Section: .. / 0803-advisories /
| /// File Name: |
USN-588-1.txt |
Description:
|
Ubuntu Security Notice 588-1 - Masaaki Hirose discovered that MySQL could be made to dereference a NULL pointer. An authenticated user could cause a denial of service (application crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table. This issue only affects Ubuntu 6.06 and 6.10. Alexander Nozdrin discovered that MySQL did not restore database access privileges when returning from SQL SECURITY INVOKER stored routines. An authenticated user could exploit this to gain privileges. This issue does not affect Ubuntu 7.10. Martin Friebe discovered that MySQL did not properly update the DEFINER value of an altered view. An authenticated user could use CREATE SQL SECURITY DEFINER VIEW and ALTER VIEW statements to gain privileges. Luigi Auriemma discovered that yaSSL as included in MySQL did not properly validate its input. A remote attacker could send crafted requests and cause a denial of service or possibly execute arbitrary code. This issue did not affect Ubuntu 6.06 in the default installation.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 18741 | | Related CVE(s): | CVE-2006-7232, CVE-2007-2692, CVE-2007-6303, CVE-2008-0226, CVE-2008-0227 | | Last Modified: | Mar 20 16:58:07 2008 |
| MD5 Checksum: | b2bffdd12620551ceb8b47b9cd832cd2 |
|
| /// File Name: |
sa29443.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for mysql-dfsg-5.0. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service) and gain escalated privileges, and by malicious people to cause a DoS and compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29443/ | | File Size: | 18039 | | Last Modified: | Mar 22 14:31:57 2008 |
| MD5 Checksum: | 2519f9eb0f1b3ef2c2c5484f9b0193c4 |
|
| /// File Name: |
sa29098.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29098/ | | File Size: | 17575 | | Last Modified: | Mar 3 20:59:13 2008 |
| MD5 Checksum: | 4e995d1a79245b4c6a2996394d46538f |
|
| /// File Name: |
dsa-1485-2.txt |
Description:
|
Debian Security Advisory 1485-2 - A regression has been fixed in icedove's frame handling code. Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client.
| | Homepage: | http://www.debian.org/security | | File Size: | 17486 | | Related CVE(s): | CVE-2008-0412, CVE-2008-0413, CVE-2008-0414, CVE-2008-0415, CVE-2008-0416, CVE-2008-0417, CVE-2008-0418, CVE-2008-0419, CVE-2008-0591, CVE-2008-0592, CVE-2008-0593, CVE-2008-0594 | | Last Modified: | Mar 17 19:58:02 2008 |
| MD5 Checksum: | 6dd351c68656cacad2d422da1b052a4a |
|
| /// File Name: |
SUSE-SA-2008-014.txt |
Description:
|
SUSE Security Announcement - The Evolution personal information manager is vulnerable to format string bugs in the emf_multipart_encrypted() function that is used to process encrypted messages. This bug can be abused by a remote attacker to execute arbitrary code by sending a crafted encrypted e-mail.
| | Homepage: | http://www.suse.com | | File Size: | 16664 | | Related CVE(s): | CVE-2008-0072 | | Last Modified: | Mar 14 13:27:39 2008 |
| MD5 Checksum: | 63c078ed08a9a392c57149b3837a185d |
|
| /// File Name: |
USN-590-1.txt |
Description:
|
Ubuntu Security Notice 590-1 - It was discovered that bzip2 did not correctly handle certain malformed archives. If a user or automated system were tricked into processing a specially crafted bzip2 archive, applications linked against libbz2 could be made to crash, possibly leading to a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16255 | | Related CVE(s): | CVE-2008-1372 | | Last Modified: | Mar 24 18:46:30 2008 |
| MD5 Checksum: | 73750d6d375d42abb00e73ac27324bc7 |
|
| /// File Name: |
USN-583-1.txt |
Description:
|
Ubuntu Security Notice 583-1 - Ulf Harnhammar discovered that Evolution did not correctly handle format strings when processing encrypted emails. A remote attacker could exploit this by sending a specially crafted email, resulting in arbitrary code execution.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16048 | | Related CVE(s): | CVE-2008-0072 | | Last Modified: | Mar 12 14:39:45 2008 |
| MD5 Checksum: | fe5b41ce24798affdeab80ca869f6bbd |
|
| /// File Name: |
sa29210.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for evolution. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29210/ | | File Size: | 15929 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | ae19370437d15262ab60ee03eafad53c |
|
| /// File Name: |
sa29506.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/29506/ | | File Size: | 15896 | | Last Modified: | Mar 26 16:17:54 2008 |
| MD5 Checksum: | 1bce3206f382a7b5d40d057c15645357 |
|
| /// File Name: |
VMSA-2008-0005.txt |
Description:
|
VMware Security Advisory - VMWare has addressed a folder traversal vulnerability, an insecure named pipe vulnerability, libpng, and various other bits and pieces.
