OpenPKG Security Advisory - Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in the regular expression compiler of the Perl programming language, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions. The bug manifests in a possible buffer overflow in the polymorphic "opcode" support code, caused by ASCII regular expressions that really are Unicode regular expressions.
fd63d18ae40b88066a847d408cc8dc4b528e6881d49215b4b27af6316352df80OpenPKG Security Advisory - BIND 9 versions 9.4.1-P1 and below suffer from multiple vulnerabilities that allow for recursive queries and cache poisoning.
c368a04ffba7fa0bd16a6fd660ba328818e7e86d86faf603e8fd15ff53b9f706OpenPKG Security Advisory - Multiple vulnerabilities in PHP versions 5.2.2 and below have been addressed.
de25ea5eaff6e286c1e16000b5dfce7c3dedab43e0b8b25a85fcd5852260b7f1OpenPKG Security Advisory - A vulnerability caused by an integer signedness error was found by Victor Stinner in the font rendering library Freetype, versions up to and including 2.3.4. The vulnerability might allow remote attackers to execute arbitrary code via a specially crafted TrueType Font (TTF) file with a negative "n_points" value, which leads to an integer overflow and heap-based buffer overflow.
20e3597f4528c3bf943c842d2c4a790a8846089007afb586832a34877de6bcb1OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the Ratbox IRC Daemon, versions up to and including 2.2.5. Too many pending connections to the server from a single unknown client could result in a resource starvation.
7f887dd38929665069a85a9b5ef03b27f0f850f52837b0cb36cf19a9a5dac310OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the routing daemon Quagga, versions up to and including 0.99.6. The Quagga bgpd(8) daemon is vulnerable as configured peers may cause it to abort because of an assertion which can be triggered by peers by sending an "UPDATE" message with a specially crafted, malformed Multi-Protocol reachable/unreachable "NLRI" attribute.
12492b05bc1c9dd6d3ab14537255e48285c3a6cb1a68486580a7e74f2e78c677OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG image format library libpng. The bug is a NULL-pointer-dereference vulnerability involving palette images with a malformed "tRNS" PNG chunk, i.e., one with a bad CRC value. This bug can, at a minimum, cause crashes in applications simply by displaying a malformed image.
63c3acc1ae79ee72024eb0a8d12f1655d8911415ac30f629fe2c5728b871eeccOpenPKG Security Advisory - Multiple vulnerabilities were found in the CIFS/SMB server implementation Samba.
9c9c5ff7ea80d2352d3c98caf5ce202df67d9f7bcb059cafc04b46c14805b953OpenPKG Security Advisory - According to a vendor release announcement, multiple vulnerabilities exist in the programming language PHP, versions up to and including 5.2.0.
c86db00870b10c7d75d039211794324e8c48eb4f2ebd85d7db91a0cbf5c1df07OpenPKG Security Advisory - According to a vendor security advisory, a vulnerability exists in the SessionPlugin extension of the Wiki engine TWiki, version up to and including 4.1.0. The vulnerability allows local users to cause TWiki to execute arbitrary Perl code with the privileges of the web server process by creating CGI session files on the local filesystem.
51621d8c871de933a4c4b0ef815d8d632f8d803fcb9b63ba065faf6cc822d1b3OpenPKG Security Advisory - Ralf S. Engelschall from OpenPKG GmbH discovered a Denial of Service (DoS) vulnerability in the CVS/Subversion/Git Version Control System (VCS) frontend CVSTrac, version 2.0.0.
1db2c81b325a11b28837a0856dc30080a87ebbd7a7462ccc43a328ae1aaabdf4OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".
efdefa323f0250b7bbccf97b1808ac633e806735791adbf26f360bd1575549c6OpenPKG Security Advisory - According to vendor security advisories, two security issues exist in the Kerberos network authentication system implementation MIT Kerberos. First, the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind(8). Second, the GSS-API "mechglue" layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused another security vulnerability in kadmind(8).
18eb84638a0aa1af34b0b1cdc4873ec6ac8264aa88bdd3cd284bf7eb213a80c4OpenPKG Security Advisory - According to a security advisory from Stefan Esser, a vulnerability exists in the Weblog publishing system WordPress, versions up to and including 2.0.5.
5bb58c9bfbd9ea4823adca77bf7855e11fa850d081b036ff2dc309cfee673e95OpenPKG Security Advisory - According to vendor release notes and security advisories, two security issues exist in the POP3/IMAP batch client Fetchmail, version up to and including 6.3.5
e848b53d79d513a6112f14b3d4de99609c0c6e7edaa805a1ed7f23529322556eOpenPKG Security Advisory - According to upstream vendor security advisories, two vulnerabilities exist in the content management system Drupal, versions up to and including 4.7.4.
113909de07850710304b892fe3a993e72495d2f35dd0f344511576e4e4b66531OpenPKG Security Advisory - Together with two portability and stability issues, two older security issues were fixed in the compression tool BZip2, versions up to and including 1.0.3.
25542668c12c677ad1d31a4513dd6892ca204cb22b1f1399da1eda9ec286b7cdOpenPKG Security Advisory - Three vulnerabilities have been identified and exploited in the network monitoring and graphing frontend Cacti, versions up to and including 0.8.6i. They can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems.
d715fb2ea460dd7e357f8f6f699dde27c0bdc767cbf64fd69c81a7a05264aa07OpenPKG Security Advisory - The Links web browser versions below 2.1pre26 suffer from an arbitrary code execution vulnerability.
ccd24a8032dfc6e3f207ae8646c3ad418869265a3599f98dba7bb0efa58e46acOpenPKG Security Advisory - OpenSER versions 1.1.0 and below suffer from a buffer overflow vulnerability.
5adb8463690b95ca64c0cdefd7eaad1f6fde535fd8d8a4a602092bde09153636OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the programming language Ruby, versions before 1.8.5-p2.
b21d0c433a93a826301e000c138a2d7578c7c9e437c3c15008d465d9d44ccda3OpenPKG Security Advisory OpenPKG-SA-2006.038 - The archive format utility GNU tar, versions up to and including 1.16, allows user-assisted attackers to overwrite arbitrary files via a TAR format file that contains a "GNUTYPE_NAMES" record with a symbolic link.
b3316815129634db7a89691f0f6a4712f63cc700167db955981aaf3a818c1b27OpenPKG Security Advisory OpenPKG-SA-2006.037 - Two security issues were discovered in the OpenPGP cryptography tool GnuPG, versions up to and including 1.4.5 and 2.0.1. The first issue is a heap-based buffer overflow which has been identified by the vendor during fixing a bug reported by Hugh Warrington. The second issue is a memory management problem.
e2ad975972bd8b4d3c70e676abce3b1376c3b1ef57af266813f375814ebfe63cOpenPKG Security Advisory OpenPKG-SA-2006.034 - Miloslav Trmac from Red Hat discovered a buffer overflow in GNU Texinfo. The flaw was found in a function used by Texinfo's texi2dvi and texindex commands. An attacker could construct a carefully crafted Texinfo file that could cause texi2dvi or texindex to crash or possibly execute arbitrary code when opened.
878e47113669a4f4780cad26b04bda1aa8d62ebe2073d4f4aa25c8cb53347bd8OpenPKG Security Advisory OpenPKG-SA-2006.033 - Evgeny Legerov discovered a vendor-confirmed denial of service vulnerability in OpenLDAP. The vulnerability allows remote attackers to cause a DoS via a certain combination of LDAP "Bind" requests that trigger an assertion failure in "libldap". The flaw is caused by incorrectly computing the length of a normalized name.
f298e21b67c62cc61561c562fe81bcf25b76c0493617dca53ced2a579adadcbd
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed