Section: .. / 0905-advisories /
| /// File Name: |
glsa-200905-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200905-06 - An error in acpid might allow remote attackers to cause a Denial of Service. The acpid daemon allows opening a large number of UNIX sockets without closing them, triggering an infinite loop. Versions less than 1.0.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2391 | | Related CVE(s): | CVE-2009-0798 | | Last Modified: | May 25 11:49:04 2009 |
| MD5 Checksum: | 4417e40a775dd33be5823646f4565101 |
|
| /// File Name: |
glsa-200905-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200905-08 - Multiple errors in the NTP client and server programs might allow for the remote execution of arbitrary code. Versions less than 4.2.4_p7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3424 | | Related CVE(s): | CVE-2009-0159, CVE-2009-1252 | | Last Modified: | May 26 23:02:55 2009 |
| MD5 Checksum: | f9374478a89d3e0679db0bd763370560 |
|
| /// File Name: |
glsa-200905-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200905-09 - Multiple heap-based buffer overflow vulnerabilities in libsndfile might allow remote attackers to execute arbitrary code. Versions less than 1.0.20 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3002 | | Related CVE(s): | CVE-2009-1788, CVE-2009-1791 | | Last Modified: | May 27 18:46:38 2009 |
| MD5 Checksum: | 7134e8cb4cd0c27549f12a001482fbc7 |
|
| /// File Name: |
grabit-overflow.txt |
Description:
|
Grabit versions 1.7.2 Beta 3 and below suffer from a NZB file parsing stack overflow vulnerability.
| | Author: | Niels Teusink | | Homepage: | http://blog.teusink.net/ | | File Size: | 717 | | Last Modified: | May 5 00:46:01 2009 |
| MD5 Checksum: | a4026bc4586d2c22bc7ea5d68cbae54f |
|
| /// File Name: |
HPSBMA02417-SSRT090031.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Data Protector Express 3.x and 4.x and HP Data Protector Express Single Server Edition (SSE) 3.x and 4.x running on supported Microsoft Windows, Linux, and NetWare versions. The vulnerability could be exploited locally to create a Denial of Service (DoS) or to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 9915 | | Related CVE(s): | CVE-2009-0714 | | Last Modified: | May 14 11:53:04 2009 |
| MD5 Checksum: | ab52bdc030922bd63fd55759bb778258 |
|
| /// File Name: |
HPSBMA02419-SSRT090060.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with Insight Control suite for Linux (ICE-LX) running Nagios. The vulnerabilities could be remotely exploited via cross-site request forgery (CSRF) and remote authentication bypass.
| | Homepage: | http://www.hp.com/ | | File Size: | 5903 | | Related CVE(s): | CVE-2008-6373, CVE-2008-5028, CVE-2008-5027 | | Last Modified: | May 6 23:49:42 2009 |
| MD5 Checksum: | 791f5b3b734ed4278e9a21615bda9d53 |
|
| /// File Name: |
HPSBMA02425-SSRT080091.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 8241 | | Related CVE(s): | CVE-2009-0720 | | Last Modified: | May 5 01:17:32 2009 |
| MD5 Checksum: | 5465dd63af1736cf4fb0b22b35b6e741 |
|
| /// File Name: |
HPSBMA02426-SSRT090053.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows running PHP and OpenSSL. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 6353 | | Related CVE(s): | CVE-2008-5077, CVE-2008-5814 | | Last Modified: | May 19 19:02:50 2009 |
| MD5 Checksum: | 1381726df24cbba5dce7400bcc237799 |
|
| /// File Name: |
HPSBMA02427-SSRT090069.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Remote Graphics Software (RGS) Sender running Easy Login. The vulnerability could be exploited remotely to gain unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 5989 | | Related CVE(s): | CVE-2009-0721 | | Last Modified: | May 19 21:16:46 2009 |
| MD5 Checksum: | 904bdc1ba27f5963e45c3c87b9c0ba93 |
|
| /// File Name: |
HPSBMA02428-SSRT090048.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP System ManagementHomepage (SMH) for Linux and Windows. This vulnerability could be exploited remotely to allow cross site scripting (XSS) and unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 6305 | | Related CVE(s): | CVE-2009-1418 | | Last Modified: | May 19 18:39:56 2009 |
| MD5 Checksum: | f05a68a4baa7d38583fdd330205a9b33 |
|
| /// File Name: |
HPSBUX02429-SSRT090058.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, execution of arbitrary code, and Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 9068 | | Related CVE(s): | CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107 | | Last Modified: | May 27 18:44:04 2009 |
| MD5 Checksum: | 57540a6a513d759be71ea1267c3919db |
|
| /// File Name: |
kayako30410-xss.txt |
Description:
|
A persistent cross site scripting vulnerability has been discovered in Kayako Support Suite version 3.04.10.
