Section: .. / 0801-advisories /
| /// File Name: |
cisco-sa-20080116-cucmctl.txt |
Description:
|
Cisco Security Advisory - Cisco Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in the Certificate Trust List (CTL) Provider service that could allow a remote, unauthenticated user to cause a denial of service (DoS) condition or execute arbitrary code. There is a workaround for this vulnerability.
| | Homepage: | http://www.cisco.com/ | | File Size: | 14944 | | Related CVE(s): | CVE-2008-0027 | | Last Modified: | Jan 17 00:24:16 2008 |
| MD5 Checksum: | 97e3026e42de1ae8e311442a0ececf89 |
|
| /// File Name: |
sa28299.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for asterisk. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28299/ | | File Size: | 13826 | | Last Modified: | Jan 4 20:33:38 2008 |
| MD5 Checksum: | 6e7d3f0becbfeba16e9f37013b6deb64 |
|
| /// File Name: |
dsa-1478-1.txt |
Description:
|
Debian Security Advisory 1478-1 - Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 13182 | | Related CVE(s): | CVE-2008-0226, CVE-2008-0227 | | Last Modified: | Jan 29 22:19:05 2008 |
| MD5 Checksum: | 71116870a6ad4fd404a9f8f5d3440e16 |
|
| /// File Name: |
dsa-1472-1.txt |
Description:
|
Debian Security Advisory 1472-1 - Luigi Auriemma discovered that the Xine media player library performed insufficient input sanitising during the handling of RTSP streams, which could lead to the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 12944 | | Related CVE(s): | CVE-2008-0225 | | Last Modified: | Jan 21 21:50:48 2008 |
| MD5 Checksum: | 5fe521d4c0751ac6a64e78352522b815 |
|
| /// File Name: |
sa28343.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mysql-dfsg-5.0. This fixes some security issues and a vulnerability, which can be exploited by malicious users to bypass certain security restrictions, manipulate data, and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28343/ | | File Size: | 12766 | | Last Modified: | Jan 7 19:43:27 2008 |
| MD5 Checksum: | bc900020fcf3e13b98a10133eeb44d98 |
|
| /// File Name: |
cisco-sa-20080123-asa.txt |
Description:
|
Cisco Security Advisory - A crafted IP packet vulnerability exists in the Cisco PIX 500 Series Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security Appliance (ASA) that may result in a reload of the device. This vulnerability is triggered during processing of a crafted IP packet when the Time-to-Live (TTL) decrement feature is enabled.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12690 | | Related CVE(s): | CVE-2008-0028 | | Last Modified: | Jan 23 23:24:57 2008 |
| MD5 Checksum: | ee44bd7dede178400b8e0e71a92c6bea |
|
| /// File Name: |
MDVSA-2008-003.txt |
Description:
|
Mandriva Linux Security Advisory - An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable (PE) files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow. Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files. As well, an unspecified vulnerability related to the bzip2 decompression algorithm was also discovered.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 12689 | | Related CVE(s): | CVE-2007-6336, CVE-2007-6335, CVE-2007-6337 | | Last Modified: | Jan 9 13:03:36 2008 |
| MD5 Checksum: | 1330f076ef6be171676b36fe6eeda847 |
|
| /// File Name: |
sa28597.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for mysql-dfsg-5.0. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28597/ | | File Size: | 12610 | | Last Modified: | Jan 29 21:17:24 2008 |
| MD5 Checksum: | 0936b95975510f7da888eef484c7982f |
|
| /// File Name: |
sa28623.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for pulseaudio. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
| | Homepage: | http://secunia.com/advisories/28623/ | | File Size: | 12496 | | Last Modified: | Jan 25 18:58:49 2008 |
| MD5 Checksum: | 34aa8d1c3a04a023517fcec79c178990 |
|
| /// File Name: |
cisco-sa-200080130-wcs.txt |
Description:
|
Cisco Security Advisory - Apache Tomcat is the servlet container for JavaServlet and JavaServer Pages Web within the Cisco Wireless Control System (WCS). A vulnerability exists in the mod_jk.so URI handler within Apache Tomcat which, if exploited, may result in a remote code execution attack.
