Section: .. / 0708-advisories /
| /// File Name: |
sa26234.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26234/ | | File Size: | 23008 | | Last Modified: | Aug 8 06:01:26 2007 |
| MD5 Checksum: | c5dca85104dc23522a417619d6432ddd |
|
| /// File Name: |
USN-505-1.txt |
Description:
|
Ubuntu Security Notice 505-1 - Ulf Harnhammar discovered that vim does not properly sanitize the "helptags_one()" function when running the "helptags" command. By tricking a user into running a crafted help file, a remote attacker could execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22721 | | Related CVE(s): | CVE-2007-2953 | | Last Modified: | Aug 29 06:39:32 2007 |
| MD5 Checksum: | 53db9796ef8862d6d9999eb93f9283e1 |
|
| /// File Name: |
USN-499-1.txt |
Description:
|
Ubuntu Security Notice 499-1 - Stefan Esser discovered that mod_status did not force a character set, which could result in browsers becoming vulnerable to XSS attacks when processing the output. If a user were tricked into viewing server status output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. By default, mod_status is disabled in Ubuntu. Niklas Edmundsson discovered that the mod_cache module could be made to crash using a specially crafted request. A remote user could use this to cause a denial of service if Apache was configured to use a threaded worker. By default, mod_cache is disabled in Ubuntu. A flaw was discovered in the signal handling of Apache. A local attacker could trick Apache into sending SIGUSR1 to other processes. The vulnerable code was only present in Ubuntu Feisty.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 22711 | | Related CVE(s): | CVE-2006-5752, CVE-2007-1863, CVE-2007-3304 | | Last Modified: | Aug 17 08:30:14 2007 |
| MD5 Checksum: | 7c60f4ea73486685f797832eeb5940f5 |
|
| /// File Name: |
sa26594.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for vim. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26594/ | | File Size: | 22035 | | Last Modified: | Aug 30 02:11:25 2007 |
| MD5 Checksum: | 16148bd095fdba1fc9e6b01c3e3ca8b2 |
|
| /// File Name: |
sa26443.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for apache. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/26443/ | | File Size: | 21688 | | Last Modified: | Aug 18 05:25:01 2007 |
| MD5 Checksum: | 7999aed386495c8e6288332b050cef24 |
|
| /// File Name: |
cisco-sa-20070815-vpnclient.txt |
Description:
|
Cisco Security Advisory - Two vulnerabilities exist in the Cisco VPN Client for Microsoft Windows that may allow unprivileged users to elevate their privileges to those of the LocalSystem account.
| | Homepage: | http://www.cisco.com/ | | File Size: | 20711 | | Last Modified: | Aug 16 10:43:57 2007 |
| MD5 Checksum: | 6c2a8850eb338fc8f428f12d96e27b35 |
|
| /// File Name: |
USN-496-2.txt |
Description:
|
Ubuntu Security Notice 496-2 - USN-496-1 fixed a vulnerability in koffice. This update provides the corresponding updates for poppler, the library used for PDF handling in Gnome. Derek Noonburg discovered an integer overflow in the Xpdf function StreamPredictor::StreamPredictor(). By importing a specially crafted PDF file into KWord, this could be exploited to run arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 19266 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 8 10:07:51 2007 |
| MD5 Checksum: | 3e8891c25b0a5051bf52ab27fde68e06 |
|
| /// File Name: |
sa26325.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for poppler. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/26325/ | | File Size: | 18752 | | Last Modified: | Aug 9 02:51:33 2007 |
| MD5 Checksum: | bf47b97b85d3c99458062d40c50a70cf |
|
| /// File Name: |
sa26271.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and Seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26271/ | | File Size: | 17935 | | Last Modified: | Aug 8 06:01:26 2007 |
| MD5 Checksum: | ce519ea006a4cf58b021bdd80873484a |
|
| /// File Name: |
USN-494-1.txt |
Description:
|
Ubuntu Security Notice 494-1 - Sean Larsson discovered multiple integer overflows in Gimp. By tricking a user into opening a specially crafted DICOM, PNM, PSD, PSP, RAS, XBM, or XWD image, a remote attacker could exploit this to execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17012 | | Related CVE(s): | CVE-2006-4519 | | Last Modified: | Aug 8 07:09:06 2007 |
| MD5 Checksum: | 6dd892ea6ad69dd3a2dc450dc6e1cc13 |
|
| /// File Name: |
sa26258.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to expose sensitive information, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26258/ | | File Size: | 16978 | | Last Modified: | Aug 8 06:01:26 2007 |
| MD5 Checksum: | 1897252a72ae39f4d764c1bf6a9015df |
|
| /// File Name: |
sa26240.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for gimp. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26240/ | | File Size: | 16803 | | Last Modified: | Aug 8 06:01:26 2007 |
| MD5 Checksum: | 94cd7b9e1d67fc73b9187b2140d9b2a8 |
|
| /// File Name: |
sa26602.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for asterisk. This fixes some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, and by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26602/ | | File Size: | 16671 | | Last Modified: | Aug 27 22:57:16 2007 |
| MD5 Checksum: | 0c115529bbf636bef9e8f967a0078cf6 |
|
| /// File Name: |
MDKSA-2007-163.txt |
Description:
|
Mandriva Linux Security Advisory - Maurycy Prodeus found an integer overflow vulnerability in the way various PDF viewers processed PDF files. An attacker could create a malicious PDF file that could cause koffice to crash and possibly execute arbitrary code open a user opening the file.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 16106 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 15 06:09:17 2007 |
| MD5 Checksum: | c03879506124d8aec6fa9fbbf84a69a8 |
|
| /// File Name: |
cisco-sa-20070829-ccm.txt |
Description:
|
Cisco Security Advisory - Cisco CallManager and Unified Communications Manager are vulnerable to cross-site Scripting (XSS) and SQL Injection attacks in the lang variable of the admin and user logon pages. A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database.