| | Homepage: | http://www.comodo.com/ | | File Size: | 1011 | | Last Modified: | May 6 23:54:38 2009 |
| MD5 Checksum: | 055b1d609590be9bf3083fd35195e3a7 |
|
| /// File Name: |
MDVSA-2009-102.txt |
Description:
|
Mandriva Linux Security Advisory 2009-102 - mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request. This update provides fixes for that vulnerability.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6723 | | Related CVE(s): | CVE-2009-1191 | | Last Modified: | May 2 22:27:32 2009 |
| MD5 Checksum: | 62c015c6a3d783df212e4f7aaeb15dc9 |
|
| /// File Name: |
MDVSA-2009-103.txt |
Description:
|
Mandriva Linux Security Advisory 2009-103 - Security vulnerabilities have been identified and fixed in udev. udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. The updated packages have been patched to prevent this.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4547 | | Related CVE(s): | CVE-2009-1185, CVE-2009-1186 | | Last Modified: | May 2 22:28:26 2009 |
| MD5 Checksum: | fca6b3ad188032c29ca817361170cafe |
|
| /// File Name: |
MDVSA-2009-104.txt |
Description:
|
Mandriva Linux Security Advisory 2009-104 - udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. The updated packages have been patched to prevent this.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 2732 | | Related CVE(s): | CVE-2009-1185 | | Last Modified: | May 2 22:29:17 2009 |
| MD5 Checksum: | 60af29e12f28aa5684b85b3fc3f4f85c |
|
| /// File Name: |
MDVSA-2009-105.txt |
Description:
|
Mandriva Linux Security Advisory 2009-105 - The process_stat function in Memcached prior 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending a command to the daemon's TCP port. The updated packages have been patched to prevent this.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3355 | | Related CVE(s): | CVE-2009-1255, CVE-2009-1494 | | Last Modified: | May 5 01:05:39 2009 |
| MD5 Checksum: | 1a2b6124cd58df88da278f234abe8f92 |
|
| /// File Name: |
MDVSA-2009-106.txt |
Description:
|
Mandriva Linux Security Advisory 2009-106 - Use-after-free vulnerability in the embedded GD library in libwmf 0.2.8.4 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WMF file. The updated packages have been patched to prevent this.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6214 | | Related CVE(s): | CVE-2009-1364 | | Last Modified: | May 5 19:18:15 2009 |
| MD5 Checksum: | ad916199a64668c8a5ddfae81d47b889 |
|
| /// File Name: |
MDVSA-2009-107.txt |
Description:
|
Mandriva Linux Security Advisory 2009-107 - The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service (CPU consumption and connectivity loss) by opening a large number of UNIX sockets without closing them, which triggers an infinite loop. The updated packages have been patched to prevent this.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4366 | | Related CVE(s): | CVE-2009-0798 | | Last Modified: | May 6 23:56:01 2009 |
| MD5 Checksum: | ca06e85ea4adefe260c9e098107d73a1 |
|
| /// File Name: |
MDVSA-2009-108.txt |
Description:
|
Mandriva Linux Security Advisory 2009-108 - A stack-based buffer overflow was found in the zsh command interpreter. An attacker could use this flaw to cause a denial of service (zsh crash), when providing a specially-crafted string as input to the zsh shell. The updated packages have been patched to prevent this.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4340 | | Related CVE(s): | CVE-2009-1214, CVE-2009-1215 | | Last Modified: | May 8 02:48:39 2009 |
| MD5 Checksum: | 2301eb4e2621e3c91a0196e578093ef6 |
|
| /// File Name: |
MDVSA-2009-109.txt |
Description:
|
Mandriva Linux Security Advisory 2009-109 - The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error. Updated packages are available that bring Quagga to version 0.99.12 which provides numerous bugfixes over the previous 0.99.9 version, and also corrects this issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3361 | | Related CVE(s): | CVE-2009-1572 | | Last Modified: | May 10 23:05:32 2009 |
| MD5 Checksum: | 83d1b65e763c4429cfe3269a0c1d3e0c |
|
| /// File Name: |
MDVSA-2009-111-1.txt |
Description:
|
Mandriva Linux Security Advisory 2009-111-1 - Security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Firefox 3.x, version 3.0.10. This update provides the latest Mozilla Firefox 3.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates. The recent Mozilla Firefox update missed the Firefox language packs for Mandriva Linux 2009. This update provides them, fixing the issue.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 14348 | | Related CVE(s): | CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305, CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308, CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312, CVE-2009-1313 | | Last Modified: | May 13 13:42:49 2009 |
| MD5 Checksum: | cd6140c06f730bb15dc37c1d6ec72b7f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