| | Homepage: | http://www.cisco.com/ | | File Size: | 12331 | | Related CVE(s): | CVE-2007-0774 | | Last Modified: | Jan 30 19:27:28 2008 |
| MD5 Checksum: | 3e7e563897fb70280fe79e9cd829bfb0 |
|
| /// File Name: |
sa28507.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/28507/ | | File Size: | 12186 | | Last Modified: | Jan 23 22:55:21 2008 |
| MD5 Checksum: | 25c8e6c7923b6cf885424f1b41160258 |
|
| /// File Name: |
sa28381.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28381/ | | File Size: | 12082 | | Last Modified: | Jan 11 12:37:52 2008 |
| MD5 Checksum: | 043b3bdfee9c42218f70943ccdd699ed |
|
| /// File Name: |
USN-565-1.txt |
Description:
|
Ubuntu Security Notice 565-1 - It was discovered that Squid did not always clean up cache memory correctly. A remote attacker could manipulate cache update replies and cause Squid to use all available memory, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11991 | | Related CVE(s): | CVE-2007-6239 | | Last Modified: | Jan 10 04:02:30 2008 |
| MD5 Checksum: | e583af601499be6eeb7d2910464b3896 |
|
| /// File Name: |
MDVSA-2008-1.txt |
Description:
|
Mandriva Linux Security Advisory - A number of vulnerabilities in the Wireshark program were found that could cause crashes, excessive looping, or arbitrary code execution.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 11754 | | Related CVE(s): | CVE-2007-6111, CVE-2007-6112, CVE-2007-6113, CVE-2007-6114, CVE-2007-6115, CVE-2007-6116, CVE-2007-6117, CVE-2007-6118, CVE-2007-6119, CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, CVE-2007-6450, CVE-2007-6451 | | Last Modified: | Jan 2 18:41:55 2008 |
| MD5 Checksum: | b2fe1c60eb411a75d03b5638db4e7bd8 |
|
| /// File Name: |
sa28380.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for opal. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/28380/ | | File Size: | 11511 | | Last Modified: | Jan 10 03:17:01 2008 |
| MD5 Checksum: | 47c0c2adc3cef56a8fb608f8a0ab8041 |
|
| /// File Name: |
USN-562-1.txt |
Description:
|
Ubuntu Security Notice 562-1 - Jose Miguel Esparza discovered that certain SIP headers were not correctly validated. A remote attacker could send a specially crafted packet to an application linked against opal (e.g. Ekiga) causing it to crash, leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 11249 | | Related CVE(s): | CVE-2007-4924 | | Last Modified: | Jan 9 01:51:06 2008 |
| MD5 Checksum: | f3bed9a75c235c3c9cdf854ae119f208 |
|
| /// File Name: |
sa28540.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for Xorg and XFree. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/28540/ | | File Size: | 10950 | | Last Modified: | Jan 21 19:58:06 2008 |
| MD5 Checksum: | 0e9cd994412eef5e84c1001b3d6bc25b |
|
| /// File Name: |
sa28464.txt |
Description:
|
Secunia Security Advisory - Fedora has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to gain escalated privileges or to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28464/ | | File Size: | 10641 | | Last Modified: | Jan 14 21:34:40 2008 |
| MD5 Checksum: | 6030520f148a54d1fa1e6a1bc51e08e3 |
|
| /// File Name: |
sa28260.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for peercast. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/28260/ | | File Size: | 10629 | | Last Modified: | Jan 3 13:16:15 2008 |
| MD5 Checksum: | 3e035a186eaf51a4e970fde5f8fa6e6d |
|
| /// File Name: |
MDVSA-2008-020.txt |
Description:
|
Mandriva Linux Security Advisory - Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute, related to the rmff_dump_header function and related to disregarding the max field. Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the rmff_dump_header function, different vectors than CVE-2008-0225.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10599 | | Related CVE(s): | CVE-2008-0238, CVE-2008-0225 | | Last Modified: | Jan 22 19:02:56 2008 |
| MD5 Checksum: | d3f450da7f7f6e9205d34b6199928e32 |
|
| /// File Name: |
dsa-1454-1.txt |
Description:
|
Debian Security Advisory 1454-1 - Greg MacManus discovered an integer overflow in the font handling of libfreetype, a FreeType 2 font engine, which might lead to denial of service or possibly the execution of arbitrary code if a user is tricked into opening a malformed font.
| | Homepage: | http://www.debian.org/security | | File Size: | 10589 | | Related CVE(s): | CVE-2007-1351 | | Last Modified: | Jan 7 14:39:25 2008 |
| MD5 Checksum: | 4ee5fe3148d201173f7fa250eddb14e3 |
|
| /// File Name: |
MDVSA-2008-028.txt |
Description:
|
Mandriva Linux Security Advisory - The mysql_change_db() function in MySQL 5.0.x before 5.0.40 did not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allowed remote authenticated users to gain privileges. The federated engine in MySQL 5.0.x, when performing a certain SHOW TABLE STATUS query, did not properly handle a response with a small number of columns, which could allow a remote MySQL server to cause a denial of service (federated handler crash and daemon crash) via a response that lacks the minimum required number of columns.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 10407 | | Related CVE(s): | CVE-2007-2692, CVE-2007-6304 | | Last Modified: | Jan 30 19:12:32 2008 |
| MD5 Checksum: | f10807d69e9bab5a2df809509cb505b0 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
