Section: .. / 0804-advisories /
| /// File Name: |
dsa-1547-1.txt |
Description:
|
Debian Security Advisory 1547-1 - Several bugs have been discovered in the way OpenOffice.org parses Quattro Pro files that may lead to a overflow in the heap potentially leading to the execution of arbitrary code. Specially crafted EMF files can trigger a buffer overflow in the heap that may lead to the execution of arbitrary code. A bug has been discovered in the processing of OLE files that can cause a buffer overflow in the heap potentially leading to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 52522 | | Related CVE(s): | CVE-2008-0320, CVE-2007-5746, CVE-2007-5745, CVE-2007-5747 | | Last Modified: | Apr 17 12:59:27 2008 |
| MD5 Checksum: | 3e602f9510435bd086117c6f3188a51f |
|
| /// File Name: |
sa29864.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29864/ | | File Size: | 48832 | | Last Modified: | Apr 17 18:12:38 2008 |
| MD5 Checksum: | 2d7f6487a1d52af2175a83e0b8fbfbc5 |
|
| /// File Name: |
USN-603-2.txt |
Description:
|
Ubuntu Security Notice 603-2 - USN-603-1 fixed vulnerabilities in poppler. This update provides the corresponding updates for KWord, part of KOffice. It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 48008 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 17 18:29:25 2008 |
| MD5 Checksum: | d868647294c24941511fa277eac06e2e |
|
| /// File Name: |
sa29851.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for KOffice. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29851/ | | File Size: | 45514 | | Last Modified: | Apr 18 20:45:59 2008 |
| MD5 Checksum: | 1dd4b2f33a0bd0890889b807d7433fa5 |
|
| /// File Name: |
sa29910.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for OpenOffice_org. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29910/ | | File Size: | 42976 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 830d7c4bc72ccf85620674d983d98c82 |
|
| /// File Name: |
USN-602-1.txt |
Description:
|
Ubuntu Security Notice 602-1 - Flaws were discovered in Firefox which could lead to crashes during JavaScript garbage collection. If a user were tricked into opening a malicious web page, an attacker may be able to crash the browser or possibly execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 28998 | | Related CVE(s): | CVE-2008-1380 | | Last Modified: | Apr 22 21:29:24 2008 |
| MD5 Checksum: | 21e097647ae14be9643afff299913525 |
|
| /// File Name: |
sa29912.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for firefox. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29912/ | | File Size: | 28224 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | 54475e0e63b35ca5b75de3ee82f71cb4 |
|
| /// File Name: |
dsa-1558-1.txt |
Description:
|
Debian Security Advisory 1558-1 - It was discovered that crashes in the Javascript engine of xulrunner, the Gecko engine library, could potentially lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 27398 | | Related CVE(s): | CVE-2008-1380 | | Last Modified: | Apr 24 17:07:47 2008 |
| MD5 Checksum: | 4850d8da80953fcdd093d6f183997530 |
|
| /// File Name: |
sa29947.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xulrunner. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29947/ | | File Size: | 26206 | | Last Modified: | Apr 28 10:37:56 2008 |
| MD5 Checksum: | a5e9532c5760a2eb4d3fdf03c072cad3 |
|
| /// File Name: |
USN-603-1.txt |
Description:
|
Ubuntu Security Notice 603-1 - It was discovered that the poppler PDF library did not correctly handle certain malformed embedded fonts. If a user or an automated system were tricked into opening a malicious PDF, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 25543 | | Related CVE(s): | CVE-2008-1693 | | Last Modified: | Apr 17 18:28:39 2008 |
| MD5 Checksum: | ab602d084ad7a129d3846b95f49c622a |
|
| /// File Name: |
dsa-1538-1.txt |
Description:
|
Debian Security Advisory 1538-1 - Erik Sjolund discovered a buffer overflow vulnerability in the Ogg Vorbis input plugin of the alsaplayer audio playback application. Successful exploitation of this vulnerability through the opening of a maliciously-crafted Vorbis file could lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 25300 | | Related CVE(s): | CVE-2007-5301 | | Last Modified: | Apr 4 20:11:20 2008 |
| MD5 Checksum: | 509381d3a9dc0720051f2c4c85abb62d |
|
| /// File Name: |
sa29884.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for poppler. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29884/ | | File Size: | 24798 | | Last Modified: | Apr 18 20:45:59 2008 |
| MD5 Checksum: | 8918bfb86e79ea4da0eb5efc454241a9 |
|
| /// File Name: |
CORE-2008-0320.txt |
Description:
|
Core Security Technologies Advisory - Insufficient argument validation of hooked SSDT functions exists in BitDefender Antivirus 2008 Build 11.0.11, Comodo Firewall Pro 2.4.18.184, Sophos Antivirus 7.0.5, and Rising Antivirus 19.60.0.0 and 19.66.0.0. Older versions may be affected, but were not checked.
