Section: .. / 0802-advisories /
| /// File Name: |
dsa-1482-1.txt |
Description:
|
Debian Security Advisory 1482-1 - It was discovered that malformed cache update replies against the Squid WWW proxy cache could lead to the exhaustion of system memory, resulting in potential denial of service.
| | Homepage: | http://www.debian.org/security | | File Size: | 8655 | | Related CVE(s): | CVE-2007-6239 | | Last Modified: | Feb 5 21:48:41 2008 |
| MD5 Checksum: | 62dd97be9f8d1a3bf87006f6340b12c3 |
|
| /// File Name: |
dsa-1505.txt |
Description:
|
Debian Security Advisory 1505 - Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel.
| | Homepage: | http://www.debian.org/security | | File Size: | 8237 | | Related CVE(s): | CVE-2007-4571 | | Last Modified: | Feb 22 20:44:31 2008 |
| MD5 Checksum: | eb87723bff78c5cb1231ac73609c47e5 |
|
| /// File Name: |
MDVSA-2008-042.txt |
Description:
|
Mandriva Linux Security Advisory - A potential vulnerability was discovered in Qt4 version 4.3.0 through 4.3.2 which may cause a certificate verification in SSL connections not to be performed. As a result, code that uses QSslSocket could be tricked into thinking that the certificate was verified correctly when it actually failed in one or more criteria.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8235 | | Related CVE(s): | CVE-2007-5965 | | Last Modified: | Feb 8 03:23:05 2008 |
| MD5 Checksum: | 31f621027015afc57042c111b0bd09f0 |
|
| /// File Name: |
MDVSA-2008-037.txt |
Description:
|
Mandriva Linux Security Advisory - A stack-based buffer overflow was discovered in libcdio that allowed context-dependent attackers to cause a denial of service (core dump) and possibly execute arbitrary code via a disk or image file that contains a long joliet file name. In addition, a fix for failed UTF-8 conversions that would cause a segfault on certain ISOs was also fixed.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8112 | | Related CVE(s): | CVE-2007-6613 | | Last Modified: | Feb 7 21:32:04 2008 |
| MD5 Checksum: | 375263142722b29b9f162fafd77a2c89 |
|
| /// File Name: |
sa28814.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/28814/ | | File Size: | 8034 | | Last Modified: | Feb 6 20:07:33 2008 |
| MD5 Checksum: | ef4565460f008915454335d1a1c866ad |
|
| /// File Name: |
sa28999.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for qt. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/28999/ | | File Size: | 8025 | | Last Modified: | Feb 22 20:44:40 2008 |
| MD5 Checksum: | f783e5c4d95988d564aae8bbe2508639 |
|
| /// File Name: |
MDVSA-2008-046-1.txt |
Description:
|
Mandriva Linux Security Advisory - An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity. The previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 8011 | | Related CVE(s): | CVE-2008-0486 | | Last Modified: | Feb 21 00:27:29 2008 |
| MD5 Checksum: | 04d67cfa2eb502925ea59569ac33519d |
|
| /// File Name: |
MDVSA-2008-041.txt |
Description:
|
Mandriva Linux Security Advisory - The ReadImage() function in Tk did not check codeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7928 | | Related CVE(s): | CVE-2008-0553 | | Last Modified: | Feb 7 21:35:43 2008 |
| MD5 Checksum: | a0d7e2ec2821412aeccaa3db54191735 |
|
| /// File Name: |
SSRT071420.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com/ | | File Size: | 7761 | | Related CVE(s): | CVE-2008-0212 | | Last Modified: | Feb 5 20:10:39 2008 |
| MD5 Checksum: | fe2e90dbfec6281530c555e75aa2ae03 |
|
| /// File Name: |
MDVSA-2008-046.txt |
Description:
|
Mandriva Linux Security Advisory - An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7578 | | Related CVE(s): | CVE-2008-0486 | | Last Modified: | Feb 15 18:05:52 2008 |
| MD5 Checksum: | 8cefaacccfbe5caed8d0f7461275c19a |
|
| /// File Name: |
MDVSA-2008-035.txt |
Description:
|
Mandriva Linux Security Advisory - Multiple vulnerabilities were discovered in the image decoders of ImageMagick. If a user or automated system were tricked into processing malicious DCM, DIB, XBM, XCF, or XWD images, a remote attacker could execute arbitrary code with user privileges.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7536 | | Related CVE(s): | CVE-2007-4985, CVE-2007-4986, CVE-2007-4987, CVE-2007-4988 | | Last Modified: | Feb 5 19:58:36 2008 |
| MD5 Checksum: | 51b149bf68f7ea9568ba5c822ffa3258 |
|
| /// File Name: |
SSRT080015.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running Apache. The vulnerability could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 7526 | | Related CVE(s): | CVE-2007-6388 | | Last Modified: | Feb 13 17:27:37 2008 |
| MD5 Checksum: | 888ad8e79f814fca9cf8608b22e8ea27 |
|
| /// File Name: |
MDVSA-2008-051.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw was found in how CUPS handled the addition and removal of remote printers via IPP that could allow a remote attacker to send a malicious IPP packet to the UDP port causing CUPS to crash.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7403 | | Related CVE(s): | CVE-2008-0886 | | Last Modified: | Feb 26 19:21:48 2008 |
| MD5 Checksum: | c1ad1151b4d1a2ed06c0b213eb2cba4a |
|
| /// File Name: |
USN-579-1.txt |
Description:
|
Ubuntu Security Notice 579-1 - It was discovered that QSslSocket did not properly verify SSL certificates. A remote attacker may be able to trick applications using QSslSocket into accepting invalid SSL certificates.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 7398 | | Related CVE(s): | CVE-2007-5965 | | Last Modified: | Feb 21 20:09:27 2008 |
| MD5 Checksum: | e64fb040c47d966f10531ee6d2326b61 |
|
| /// File Name: |
CORE-2007-1218.txt |
Description:
|
Core Security Technologies Advisory - The MPlayer package is vulnerable to a buffer overflow attack, which can be exploited by malicious remote attackers. The vulnerability is due to MPlayer not properly sanitizing certain tags on a FLAC file before using them to index an array on the stack. This can be exploited to execute arbitrary commands by opening a specially crafted file.
| | Author: | Damian Frizza, Alfredo Ortego | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 6985 | | Related CVE(s): | CVE-2008-0486 | | Last Modified: | Feb 4 14:45:56 2008 |
| MD5 Checksum: | 34ecc4e332eabd9c69806ef8fe08163e |
|
| /// File Name: |
sa29054.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for alsa-driver. This fixes a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/29054/ | | File Size: | 6977 | | Last Modified: | Feb 26 14:04:41 2008 |
| MD5 Checksum: | 93359725516dd1279f5801bc7058ebdf |
|
| /// File Name: |
SSRT080001.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified in Perl 5.8.7 and earlier running on HP Tru64 UNIX. The vulnerability could be exploited remotely to execute arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 6919 | | Related CVE(s): | CVE-2007-5116 | | Last Modified: | Feb 20 23:45:39 2008 |
| MD5 Checksum: | 8304dde5350a1568556f669f4ec5030d |
|
| /// File Name: |
SSRT080013.txt |
Description:
|
HP Security Bulletin - Potential security vulnerabilities have been identified with HP Select Identity software. The vulnerabilities could be exploited remotely to gain unauthorized access. The vulnerabilities can only be exploited by authenticated users.
| | Homepage: | http://www.hp.com/ | | File Size: | 6806 | | Related CVE(s): | CVE-2008-0214 | | Last Modified: | Feb 7 15:10:59 2008 |
| MD5 Checksum: | 6c3fbefb6a97627e3b0f4a31388b6e4e |
|
| /// File Name: |
MDVSA-2008-043.txt |
Description:
|
Mandriva Linux Security Advisory - A flaw in the vmsplice system call did not properly verify address arguments passed by user-space processes, which allowed local attackers to overwrite arbitrary kernel memory and gain root privileges. Mandriva urges all users to upgrade to these new kernels immediately as this flaw is being actively exploited. This issue only affects 2.6.17 and newer Linux kernels, so neither Corporate 3.0 nor Corporate 4.0 are affected.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 6741 | | Related CVE(s): | CVE-2008-0600 | | Last Modified: | Feb 12 14:15:05 2008 |
| MD5 Checksum: | c66d23c33a8ea1cec9bb4de1209da80d |
|
| /// File Name: |
htpasswd-weak.txt |
Description:
|
htpasswd as included with Apache version 2.2 suffers from a predictable salt weakness.
| | Author: | Peter Watkins | | File Size: | 6052 | | Last Modified: | Feb 14 15:02:29 2008 |
| MD5 Checksum: | c4732473372f3c4f3716285c242ae97a |
|
| /// File Name: |
SSRT080007.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with HP Virtual Rooms (HPVR) running on Microsoft Windows. The vulnerability could be exploited to allow remote execution of arbitrary code.
| | Homepage: | http://www.hp.com/ | | File Size: | 5896 | | Related CVE(s): | CVE-2008-0213 | | Last Modified: | Feb 6 14:35:44 2008 |
| MD5 Checksum: | 3b7aab986bdee3f31da45f4cfdbba919 |
|
| /// File Name: |
dsa-1495-2.txt |
Description:
|
Debian Security Advisory 1495-2 - A problem with the build system of the nagios-plugins package from old stable (Sarge) lead to check_procs not being included for the i386 architecture. This update fixes this regression. Several local/remote vulnerabilities had been discovered in two of the plugins for the Nagios network monitoring and management system.
| | Homepage: | http://www.debian.org/security | | File Size: | 5895 | | Related CVE(s): | CVE-2007-5198, CVE-2007-5623 | | Last Modified: | Feb 17 21:34:38 2008 |
| MD5 Checksum: | ff305e0c4eda51ab3ed85e75da24ac04 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
