Section: .. / 0708-advisories /
| /// File Name: |
FreeBSD-SA-07-06.tcpdump.txt |
Description:
|
FreeBSD Security Advisory - By crafting malicious BGP packets, an attacker could exploit a vulnerability in tcpdump allowing them to execute code or crash the process.
| | Homepage: | http://security.freebsd.org/ | | File Size: | 4183 | | Related CVE(s): | CVE-2007-3798 | | Last Modified: | Aug 8 07:00:58 2007 |
| MD5 Checksum: | 1bd850f1efce8de400f13f7c5649dc81 |
|
| /// File Name: |
FreeBSD-SA-07-07.bind.txt |
Description:
|
FreeBSD Security Advisory - An attacker who can see the query id for some request(s) sent by named(8) is likely to be able to perform DNS cache poisoning by predicting the query id for other request(s).
| | Homepage: | http://security.freebsd.org/ | | File Size: | 5024 | | Related CVE(s): | CVE-2007-2926 | | Last Modified: | Aug 8 07:01:53 2007 |
| MD5 Checksum: | 1899f894331dbbaf028a86edf33311ce |
|
| /// File Name: |
glsa-200708-01.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-01 - Mark Hills discovered some errors when interacting with a browser for keystrokes handling (CVE-2007-2022). Stefano Di Paola and Giorgio Fedon from Minded Security discovered a boundary error when processing FLV files (CVE-2007-3456). An input validation error when processing HTTP referrers has also been reported (CVE-2007-3457). Versions less than 9.0.48.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3119 | | Related CVE(s): | CVE-2007-2022, CVE-2007-3456, CVE-2007-3457 | | Last Modified: | Aug 9 03:07:10 2007 |
| MD5 Checksum: | 6b10fe9e49a4c53d83799e0f5245363d |
|
| /// File Name: |
glsa-200708-02.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-02 - Trixter Jack discovered an array indexing error in the get_intra_block() function in the file src/bitstream/mbcoding.c. The get_inter_block_h263() and get_inter_block_mpeg() functions in the same file were also reported as vulnerable. Versions less than 1.1.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2680 | | Related CVE(s): | CVE-2007-3329 | | Last Modified: | Aug 9 03:10:17 2007 |
| MD5 Checksum: | a31ce67035a391f9b578a38adae7cd7d |
|
| /// File Name: |
glsa-200708-03.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-03 - CPNI, CERT-FI, Tim Kientzle, and Colin Percival reported a buffer overflow (CVE-2007-3641), an infinite loop (CVE-2007-3644), and a NULL pointer dereference (CVE-2007-3645) within the processing of archives having corrupted PaX extension headers. Versions less than 2.2.4 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3100 | | Related CVE(s): | CVE-2007-3641, CVE-2007-3644, CVE-2007-3645 | | Last Modified: | Aug 9 03:10:38 2007 |
| MD5 Checksum: | d6d4b9c9d764f998fdea5b893712f6b4 |
|
| /// File Name: |
glsa-200708-04.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-04 - Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives. Versions less than 0.91 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2379 | | Related CVE(s): | CVE-2007-3725 | | Last Modified: | Aug 10 05:13:29 2007 |
| MD5 Checksum: | 420ac6f0b636359d5a7c7936079d8419 |
|
| /// File Name: |
glsa-200708-05.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-05 - Xavier Roche discovered an infinite loop in the gdPngReadData() function when processing a truncated PNG file. An integer overflow has been discovered in the gdImageCreateTrueColor() function. An error has been discovered in the function gdImageCreateXbm() function. Unspecified vulnerabilities have been discovered in the GIF reader. An error has been discovered when processing a GIF image that has no global color map. An array index error has been discovered in the file gd_gif_in.c when processing images with an invalid color index. An error has been discovered in the imagearc() and imagefilledarc() functions when processing overly large angle values. A race condition has been discovered in the gdImageStringFTEx() function. Versions less than 2.0.35 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3843 | | Related CVE(s): | CVE-2007-2756, CVE-2007-3472, CVE-2007-3473, CVE-2007-3474, CVE-2007-3475, CVE-2007-3476, CVE-2007-3477, CVE-2007-3478 | | Last Modified: | Aug 10 05:16:58 2007 |
| MD5 Checksum: | ef5b7a4d0bdacff83b141f10984ea08e |
|
| /// File Name: |