| | Homepage: | http://www.vmware.com/ | | File Size: | 15844 | | Related CVE(s): | CVE-2008-0923, CVE-2008-0923, CVE-2008-1361, CVE-2008-1362, CVE-2007-5269, CVE-2006-2940, CVE-2006-2937, CVE-2006-4343, CVE-2006-4339, CVE-2007-5618, CVE-2008-1364, CVE-2008-1363, CVE-2008-1340 | | Last Modified: | Mar 18 22:18:56 2008 |
| MD5 Checksum: | ee66e4579274ee816d1615a56fe85d80 |
|
| /// File Name: |
AST-2008-005.txt |
Description:
|
Asterisk Project Security Advisory - The HTTP Manager ID used by Asterisk is predictable, allowing an attack the ability to hijack a manager session.
| | Author: | Tilghman Lesher | | Homepage: | http://www.asterisk.org/security | | File Size: | 15827 | | Related CVE(s): | CVE-2008-1390 | | Last Modified: | Mar 18 22:40:12 2008 |
| MD5 Checksum: | b3ec2efc2d6a9a02d1ed7f6a496a55ea |
|
| /// File Name: |
dsa-1530-1.txt |
Description:
|
Debian Security Advisory 1530-1 - Several local/remote vulnerabilities have been discovered in cupsys, the Common Unix Printing System. A heap-based buffer overflow in CUPS, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions. A double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer.
| | Homepage: | http://www.debian.org/security | | File Size: | 15172 | | Related CVE(s): | CVE-2008-0047, CVE-2008-0882 | | Last Modified: | Mar 25 20:21:40 2008 |
| MD5 Checksum: | 06e215d90f278f1145a9e7448095ea17 |
|
| /// File Name: |
dsa-1512-1.txt |
Description:
|
Debian Security Advisory 1512-1 - Ulf Harnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages. If the user opened a specially crafted email message, code execution was possible.
| | Homepage: | http://www.debian.org/security | | File Size: | 14627 | | Related CVE(s): | CVE-2008-0072 | | Last Modified: | Mar 12 14:37:34 2008 |
| MD5 Checksum: | d45354269b232b0ce7bb71f54e34c4bf |
|
| /// File Name: |
cisco-sa-20080312-ucp.txt |
Description:
|
Cisco Security Advisory - Two sets of vulnerabilities were discovered in the Cisco Secure Access Control Server (ACS) for Windows User-Changeable Password (UCP) application. The first set of vulnerabilities address several buffer overflow conditions in the UCP application that could result in remote execution of arbitrary code on the host system where UCP is installed. The second set of vulnerabilities address cross-site scripting in the UCP application pages.
| | Author: | FX | | Homepage: | http://www.cisco.com/ | | File Size: | 14162 | | Related CVE(s): | CVE-2008-0532, CVE-2008-0533 | | Last Modified: | Mar 13 01:37:56 2008 |
| MD5 Checksum: | 383c5bf5fc0d9bcd46fd639132dd50a6 |
|
| /// File Name: |
dsa-1513-1.txt |
Description:
|
Debian Security Advisory 1513-1 - It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances.
| | Homepage: | http://www.debian.org/security | | File Size: | 14146 | | Related CVE(s): | CVE-2008-1111 | | Last Modified: | Mar 12 17:36:52 2008 |
| MD5 Checksum: | cbd8864575abe6548d68a0c3828f6cae |
|
| /// File Name: |
dsa-1521-1.txt |
Description:
|
Debian Security Advisory 1521-1 - Julien Cayzac discovered that under certain circumstances lighttpd, a fast webserver with minimal memory footprint, might allow the reading of arbitrary files from the system. This problem could only occur with a non-standard configuration.
| | Homepage: | http://www.debian.org/security | | File Size: | 13996 | | Related CVE(s): | CVE-2008-1270 | | Last Modified: | Mar 17 14:46:25 2008 |
| MD5 Checksum: | dc1c3b3c7b4f3759b5bdb4ee5edba525 |
|
| /// File Name: |
sa29558.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for iceape. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29558/ | | File Size: | 13962 | | Last Modified: | Mar 28 16:26:02 2008 |
| MD5 Checksum: | fbddbf51e7caf79e1aece0280875a2bf |
|
| /// File Name: |
sa29485.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for cupsys. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/29485/ | | File Size: | 13921 | | Last Modified: | Mar 27 02:24:42 2008 |
| MD5 Checksum: | 9a249e81743f7af5d29eedb58d9d0ad7 |
|
| /// File Name: |
sa29275.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/29275/ | | File Size: | 13597 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 9689b794c9f278086e479f19d7473e57 |
|
| /// File Name: |
sa29244.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for evolution. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29244/ | | File Size: | 13578 | | Last Modified: | Mar 12 13:55:23 2008 |
| MD5 Checksum: | 12d889ad2f6a471783d19c922364de58 |
|
| /// File Name: |
sa29403.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for lighttpd. This fixes a security issue, which can be exploited by malicious people to disclose potentially sensitive information.
| | Homepage: | http://secunia.com/advisories/29403/ | | File Size: | 13323 | | Last Modified: | Mar 17 22:46:50 2008 |
| MD5 Checksum: | 7a9d712d90186139bbccf13e62e82d74 |
|
| /// File Name: |
sa29101.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/29101/ | | File Size: | 13310 | | Last Modified: | Mar 3 13:30:08 2008 |
| MD5 Checksum: | e7f8118ea771e7998f6ff3815497a868 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