| | Author: | Damian Saura, Anibal Sacco, Dario Menichelli, Norberto Kueffner, Andres Blanco, Rodrigo Carvalho | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 24176 | | Related CVE(s): | CVE-2008-1735, CVE-2008-1736, CVE-2008-1737, CVE-2008-1738 | | Last Modified: | Apr 28 18:43:55 2008 |
| MD5 Checksum: | 07f48db168be845e6c0d39ee8563171e |
|
| /// File Name: |
sa29680.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for alsaplayer. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29680/ | | File Size: | 23737 | | Last Modified: | Apr 7 22:57:36 2008 |
| MD5 Checksum: | 2c705b49b7932e19dde48f9b01846150 |
|
| /// File Name: |
USN-598-1.txt |
Description:
|
Ubuntu Security Notice 598-1 - It was discovered that the CUPS administration interface contained a heap- based overflow flaw. A local attacker, and a remote attacker if printer sharing is enabled, could send a malicious request and possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that the hpgl filter in CUPS did not properly validate its input when parsing parameters. If a crafted HP-GL/2 file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that CUPS had a flaw in its managing of remote shared printers via IPP. A remote attacker could send a crafted UDP packet and cause a denial of service or possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile. It was discovered that CUPS did not properly perform bounds checking in its GIF decoding routines. If a crafted GIF file were printed, an attacker could possibly execute arbitrary code as the non-root user in Ubuntu 6.06 LTS, 6.10, and 7.04. In Ubuntu 7.10, attackers would be isolated by the AppArmor CUPS profile.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 23422 | | Related CVE(s): | CVE-2008-1373, CVE-2008-0047, CVE-2008-0053, CVE-2008-0882 | | Last Modified: | Apr 3 01:47:02 2008 |
| MD5 Checksum: | 3d4ed2daa34bf5032ac967c51449a280 |
|
| /// File Name: |
dsa-1543-1.txt |
Description:
|
Debian Security Advisory 1543-1 - A fair amount of people have discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running vlc.
| | Homepage: | http://www.debian.org/security | | File Size: | 23070 | | Related CVE(s): | CVE-2007-6681, CVE-2007-6682, CVE-2007-6683, CVE-2008-0295, CVE-2008-0296, CVE-2008-0073, CVE-2008-0984, CVE-2008-1489 | | Last Modified: | Apr 10 16:36:51 2008 |
| MD5 Checksum: | f21e2006584c648bf8aafc1ba9d3afa2 |
|
| /// File Name: |
sa29603.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29603/ | | File Size: | 21644 | | Last Modified: | Apr 4 16:56:23 2008 |
| MD5 Checksum: | cdff702edae382ea9b8ffb027f4e347e |
|
| /// File Name: |
sa29766.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for vlc. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29766/ | | File Size: | 20282 | | Last Modified: | Apr 11 14:38:49 2008 |
| MD5 Checksum: | 84d9f247c0bc4f04d9ccfa346d09daa6 |
|
| /// File Name: |
USN-597-1.txt |
Description:
|
Ubuntu Security Notice 597-1 - Timo Juhani Lindfors discovered that the OpenSSH client, when port forwarding was requested, would listen on any available address family. A local attacker could exploit this flaw on systems with IPv6 enabled to hijack connections, including X11 forwards.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17916 | | Related CVE(s): | CVE-2008-1483 | | Last Modified: | Apr 1 22:37:56 2008 |
| MD5 Checksum: | acc7ff3797e35f1b35341adcd57bb07d |
|
| /// File Name: |
sa29626.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openssh. This fixes a vulnerability, which can be exploited by malicious, local users to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/29626/ | | File Size: | 17597 | | Last Modified: | Apr 3 00:45:58 2008 |
| MD5 Checksum: | 29e3e30dbd7e247bb8da176313bff0d4 |
|
| /// File Name: |
USN-599-1.txt |
Description:
|
Ubuntu Security Notice 599-1 - Chris Evans discovered that Ghostscript contained a buffer overflow in its color space handling code. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17458 | | Related CVE(s): | CVE-2008-0411 | | Last Modified: | Apr 10 16:56:36 2008 |
| MD5 Checksum: | 43efa697a0e4c0676a66dd1e0d1a4691 |
|
| /// File Name: |
sa29768.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29768/ | | File Size: | 16838 | | Last Modified: | Apr 11 14:38:49 2008 |
| MD5 Checksum: | 631cd180c82e4ba37c747478c1ce038c |
|
| /// File Name: |
dsa-1562-1.txt |
Description:
|
Debian Security Advisory 1562-1 - It was discovered that crashes in the Javascript engine of Iceape, an unbranded version of the Seamonkey internet suite could potentially lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 16583 | | Related CVE(s): | CVE-2008-1380 | | Last Modified: | Apr 28 18:26:16 2008 |
| MD5 Checksum: | 44efe19b09ab216dba3a560ccee827b3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