glsa-200708-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-06 - hjp discovered an error when handling DNS query IDs which make them partially predictable. Steffen Ullrich discovered an error in the dn_expand() function which could lead to an endless loop. Versions less than 0.60 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2702 | | Related CVE(s): | CVE-2007-3377, CVE-2007-3409 | | Last Modified: | Aug 14 03:32:37 2007 |
| MD5 Checksum: | d3cd689f865ff74af2e3ef5120ccc28b |
|
| /// File Name: |
glsa-200708-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-07 - Lasse Karkkainen discovered that the function terminal_helper_execute() in file terminal-helper.c does not properly escape the URIs before processing. Versions less than 0.2.6_p25931 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2678 | | Related CVE(s): | CVE-2007-3770 | | Last Modified: | Aug 14 03:32:58 2007 |
| MD5 Checksum: | 8a06442279241f7b22bb7b0ca2368350 |
|
| /// File Name: |
glsa-200708-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-08 - The functions deletekey(), gpg_check_sign_pgp_mime() and gpg_recv_key() used in the SquirrelMail G/PGP encryption plugin do not properly escape user-supplied data. Versions less than 1.4.10a-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3125 | | Related CVE(s): | CVE-2005-1924, CVE-2006-4169 | | Last Modified: | Aug 14 03:33:17 2007 |
| MD5 Checksum: | 1db27123a22496b63e2abbb26675a784 |
|
| /// File Name: |
glsa-200708-09.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-09 - Mozilla developers fixed several bugs, including an issue with modifying XPCNativeWrappers, a problem with event handlers executing elements outside of the document, and a cross-site scripting (XSS) vulnerability. They also fixed a problem with promiscuous IFRAME access and an XULRunner URL spoofing issue with the wyciwyg:// URI and HTTP 302 redirects. Denials of Service involving corrupted memory were fixed in the browser engine and the JavaScript engine. Finally, another XSS vulnerability caused by a regression in the CVE-2007-3089 patch was fixed. Versions less than 2.0.0.6 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 5968 | | Related CVE(s): | CVE-2007-3089, CVE-2007-3656, CVE-2007-3734, CVE-2007-3735, CVE-2007-3736, CVE-2007-3737, CVE-2007-3738, CVE-2007-3844 | | Last Modified: | Aug 15 06:39:21 2007 |
| MD5 Checksum: | 644a817d047e617caf2ae4057ff42c67 |
|
| /// File Name: |
glsa-200708-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-10 - Dormando reported a vulnerability within the handling of password packets in the connection protocol. Andrei Elkin also found that the CREATE TABLE LIKE command didn't require SELECT privileges on the source table. Versions less than 5.0.44 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 2788 | | Related CVE(s): | CVE-2007-3780, CVE-2007-3781 | | Last Modified: | Aug 17 08:06:22 2007 |
| MD5 Checksum: | ee0149052460245ae2cdba93d6f42499 |
|
| /// File Name: |
glsa-200708-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-11 - Stefan Esser discovered errors with evidence of memory corruption in the code parsing the headers. Several independent researchers also reported errors involving the handling of HTTP headers, the mod_auth and mod_scgi modules, and the limitation of active connections. Versions less than 1.4.16 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3153 | | Related CVE(s): | CVE-2007-3946, CVE-2007-3947, CVE-2007-3948, CVE-2007-3949, CVE-2007-3950 | | Last Modified: | Aug 17 08:06:36 2007 |
| MD5 Checksum: | 9bd27ce7a20101b5b936e1a7c226f9cb |
|
| /// File Name: |
glsa-200708-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-12 - Wireshark doesn't properly handle chunked encoding in HTTP responses, iSeries capture files, certain types of DCP ETSI packets, and SSL or MMS packets. An off-by-one error has been discovered in the DHCP/BOOTP dissector when handling DHCP-over-DOCSIS packets. Versions less than 0.99.6 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3313 | | Related CVE(s): | CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3393 | | Last Modified: | Aug 17 08:07:59 2007 |
| MD5 Checksum: | cc88b54041517dcd6ccb51035dc695b2 |
|
| /// File Name: |
