Section: .. / 1002-advisories /
| /// File Name: |
sa38549.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system.
| | Homepage: | http://secunia.com/ | | File Size: | 216656 | | Last Modified: | Feb 16 05:57:49 2010 |
| MD5 Checksum: | 613732f1af16ffa74e794772c539899f |
|
| /// File Name: |
USN-894-1.txt |
Description:
|
Ubuntu Security Notice 894-1 - Various kernel related vulnerabilities have been addressed. It was discovered that FUSE did not correctly check certain requests. It was discovered that KVM did not correctly decode certain guest instructions. It was discovered that the OHCI fireware driver did not correctly handle certain ioctls. It was discovered that "print-fatal-signals" reporting could show arbitrary kernel memory contents.
| | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 160915 | | Related CVE(s): | CVE-2009-4020, CVE-2009-4021, CVE-2009-4031, CVE-2009-4138, CVE-2009-4141, CVE-2009-4308, CVE-2009-4536, CVE-2009-4538, CVE-2010-0003, CVE-2010-0006, CVE-2010-0007, CVE-2010-0291 | | Last Modified: | Feb 5 11:17:54 2010 |
| MD5 Checksum: | 98e6d98dfff677b7dbc464dadd2a391f |
|
| /// File Name: |
sa38461.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for kernel. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/ | | File Size: | 145014 | | Last Modified: | Feb 8 08:30:24 2010 |
| MD5 Checksum: | 336b542dc8ca6e1b69a011e508d09df2 |
|
| /// File Name: |
USN-903-1.txt |
Description:
|
Ubuntu Security Notice 903-1 - OpenOffice suffers from multiple vulnerabilities. It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. If a user were tricked into opening a specially crafted image, an attacker could execute arbitrary code with user privileges. Nicolas Joly discovered that OpenOffice did not correctly handle certain Word documents. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary code with user privileges. It was discovered that OpenOffice did not correctly handle certain VBA macros correctly. If a user were tricked into opening a specially crafted document, an attacker could execute arbitrary macro commands, bypassing security controls.
| | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 108967 | | Related CVE(s): | CVE-2009-0217, CVE-2009-2949, CVE-2009-2950, CVE-2009-3301, CVE-2009-3302, CVE-2010-0136 | | Last Modified: | Feb 25 00:53:51 2010 |
| MD5 Checksum: | ce4ecf7c54524af66c724c8378accd3e |
|
| /// File Name: |
sa38695.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openoffice.org. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system.
| | Homepage: | http://secunia.com/ | | File Size: | 101309 | | Last Modified: | Feb 24 03:40:36 2010 |
| MD5 Checksum: | fe3f0a01408d854bdd07931df4d2fab3 |
|
| /// File Name: |
dsa-1996-1.txt |
Description:
|
Debian Linux Security Advisory 1996-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 79384 | | Related CVE(s): | CVE-2009-3939, CVE-2009-4027, CVE-2009-4536, CVE-2009-4538, CVE-2010-0003, CVE-2010-0007, CVE-2010-0291, CVE-2010-0298, CVE-2010-0306, CVE-2010-0307, CVE-2010-0309, CVE-2010-0410, CVE-2010-0415 | | Last Modified: | Feb 15 15:31:13 2010 |
| MD5 Checksum: | fbdc26403ae55b8522f95a30964c1ce5 |
|
| /// File Name: |
MDVSA-2010-042.txt |
Description:
|
Mandriva Linux Security Advisory 2010-042 - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Security researcher Orlando Barrera II reported via TippingPoint's Zero Day Initiative that Mozilla's implementation of Web Workers contained an error in its handling of array data types when processing posted messages. Security researcher Alin Rad Pop of Secunia Research reported that the HTML parser incorrectly freed used memory when insufficient space was available to process remaining input. Security researcher Hidetake Jo of Microsoft Vulnerability Research reported that the properties set on an object passed to showModalDialog were readable by the document contained in the dialog, even when the document was from a different domain. An anonymous security researcher, via TippingPoint's Zero Day Initiative, also independently reported this issue to Mozilla. Mozilla security researcher Georgi Guninski reported that when a SVG document which is served with Content-Type: application/octet-stream is embedded into another document via an | | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 77742 | | Related CVE(s): | CVE-2010-0159, CVE-2010-0160, CVE-2009-1571, CVE-2009-3988, CVE-2010-0162 | | Last Modified: | Feb 20 14:06:59 2010 |
| MD5 Checksum: | d23131bea4badf0c321518e694e27d09 |
|
| /// File Name: |
sa38492.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for the linux-2.6. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), manipulate certain data, disclose potentially sensitive information, bypass certain security issues, and gain escalated privileges, and by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/ | | File Size: | 72806 | | Last Modified: | Feb 16 05:57:41 2010 |
