Section: .. / 1002-advisories /
| /// File Name: |
HPSBMA02487-SSRT100024.txt |
Description:
|
HP Security Bulletin - A potential vulnerability has been identified with HP Operations Agent running on Solaris 10. The vulnerability could be exploited remotely to gain unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 5716 | | Related CVE(s): | CVE-2010-0444 | | Last Modified: | Feb 8 20:30:41 2010 |
| MD5 Checksum: | 5fbe3dd1d5fcb27b35d643ae9c445f35 |
|
| /// File Name: |
HPSBMA02488-SSRT100013.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with HP ProLiant Support Pack 8.30 for Windows. The vulnerabilities could be exploited remotely to execute code and to gain unauthorized access to information.
| | Homepage: | http://www.hp.com/ | | File Size: | 5849 | | Related CVE(s): | CVE-2009-0901, CVE-2009-2493, CVE-2009-2495 | | Last Modified: | Feb 12 02:35:53 2010 |
| MD5 Checksum: | 6072da1303957bd25556321b0ce0d95e |
|
| /// File Name: |
HPSBMA02504-SSRT090220.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could be exploited remotely to allow cross site scripting (XSS) and unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 7304 | | Related CVE(s): | CVE-2009-4185 | | Last Modified: | Feb 5 17:54:17 2010 |
| MD5 Checksum: | 8bdc0c1865ed6df2a0ba9658697c2150 |
|
| /// File Name: |
HPSBOV02505-SSRT100023.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with certain RMS (Record Management Services) patch kits for HP OpenVMS running on ALPHA platforms. The vulnerability could be locally exploited resulting in an escalation of privilege.
| | Homepage: | http://www.hp.com/ | | File Size: | 5751 | | Related CVE(s): | CVE-2010-0443 | | Last Modified: | Feb 4 01:20:28 2010 |
| MD5 Checksum: | 7f59caf4a03b1252f4de50f00137b2b3 |
|
| /// File Name: |
HPSBUX02464-SSRT090210.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified on HP Enterprise Cluster Master Toolkit (ECMT) version B.05.00 running on HP-UX. This vulnerability could be exploited by local users to gain unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 6647 | | Related CVE(s): | CVE-2009-4184 | | Last Modified: | Feb 2 16:40:16 2010 |
| MD5 Checksum: | f3ce765f11278800ebe91764a74db2b8 |
|
| /// File Name: |
HPSBUX02479-SSRT090212.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running HP CIFS Server (Samba). The vulnerability could be exploited to gain remote unauthorized access.
| | Homepage: | http://www.hp.com/ | | File Size: | 6896 | | Related CVE(s): | CVE-2009-2813 | | Last Modified: | Feb 2 23:09:17 2010 |
| MD5 Checksum: | 1bd2bb90138f5c6b04a2afdff0ccebc1 |
|
| /// File Name: |
HPSBUX02503-SSRT100019.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified in Java Runtime Environment (JRE) and Java Developer Kit (JDK) running on HP-UX. These vulnerabilities could allow remote unauthorized access, privilege escalation, and Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 8588 | | Related CVE(s): | CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, CVE-2009-3877 | | Last Modified: | Feb 8 20:49:09 2010 |
| MD5 Checksum: | efbb5c0e74247cce39311d4f8a8bc37d |
|
| /// File Name: |
ISVA-100216.1.txt |
Description:
|
Insomnia Security Vulnerability Advisory - A flaw exists with the handling of malformed URL's passed through the ShellExeute() API in Microsoft Windows. The vulnerability does not directly cause an issue within Windows itself however, applications that call the flawed API may be vulnerable to various attacks, one of which is shown in this report.
| | Author: | Brett Moore | | Homepage: | http://www.insomniasec.com/ | | File Size: | 3590 | | Last Modified: | Feb 16 16:51:05 2010 |
| MD5 Checksum: | cef9d9b7a11b9089ed9c3dfdd224c72a |
|
| /// File Name: |
jbcrypt-entropy.txt |
Description:
|
jBCrypt versions prior to 0.3 suffered from a bug related to character encoding that substantially reduced the entropy of hashed passwords containing non US-ASCII characters.
