrary code.
Users with write access to parts of a Subversion repository may bypass read restrictions in mod_authz_svn and read any part of the repository they wish. [More...]
Pavuk contains a bug that can allow an attacker to run arbitrary code.
A bug in mod_ssl may allow a remote attacker to execute arbitrary code when Apache is configured to use mod_ssl and mod_proxy.
Multiple permission vulnerabilities have been found in the Linux kernel, allowing an attacker to change the group IDs of files mounted on a remote filesystem (CAN-2004-0497), as well as an issue in 2.6 series kernels which allows /proc permissions to be bypassed. [More...]
A buffer overflow in l2tpd could lead to remote code execution. It is not known whether this bug is exploitable.
Opera contains three vulnerabilities, allowing an attacker to impersonate legitimate websites with URI obfuscation or to spoof websites with frame injection. [More...]
Game servers based on the Unreal engine are vulnerable to remote code execution through malformed 'secure' queries.
Multiple security vulnerabilities, potentially allowing remote code execution, were found and fixed in PHP.
A flaw has been discovered in 2.6 series Linux kernels that allows an attacker to send a malformed TCP packet, causing the affected kernel to possibly enter an infinite loop and hang the vulnerable machine. [More...]
A buffer overflow vulnerability exists in the wv library that can allow an attacker to execute arbitrary code with the privileges of the user running the vulnerable application. [More...]