| MD5 Checksum: | f07b56edd53940d47303e3e0a94e89dc |
|
| /// File Name: |
dsa-1988-1.txt |
Description:
|
Debian Linux Security Advisory 1988-1 - Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 65441 | | Related CVE(s): | CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1699, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1725, CVE-2009-2700 | | Last Modified: | Feb 4 01:11:28 2010 |
| MD5 Checksum: | 0fadcfbd4ac0cef554418c9945fd3bb0 |
|
| /// File Name: |
sa38447.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for qt4-x11. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or compromise a user's system.
| | Homepage: | http://secunia.com/ | | File Size: | 59063 | | Last Modified: | Feb 3 05:03:11 2010 |
| MD5 Checksum: | 33b5db2e7e94eec05e4814f75d3f2131 |
|
| /// File Name: |
MDVSA-2010-034.txt |
Description:
|
Mandriva Linux Security Advisory 2010-034 - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request. The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read. Additionally, the Linux kernel was updated to the stable release 2.6.27.45.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 58471 | | Related CVE(s): | CVE-2009-3080, CVE-2009-4005 | | Last Modified: | Feb 8 20:47:50 2010 |
| MD5 Checksum: | d91f94ab0453995f4d0b6461eaf27f69 |
|
| /// File Name: |
MDVSA-2010-045.txt |
Description:
|
Mandriva Linux Security Advisory 2010-045 - PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue.
| | Author: | Mandriva | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 51420 | | Related CVE(s): | CVE-2009-4143 | | Last Modified: | Feb 23 19:59:41 2010 |
| MD5 Checksum: | 59138632306bcf7a657471c53121d8d7 |
|
| /// File Name: |
sa38648.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for php5. This fixes two vulnerabilities, where one has unknown impacts and the other can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/ | | File Size: | 49597 | | Last Modified: | Feb 22 01:23:27 2010 |
| MD5 Checksum: | c5b03ca637888dad8878685351b17e0c |
|
| /// File Name: |
USN-895-1.txt |
Description:
|
Ubuntu Security Notice 895-1 - Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Orlando Barrera II discovered a flaw in the Web Workers implementation of Firefox. If a user were tricked into posting to a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Alin Rad Pop discovered that Firefox's HTML parser would incorrectly free memory under certain circumstances. Various other issues were also discovered.
| | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 38833 | | Related CVE(s): | CVE-2009-1571, CVE-2009-3988, CVE-2010-0159, CVE-2010-0160, CVE-2010-0162 | | Last Modified: | Feb 17 19:11:07 2010 |
| MD5 Checksum: | ff93080df214b29294a78454fc8960d3 |
|
| /// File Name: |
sa38649.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for firefox and xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
| | Homepage: | http://secunia.com/ | | File Size: | 35370 | | Last Modified: | Feb 24 03:40:21 2010 |
| MD5 Checksum: | 8f8ee4e791f76b5f51b4e7aa97a26ff3 |
|
| /// File Name: |
dsa-2000-1.txt |
Description:
|
Debian Linux Security Advisory 2000-1 - Several vulnerabilities have been discovered in ffmpeg, a multimedia player, server and encoder, which also provides a range of multimedia libraries used in applications like MPlayer.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 33350 | | Related CVE(s): | CVE-2009-4631, CVE-2009-4632, CVE-2009-4633, CVE-2009-4634, CVE-2009-4635, CVE-2009-4636, CVE-2009-4637, CVE-2009-4638, CVE-2009-4640 | | Last Modified: | Feb 20 12:41:56 2010 |
| MD5 Checksum: | a06a795f5b0d1d282286beb2cb1f1fd6 |
|
| /// File Name: |
USN-897-1.txt |
Description:
|
Ubuntu Security Notice 897-1 - It was discovered that MySQL could be made to overwrite existing table files in the data directory. It was discovered that MySQL contained a cross-site scripting vulnerability in the command-line client when the --html option is enabled. It was discovered that MySQL could be made to overwrite existing table files in the data directory. It was discovered that MySQL contained multiple format string flaws when logging database creation and deletion. It was discovered that MySQL incorrectly handled errors when performing certain SELECT statements, and did not preserve correct flags when performing statements that use the GeomFromWKB function. It was discovered that MySQL incorrectly checked symlinks when using the DATA DIRECTORY and INDEX DIRECTORY options. It was discovered that MySQL contained a buffer overflow when parsing ssl certificates.
| | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 29842 | | Related CVE(s): | CVE-2008-4098, CVE-2008-4456, CVE-2008-7247, CVE-2009-2446, CVE-2009-4019, CVE-2009-4030, CVE-2009-4484 | | Last Modified: | Feb 10 15:52:19 2010 |
| MD5 Checksum: | ce3e7c0fa7382112da9bbe5625d10e61 |
|
| /// File Name: |
USN-900-1.txt |
Description:
|
Ubuntu Security Notice 900-1 - Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application privileges. Giovanni Pellerano, Alessandro Tanasi, and Francesco Ongaro discovered that Ruby did not properly sanitize data written to log files. An attacker could insert specially-crafted data into log files which could affect certain terminal emulators and cause arbitrary files to be overwritten, or even possibly execute arbitrary commands. It was discovered that Ruby did not properly handle string arguments that represent large numbers. An attacker could exploit this and cause a denial of service. This issue only affected Ubuntu 9.10.
| | Author: | Ubuntu | | Homepage: | http://security.ubuntu.com/ | | File Size: | 27580 | | Related CVE(s): | CVE-2009-1904, CVE-2009-4124, CVE-2009-4492 | | Last Modified: | Feb 16 17:08:35 2010 |
| MD5 Checksum: | 3b31b80b0da78d5ad7722be923a5e0a2 |
|
| /// File Name: |
sa38517.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mysql-dfsg-5 and mysql-dfsg-5.1. This fixes some security issues and vulnerabilities, which can be exploited by local users to bypass certain security restrictions, by malicious users to bypass certain security restrictions and cause a DoS (Denial of Service), and by malicious people to conduct cross-site scripting attacks, cause a DoS, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/ | | File Size: | 27158 | | Last Modified: | Feb 11 05:10:21 2010 |
| MD5 Checksum: | 970eb4d6b4da186e08f14843cf32a66e |
|
| /// File Name: |
dsa-1987-1.txt |
Description:
|
Debian Linux Security Advisory 1987-1 - Li Ming discovered that lighttpd, a small and fast webserver with minimal memory footprint, is vulnerable to a denial of service attack due to bad memory handling. Slowly sending very small chunks of request data causes lighttpd to allocate new buffers for each read instead of appending to old ones. An attacker can abuse this behaviour to cause denial of service conditions due to memory exhaustion.
| | Author: | Debian | | Homepage: | http://www.debian.org/security | | File Size: | 26105 | | Related CVE(s): | CVE-2010-0295 | | Last Modified: | Feb 2 22:28:58 2010 |
| MD5 Checksum: | b596d4c67fe9e1ab32c065db6a8fdce0 |
|
| /// File Name: |
sa38586.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for ruby1.9. This fixes multiple vulnerabilities and a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service), compromise a vulnerable system, and manipulate certain data.
| | Homepage: | http://secunia.com/ | | File Size: | 25937 | | Last Modified: | Feb 17 10:40:16 2010 |
| MD5 Checksum: | 1dd08556a5a3d7db50acb5c11aa7587a |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