| | Homepage: | http://www.cisco.com/ | | File Size: | 15768 | | Last Modified: | Aug 30 09:57:42 2007 |
| MD5 Checksum: | d9b5b4521e099a8c191e2a1814f08147 |
|
| /// File Name: |
dsa-1343-1.txt |
Description:
|
Debian Security Advisory 1343-1 - Colin Percival discovered an integer overflow in file, a file type classification tool, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 15724 | | Related CVE(s): | CVE-2007-2799 | | Last Modified: | Aug 1 03:03:35 2007 |
| MD5 Checksum: | 4f5c61923795ba855bd5b53b740415b6 |
|
| /// File Name: |
dsa-1346-1.txt |
Description:
|
Debian Security Advisory 1346-1 - Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. "moz_bug_r_a4" discovered that a regression in the handling of "about:blank" windows used by addons may lead to an attacker being able to modify the content of web sites. Jesper Johansson discovered that missing sanitizing of double-quotes and spaces in URIs passed to external programs may allow an attacker to pass arbitrary arguments to the helper program if the user is tricked into opening a malformed web page.
| | Homepage: | http://www.debian.org/security | | File Size: | 15156 | | Related CVE(s): | CVE-2007-3844, CVE-2007-3845 | | Last Modified: | Aug 8 09:04:23 2007 |
| MD5 Checksum: | 169c1a4ce7ca948b6f5c0edb44f93133 |
|
| /// File Name: |
dsa-1348-1.txt |
Description:
|
Debian Security Advisory 1348-1 - It was discovered that an integer overflow in the xpdf PDF viewer may lead to the execution of arbitrary code if a malformed PDF file is opened.
| | Homepage: | http://www.debian.org/security | | File Size: | 14745 | | Related CVE(s): | CVE-2007-3387 | | Last Modified: | Aug 8 09:05:49 2007 |
| MD5 Checksum: | c29f5ddaed452ea9e3bf1f8e5ae1bd15 |
|
| /// File Name: |
sa26294.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for file. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26294/ | | File Size: | 14642 | | Last Modified: | Aug 8 06:01:26 2007 |
| MD5 Checksum: | 8f635bbfb99782ccdfbe42e3292aca24 |
|
| /// File Name: |
sa26307.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for poppler. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/26307/ | | File Size: | 13868 | | Last Modified: | Aug 8 06:01:26 2007 |
| MD5 Checksum: | 36f702b146eab2abee05899c14b96517 |
|
| /// File Name: |
sa26309.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for iceape. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26309/ | | File Size: | 13808 | | Last Modified: | Aug 8 06:01:26 2007 |
| MD5 Checksum: | 62b2594934d15f40cd56448b53126ace |
|
| /// File Name: |
sa26593.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for lighttpd. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26593/ | | File Size: | 13651 | | Last Modified: | Aug 31 05:45:27 2007 |
| MD5 Checksum: | 0e8f57725f9825d2104ecfee158727ef |
|
| /// File Name: |
SUSE-SA-2007-050.txt |
Description:
|
SUSE Security Announcement - The Opera web-browser allows an attacker to execute arbitrary code by providing an invalid pointer to a virtual function in JavaScript. This bug can be exploited automatically when a user visits a web-site that contains the attacker's JavaScript code.
| | Homepage: | http://www.suse.com | | File Size: | 13290 | | Related CVE(s): | CVE-2007-4367 | | Last Modified: | Aug 31 18:49:50 2007 |
| MD5 Checksum: | 67d50149e61c18e0f82a4f187d83b23e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