glsa-200708-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-13 - Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable (1 chance to 8) query IDs in the resolver routine or in zone transfer queries. Additionally, the default configuration file has been strengthen with respect to the allow-recursion{} and the allow-query{} options. Versions less than 9.4.1_p1 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3519 | | Related CVE(s): | CVE-2007-2925, CVE-2007-2926 | | Last Modified: | Aug 20 03:44:52 2007 |
| MD5 Checksum: | cffd6d1ac35b3bf07e61abba385f8390 |
|
| /// File Name: |
glsa-200708-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-14 - Gregory Shikhman discovered that the default Gentoo setup of NVIDIA drivers creates the /dev/nvidia* with insecure file permissions. Versions less than 100.14.09 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2639 | | Related CVE(s): | CVE-2007-3532 | | Last Modified: | Aug 20 03:45:07 2007 |
| MD5 Checksum: | f20cced36e21293cafa8e11dd3f11e89 |
|
| /// File Name: |
glsa-200708-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-15 - Apache mod_jk decodes the URL within Apache before passing them to Tomcat, which decodes them a second time. Versions less than 1.2.23 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2431 | | Related CVE(s): | CVE-2007-1860 | | Last Modified: | Aug 20 03:45:34 2007 |
| MD5 Checksum: | 5135360d85d7e6b7f56d63cc1919854f |
|
| /// File Name: |
glsa-200708-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-16 - Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE reported multiple format string errors in qWarning() calls in files qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp, qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp. Versions less than 3.3.8-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2638 | | Related CVE(s): | CVE-2007-3388 | | Last Modified: | Aug 24 03:27:38 2007 |
| MD5 Checksum: | 44e3de01d12520f59c6ed84624ce890e |
|
| /// File Name: |
glsa-200708-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200708-17 - An error known as a virtual function call on an invalid pointer has been discovered in the JavaScript engine. Furthermore, iDefense Labs reported that an already-freed pointer may be still used under unspecified circumstances in the BitTorrent support. At last, minor other errors have been discovered, relative to memory read protection (Opera Advisory 861) and URI displays. Versions less than 9.23 are affected.
| | Homepage: | http://security.gentoo.org/ | | File Size: | 3493 | | Related CVE(s): | CVE-2007-3142, CVE-2007-3819, CVE-2007-3929, CVE-2007-4367 | | Last Modified: | Aug 24 03:28:38 2007 |
| MD5 Checksum: | d8561958b8a8d45ae0895de9887829c7 |
|
| /// File Name: |
hispasec-unreal.txt |
Description:
|
HISPASEC Security Advisory - X-Diesel Unreal Commander version 0.92 suffers from name spoofing and directory traversal vulnerabilities.
| | Author: | Gynvael Coldwind | | Homepage: | http://blog.hispasec.com/lab/ | | File Size: | 3239 | | Last Modified: | Aug 24 03:16:53 2007 |
| MD5 Checksum: | a7b9943a9c61d14e729bad7f2035bcea |
|
| /// File Name: |
HPSBMA02235.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Internet Service (OVIS) running Shared Trace Service on HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 6650 | | Last Modified: | Aug 14 06:00:32 2007 |
| MD5 Checksum: | 51bc5f9d668bed43e2e0bfdf1adff919 |
|
| /// File Name: |
HPSBMA02237.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Performance Agent (OVPA) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 6829 | | Last Modified: | Aug 14 06:01:47 2007 |
| MD5 Checksum: | 499d4cfe7e864bce4079df7a29f0db80 |
|
| /// File Name: |
HPSBMA02238.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Reporter running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 5515 | | Last Modified: | Aug 14 06:02:35 2007 |
| MD5 Checksum: | ac288ad97d25f61b550dc2496729119a |
|
| /// File Name: |
HPSBMA02239.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in HP OpenView Operations (OVO) Agents running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 8732 | | Last Modified: | Aug 14 06:03:16 2007 |
| MD5 Checksum: | c37e3ec73f9dbfb81720bb650d48b155 |
|
| /// File Name: |
HPSBMA02241.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Service Quality Manager (OV SQM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
| | Homepage: | http://www.hp.com | | File Size: | 6556 | | Last Modified: | Aug 14 06:03:54 2007 |
| MD5 Checksum: | ceddbaa056765285681986b355c7775c |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