| | Author: | Damien Miller | | File Size: | 1317 | | Last Modified: | Feb 1 21:04:42 2010 |
| MD5 Checksum: | d7a5b239702b98ba4f71ff8bbcdc491a |
|
| /// File Name: |
MDVSA-2010-030.txt |
Description:
|
Mandriva Linux Security Advisory 2010-030 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. An issue was discovered in 2.6.32.x kernels, which sets unsecure permission for devtmpfs file system by default. Additionally, it was added support for Atheros AR2427 Wireless Network Adapter.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 24337 | | Related CVE(s): | CVE-2009-3080, CVE-2009-4005 | | Last Modified: | Feb 1 20:17:41 2010 |
| MD5 Checksum: | 247ec4422d463125fc850736a062769c |
|
| /// File Name: |
MDVSA-2010-031.txt |
Description:
|
Mandriva Linux Security Advisory 2010-031 - This advisory updates Wireshark to the version 1.0.11, which fixes The SMB and SMB2 dissectors could crash. The Infiniband dissector could crash on some platforms. Several buffer overflows were discovered and fixed in the LWRES dissector.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8364 | | Related CVE(s): | CVE-2009-4377, CVE-2009-2563 | | Last Modified: | Feb 2 23:30:02 2010 |
| MD5 Checksum: | 9e443d7104c527c78e5a2ac752791e93 |
|
| /// File Name: |
MDVSA-2010-032.txt |
Description:
|
Mandriva Linux Security Advisory 2010-032 - It was brought to our attention by Ludwig Nussel at SUSE the md5 collision certificate should not be included. This update removes the offending certificate. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The mozilla nss library has consequently been rebuilt to pickup these changes and are also being provided.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 9371 | | Last Modified: | Feb 5 11:11:24 2010 |
| MD5 Checksum: | fb17b56f0406c7f0d0e638567b8ed7a5 |
|
| /// File Name: |
MDVSA-2010-033.txt |
Description:
|
Mandriva Linux Security Advisory 2010-033 - A vulnerability have been discovered and corrected in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15, which allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header. This update provides a fix to this vulnerability.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5828 | | Related CVE(s): | CVE-2010-0308 | | Last Modified: | Feb 5 18:10:10 2010 |
| MD5 Checksum: | 5f8a0588df340f6223923c99892b9519 |
|
| /// File Name: |
MDVSA-2010-034-2.txt |
Description:
|
Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3296 | | Related CVE(s): | CVE-2009-3080, CVE-2009-4005 | | Last Modified: | Feb 20 13:21:08 2010 |
| MD5 Checksum: | 749baac7f49298f41103d4dd827b0f88 |
|
| /// File Name: |
MDVSA-2010-034.txt |
Description:
|
Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Additionally, the Linux kernel was updated to the stable release 2.6.27.45.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 58471 | | Related CVE(s): | CVE-2009-3080, CVE-2009-4005 | | Last Modified: | Feb 8 20:47:50 2010 |
| MD5 Checksum: | d91f94ab0453995f4d0b6461eaf27f69 |
|
| /// File Name: |
MDVSA-2010-036.txt |
Description:
|
Mandriva Linux Security Advisory 2010-036 - This advisory updates webmin to the latest version 1.500, fixing several bugs and a cross-site scripting issue which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4708 | | Related CVE(s): | CVE-2009-4568 | | Last Modified: | Feb 12 17:51:42 2010 |
| MD5 Checksum: | e7b32d031b1d58e4b8252bd4c13817ec |
|
| /// File Name: |
MDVSA-2010-037.txt |
Description:
|
Mandriva Linux Security Advisory 2010-037 - The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping. This update provides fetchmail 6.3.14, which is not vulnerable to this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3097 | | Related CVE(s): | CVE-2010-0562 | | Last Modified: | Feb 16 14:23:31 2010 |
| MD5 Checksum: | 9cd38bdd004a17c69b9f34d2182b4c99 |
|
| /// File Name: |
MDVSA-2010-038.txt |
Description:
|
Mandriva Linux Security Advisory 2010-038 - main.C in maildrop 2.3.0 and earlier, when run by root with the -d option, uses the gid of root for execution of the.mailfilter file in a user's home directory, which allows local users to gain privileges via a crafted file. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 4075 | | Related CVE(s): | CVE-2010-0301 | | Last Modified: | Feb 16 17:56:41 2010 |
| MD5 Checksum: | dc5fd9cb781046cbf741196521aa7d3f |
|
| /// File Name: |
MDVSA-2010-039.txt |
Description:
|
Mandriva Linux Security Advisory 2010-039 - Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted header field associated with a large color index value. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8441 | | Related CVE(s): | CVE-2009-4274 | | Last Modified: | Feb 17 18:53:00 2010 |
| MD5 Checksum: | b41b8ea3dffaad962b79530bac6f8d27 |
|
| /// File Name: |
MDVSA-2010-040.txt |
Description:
|
Mandriva Linux Security Advisory 2010-040 - Multiple vulnerabilities has been discovered and corrected in gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended. gnome-screensaver before 2.28.2 allows physically proximate attackers to bypass screen locking and access an unattended workstation by moving the mouse position to an external monitor and then disconnecting that monitor. This update provides gnome-screensaver 2.28.3, which is not vulnerable to these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 3120 | | Related CVE(s): | CVE-2009-4641, CVE-2010-0414 | | Last Modified: | Feb 17 19:25:52 2010 |
| MD5 Checksum: | 09c7e34c8bd37f170477786d4e8b6341 |
|
| /// File Name: |
MDVSA-2010-041.txt |
Description:
|
Mandriva Linux Security Advisory 2010-041 - Multiple security vulnerabilities has been identified and fixed Certain malformed SLP messages can trigger a crash because the MSN protocol plugin fails to check that all pieces of the message are set correctly. In a user in a multi-user chat room has a nickname containing '
' then libpurple ends up having two users with username ' ' in the room, and Finch crashes in this situation. We do not believe there is a possibility of remote code execution. oCERT notified us about a problem in Pidgin, where a large amount of processing time will be used when inserting many smileys into an IM or chat window. This should not cause a crash, but Pidgin can become unusable slow. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. This update provides pidgin 2.6.6, which is not vulnerable to these issues.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 14345 | | Related CVE(s): | CVE-2010-0277, CVE-2010-0420, CVE-2010-0423 | | Last Modified: | Feb 18 21:32:37 2010 |
| MD5 Checksum: | 289dea377f2bed1e9c2bbd09dcc9ca36 |
|
| /// File Name: |
MDVSA-2010-042.txt |
Description:
|
Mandriva Linux Security Advisory 2010-042 - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 77742 | | Related CVE(s): | CVE-2010-0159, CVE-2010-0160, CVE-2009-1571, CVE-2009-3988, CVE-2010-0162 | | Last Modified: | Feb 20 14:06:59 2010 |
| MD5 Checksum: | d23131bea4badf0c321518e694e27d09 |
|
| /// File Name: |
MDVSA-2010-043.txt |
Description:
|
Mandriva Linux Security Advisory 2010-043 - Integer overflow in libtheora in Xiph.Org Theora before 1.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5248 | | Related CVE(s): | CVE-2009-3389 | | Last Modified: | Feb 20 14:08:46 2010 |
| MD5 Checksum: | 3d19d8fc6a5c159cf6cacd8899999d90 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
