Red Hat Security Advisory 2011-1243-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Thunderbird; however, affected certificates issued after this date cannot be re-enabled or used. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect.
0e03cc31929ca60dd1f939bf86d48d78Red Hat Security Advisory 2011-1242-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Firefox; however, affected certificates issued after this date cannot be re-enabled or used. All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, Firefox must be restarted for the changes to take effect.
9a2349defe71bbc1b6f7003cd58783d7Red Hat Security Advisory 2011-1241-01 - eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the "ecryptfs" group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory.
1694c3f90d3c7b2d523bc306a63ba00cRed Hat Security Advisory 2011-1240-01 - This is the 6-month notification of the End Of Life plans for Red Hat Enterprise Linux 4.
ea9a8740fecf02331b466f0dbac4e914Red Hat Security Advisory 2011-1239-01 - This is the End of Life notification for Red Hat Enterprise Linux Extended Update Support Add-On (EUS) 4.7.
57db3ed2cd4400b3be104ccfd522fb24Zero Day Initiative Advisory 11-277 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles 'mp4v' codec information. When parsing the video description table it will read the size field preceding the 'mp4v' tag and use that size to create an allocation to hold the data. It will then copy the correct amount of data into that buffer, but then does some endian changes on a fixed portion of the buffer without checking its size. The resulting memory corruption could result in remote code execution under the context of the current user.
a3dd4716a54963b77e886fd3f67b21dcDebian Linux Security Advisory 2300-1 - Several unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS crypto libraries.
c536f0e78e2b245da2edac0ef79e837aDebian Linux Security Advisory 2299-1 - An unauthorized SSL certificate has been found in the wild issued the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in its ca-certificates bundle.
0e562f8cc6272e92c9bc1d374a9311abSQL-Ledger versions 2.8.33 and below and LedgerSMB versions 1.2.24 and below suffer from a remote SQL injection vulnerability.
bfe294cd4b1b21395f42a22491567ca9Cisco Security Advisory - Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs that are running software versions prior to TC4.0.0 or F9.1 contain a vulnerability that could allow an attacker to cause a denial of service. Cisco has released free software updates that address this vulnerability.
6ba516d510a5b4841fcd9444d5a6d5c5Secunia Security Advisory - Multiple vulnerabilities have been discovered in vAuthenticate, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.
2949935873396c5b1c4fe50db401a397Secunia Security Advisory - A vulnerability has been reported in Axway SecureTransport, which can be exploited by malicious people to disclose sensitive information.
8dd04b4abb705062cb67a9bb950a1532Secunia Security Advisory - Two vulnerabilities have been reported in Opera, where one has unknown impacts and the other one can be exploited by malicious people to bypass certain security features.
0cb5d8d72e9f8388766a8aff5fd5c894Secunia Security Advisory - A weakness has been reported in Gigaset A580 IP, which can be exploited by malicious people to disclose sensitive information.
ce3c6daebef99f71bc6b5e8f4a3c6d12Secunia Security Advisory - Red Hat has issued an update for samba and cifs-utils. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting and request forgery attacks.
8b0d019f11ead2913ce7b9f58fad2058Secunia Security Advisory - Aung Khant has discovered a vulnerability in Jcow, which can be exploited by malicious people to conduct cross-site scripting attacks.
12ed4a6041b4a4037e26e69416e85aceSecunia Security Advisory - A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
59a5068a27c11174617ec956014c6154Cisco Security Advisory - The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges. Multiple Cisco products may be affected by this vulnerability. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document listed in this advisory.
c5773856e3e4a5873957dee4fdade3f6Secunia Security Advisory - Cisco has acknowledged a vulnerability in Cisco Wireless Control System (WCS), which can be exploited by malicious people to cause a DoS (Denial of Service).
591d3bb570ebfbf58b789a0ffbcfd49cDebian Linux Security Advisory 2298-1 - Two issues have been found in the Apache HTTPD web server.
3220e84d3e0e501fdc6a31fa69d52bd0Secunia Security Advisory - A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious users to disclose potentially sensitive information.
ad28b6e58bb74fccc947dc0139c6f494Secunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.
d9921c3957e63c3952aac519cdda0196Secunia Security Advisory - SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.
24c55c4bdda47f025d65dddb48d3881eSecunia Security Advisory - SUSE has issued an update for MozillaThunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.
8b0534eb4db3dcdc031bf6cf6bf15174Secunia Security Advisory - SUSE has issued an update for java-1_4_2-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
89e7e699443db51eda64f1e382934b7f
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed