Section: .. / 0707-advisories /
| /// File Name: |
sa26048.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for php4 and php5. This fixes some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges, and by malicious people to to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26048/ | | File Size: | 70651 | | Last Modified: | Jul 14 00:30:10 2007 |
| MD5 Checksum: | c627f109497c8821ea6e54df8ef74e0a |
|
| /// File Name: |
dsa-1331-1.txt |
Description:
|
Debian Security Advisory 1331-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. Stefan Esser discovered HTTP response splitting vulnerabilities in the session extension. This only affects Debian 3.1 (Sarge). Stefan Esser discovered that an integer overflow in memory allocation routines allows the bypass of memory limit restrictions. This only affects Debian 3.1 (Sarge) on 64 bit architectures. It was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 66494 | | Related CVE(s): | CVE-2006-0207, CVE-2006-4486, CVE-2007-1864 | | Last Modified: | Jul 10 02:51:21 2007 |
| MD5 Checksum: | 7da389efe8f7c6225ce535d725b591d5 |
|
| /// File Name: |
sa25945.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for php4. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25945/ | | File Size: | 60814 | | Last Modified: | Jul 10 02:45:30 2007 |
| MD5 Checksum: | c28534e290a789bd06f5958477e70e72 |
|
| /// File Name: |
dsa-1332-1.txt |
Description:
|
Debian Security Advisory 1332-1 - Several remote vulnerabilities have been discovered in the VideoLan multimedia player and streamer, which may lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 60023 | | Related CVE(s): | CVE-2007-3316, CVE-2007-3467 | | Last Modified: | Jul 10 05:06:10 2007 |
| MD5 Checksum: | 6f23ba24753c08132b3b0efa48c000a4 |
|
| /// File Name: |
USN-486-1.txt |
Description:
|
Ubuntu Security Notice 486-1 - The compat_sys_mount function allowed local users to cause a denial of service when mounting a smbfs filesystem in compatibility mode. The Omnikey CardMan 4040 driver (cm4040_cs) did not limit the size of buffers passed to read() and write(). A local attacker could exploit this to execute arbitrary code with kernel privileges. Due to a variable handling flaw in the ipv6_getsockopt_sticky() function a local attacker could exploit the getsockopt() calls to read arbitrary kernel memory. This could disclose sensitive data. Ilja van Sprundel discovered that Bluetooth setsockopt calls could leak kernel memory contents via an uninitialized stack buffer. A local attacker could exploit this flaw to view sensitive kernel information. A flaw was discovered in the handling of netlink messages. Local attackers could cause infinite recursion leading to a denial of service. A flaw was discovered in the IPv6 stack's handling of type 0 route headers. By sending a specially crafted IPv6 packet, a remote attacker could cause a denial of service between two IPv6 hosts. The random number generator was hashing a subset of the available entropy, leading to slightly less random numbers. Additionally, systems without an entropy source would be seeded with the same inputs at boot time, leading to a repeatable series of random numbers. A flaw was discovered in the PPP over Ethernet implementation. Local attackers could manipulate ioctls and cause kernel memory consumption leading to a denial of service. An integer underflow was discovered in the cpuset filesystem. If mounted, local attackers could obtain kernel memory using large file offsets while reading the tasks file. This could disclose sensitive data. Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly validate certain states. A remote attacker could send a specially crafted packet causing a denial of service. Luca Tettamanti discovered a flaw in the VFAT compat ioctls on 64-bit systems. A local attacker could corrupt a kernel_dirent struct and cause a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 55922 | | Related CVE(s): | CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2242, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878 | | Last Modified: | Jul 19 07:10:35 2007 |
| MD5 Checksum: | d1fbda39809930977b9a5d12439c40b2 |
|
| /// File Name: |
sa25980.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for vlc. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25980/ | | File Size: | 55093 | | Last Modified: | Jul 11 06:37:19 2007 |
| MD5 Checksum: | fe7778547fd82e43d94acaad42ca5eae |
|
| /// File Name: |
sa26133.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some weaknesses, security issues, and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), gain knowledge of potentially sensitive information, and gain escalated privileges, or by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/26133/ | | File Size: | 50893 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | e99ac8395fc1f1c042704362ad39c47a |
|
| /// File Name: |
sa26180.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.
| | Homepage: | http://secunia.com/advisories/26180/ | | File Size: | 46619 | | Last Modified: | Jul 28 03:09:41 2007 |
| MD5 Checksum: | 68dd65d2085f8b632408e04a31b2a3e8 |
|
| /// File Name: |
USN-489-1.txt |
Description:
|
Ubuntu Security Notice 489-1 - A ridiculous amount of vulnerabilities in the Linux 2.6 kernel have been fixed.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 45306 | | Related CVE(s): | CVE-2006-4623, CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878, CVE-2007-3380, CVE-2007-3513 | | Last Modified: | Jul 20 08:22:42 2007 |
| MD5 Checksum: | 44760b5f718175c47aece71c76f178d5 |
|
| /// File Name: |
USN-482-1.txt |
Description:
|
Ubuntu Security Notice 482-1 - John Heasman discovered that OpenOffice did not correctly validate the sizes of tags in RTF documents. If a user were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 40780 | | Related CVE(s): | CVE-2007-0245 | | Last Modified: | Jul 12 03:12:07 2007 |
| MD5 Checksum: | 75edb6d8b7d27085e8b4f1cb97ca11fd |
|
| /// File Name: |
dsa-1330-1.txt |
Description:
|
Debian Security Advisory 1330-1 - Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. Stefan Esser discovered that a buffer overflow in the zip extension allows the execution of arbitrary code. It was discovered that a buffer overflow in the xmlrpc extension allows the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 40420 | | Related CVE(s): | CVE-2007-1864, CVE-2007-1399 | | Last Modified: | Jul 10 02:49:35 2007 |
| MD5 Checksum: | 9cf0c0cd8ed25af5fed88d4f4798e07a |
|
| /// File Name: |
USN-485-1.txt |
Description:
|
Ubuntu Security Notice 485-1 - It was discovered that the PHP xmlrpc extension did not correctly check heap memory allocation sizes. A remote attacker could send a specially crafted request to a PHP application using xmlrpc and execute arbitrary code as the Apache user. Stefan Esser discovered a flaw in the random number initialization of the PHP SOAP extension. This could lead to remote attackers being able to predict certain elements of the authentication mechanism.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 39606 | | Related CVE(s): | CVE-2007-1864, CVE-2007-2728 | | Last Modified: | Jul 18 06:11:30 2007 |
| MD5 Checksum: | 54166507fb3399332f713fbdf8eaeafc |
|
| /// File Name: |
sa26022.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openoffice.org and openoffice.org-amd64. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26022/ | | File Size: | 38935 | | Last Modified: | Jul 12 01:06:45 2007 |
| MD5 Checksum: | 78ed960846d4871fc78457b92508c8a6 |
|
| /// File Name: |
sa25938.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for php5. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/25938/ | | File Size: | 37124 | | Last Modified: | Jul 10 02:45:30 2007 |
| MD5 Checksum: | 5e33bbceb7aaa79ec6cf2ad2f2559e85 |
|
| /// File Name: |
sa26102.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for php. This fixes a vulnerability and a weakness, which can be exploited by malicious people to bypass certain security restrictions or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/26102/ | | File Size: | 37121 | | Last Modified: | Jul 19 04:44:59 2007 |
| MD5 Checksum: | b5b405523de9c7cc7b54fe675cfd9bf6 |
|
| /// File Name: |
dsa-1341-2.txt |
Description:
|
Debian Security Advisory 1341-2 - Amit Klein discovered that the BIND name server generates predictable DNS query IDs, which may lead to cache poisoning attacks.
| | Homepage: | http://www.debian.org/security | | File Size: | 33938 | | Related CVE(s): | CVE-2007-2926 | | Last Modified: | Jul 28 03:36:20 2007 |
| MD5 Checksum: | a53ca362331294563e2782284943cd28 |
|
| /// File Name: |
MDKSA-2007-144.txt |
Description:
|
Mandriva Linux Security Advisory - A heap overflow flaw was found in the RTF import filter of OpenOffice.org. If a victim were to open a specially-crafted RTF file, OpenOffice.org could crash or possibly execute arbitrary code.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 31343 | | Related CVE(s): | CVE-2007-0245 | | Last Modified: | Jul 11 10:45:30 2007 |
| MD5 Checksum: | c5dd5ecf3d74f3fd2aa7cd0efa87728c |
|
| /// File Name: |
sa25589.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/25589/ | | File Size: | 28116 | | Last Modified: | Jul 24 02:06:33 2007 |
| MD5 Checksum: | 203944e2ee0033c785c9d1170b712d4d |
|
| /// File Name: |
TISA2007-03-Public.pdf |
Description:
|
TeamIntell has discovered a local buffer overflow vulnerability in Poslovni Informator Republike Slovenije 2007 aka PIRS2007, a data collection of companies and active business subjects in Slovenia.
| | Author: | Edi Strosar | | Homepage: | http://www.teamintell.com/ | | File Size: | 26353 | | Last Modified: | Jul 14 00:51:10 2007 |
| MD5 Checksum: | 919831362bf3d6210792106c6233a5a2 |
|
| /// File Name: |
dsa-1335-1.txt |
Description:
|
Debian Security Advisory 1335-1 - Several remote vulnerabilities have been discovered in Gimp, the GNU Image Manipulation Program, which might lead to the execution of arbitrary code. Sean Larsson discovered several integer overflows in the processing code for DICOM, PNM, PSD, RAS, XBM and XWD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file. Stefan Cornelius discovered an integer overflow in the processing code for PSD images, which might lead to the execution of arbitrary code if a user is tricked into opening such a malformed media file.
| | Homepage: | http://www.debian.org/security | | File Size: | 25843 | | Related CVE(s): | CVE-2006-4519, CVE-2007-2949 | | Last Modified: | Jul 19 05:30:05 2007 |
| MD5 Checksum: | 8c2676d4606df48917eabd54c263e6c3 |
|
| /// File Name: |
USN-491-1.txt |
Description:
|
Ubuntu Security Notice 491-1 - A flaw was discovered in Bind's sequence number generator. A remote attacker could calculate future sequence numbers and send forged DNS query responses. This could lead to client connections being directed to attacker-controlled hosts, resulting in credential theft and other attacks.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23689 | | Related CVE(s): | CVE-2007-2926 | | Last Modified: | Jul 26 07:06:03 2007 |
| MD5 Checksum: | 73266bb57ca7241e26e5568088debcea |
|
| /// File Name: |
sa26132.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gimp. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26132/ | | File Size: | 23436 | | Last Modified: | Jul 20 07:47:25 2007 |
| MD5 Checksum: | 9ee614ae995eb1c970522867af6d3edc |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
