Section: .. / 0805-advisories /
| /// File Name: |
USN-613-1.txt |
Description:
|
Ubuntu Security Notice 613-1 - Multiple flaws were discovered in the connection handling of GnuTLS. A remote attacker could exploit this to crash applications linked against GnuTLS, or possibly execute arbitrary code with permissions of the application's user.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 17480 | | Related CVE(s): | CVE-2008-1948, CVE-2008-1949, CVE-2008-1950 | | Last Modified: | May 22 01:19:15 2008 |
| MD5 Checksum: | 5eb5dfc7220077777e0867309e7ee3c9 |
|
| /// File Name: |
CORE-2008-0129.txt |
Description:
|
Core Security Technologies Advisory - A vulnerability was found in Wonderware SuiteLink Service ('slssvc.exe') that could allow an un-authenticated remote attacker with the ability to connect to the SuiteLink service TCP port to shutdown the service abnormally by sending a malformed packet. Exploitation of the vulnerability for remote code execution has not been proven, but it has not been eliminated as a potential scenario.
| | Author: | Sebastian Muniz | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 17419 | | Related CVE(s): | CVE-2008-2005 | | Last Modified: | May 6 16:21:55 2008 |
| MD5 Checksum: | cbba5446dc9d1e16b74a4f9c8d3500c9 |
|
| /// File Name: |
cisco-sa-20080514-csm.txt |
Description:
|
Cisco Security Advisory - The Cisco Content Switching Module (CSM) and Cisco Content Switching Module with SSL (CSM-S) contain a memory leak vulnerability that can result in a denial of service condition. The vulnerability exists when the CSM or CSM-S is configured for layer 7 load balancing. An attacker can trigger this vulnerability when the CSM or CSM-S processes TCP segments with a specific combination of TCP flags while servers behind the CSM/CSM-S are overloaded and/or fail to accept a TCP connection.
| | Homepage: | http://www.cisco.com/ | | File Size: | 17388 | | Related CVE(s): | CVE-2008-1749 | | Last Modified: | May 15 04:25:13 2008 |
| MD5 Checksum: | 0a7dfcd9f771e114ed6eafdd02388931 |
|
| /// File Name: |
MDVSA-2008-108.txt |
Description:
|
Mandriva Linux Security Advisory - Although they forgot to put the problem description in this advisory, it appears that Mandriva has patched a code execution vulnerability in smbd from Samba.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 17071 | | Related CVE(s): | CVE-2008-1105 | | Last Modified: | May 28 20:26:07 2008 |
| MD5 Checksum: | a11ca1994f253c876b0db00544a8cbbe |
|
| /// File Name: |
sa30331.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for gnutls. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/30331/ | | File Size: | 17053 | | Last Modified: | May 27 16:29:09 2008 |
| MD5 Checksum: | 546d518c17dba8ae00826ef7d259b897 |
|
| /// File Name: |
dsa-1574-1.txt |
Description:
|
Debian Security Advisory 1574-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird client. "moz_bug_r_a4" discovered that variants of CVE-2007-3738 and CVE-2007-5338 allow the execution of arbitrary code through XPCNativeWrapper. "moz_bug_r_a4" discovered that insecure handling of event handlers could lead to cross-site scripting. Boris Zbarsky, Johnny Stenback, and "moz_bug_r_a4" discovered that incorrect principal handling can lead to cross-site scripting and the execution of arbitrary code. Tom Ferris, Seth Spitzer, Martin Wargers, John Daggett and Mats Palmgren discovered crashes in the layout engine, which might allow the execution of arbitrary code. "georgi", "tgirmann" and Igor Bukanov discovered crashes in the Javascript engine, which might allow the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 16567 | | Related CVE(s): | CVE-2008-1233, CVE-2008-1234, CVE-2008-1235, CVE-2008-1236, CVE-2008-1237 | | Last Modified: | May 12 15:57:20 2008 |
| MD5 Checksum: | 88c086a46a80505846192144f8ae384e |
|
| /// File Name: |
USN-612-5.txt |
Description:
|
Ubuntu Security Notice 612-5 - Matt Zimmerman discovered that entries in ~/.ssh/authorized_keys with options (such as "no-port-forwarding" or forced commands) were ignored by the new ssh-vulnkey tool introduced in OpenSSH (see USN-612-2). This could cause some compromised keys not to be listed in ssh-vulnkey's output. A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 16139 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:46:36 2008 |
| MD5 Checksum: | 12c2407158560e7b8cd3525552c71aec |
|
| /// File Name: |
cisco-sa-20080528-cw.txt |
Description:
|
Cisco Security Advisory - CiscoWorks Common Services contains a vulnerability that could allow a remote attacker to execute arbitrary code.
| | Homepage: | http://www.cisco.com/ | | File Size: | 15579 | | Related CVE(s): | CVE-2008-2054 | | Last Modified: | May 28 20:15:11 2008 |
| MD5 Checksum: | 38d6cc8fd58abffd052e1dab7fab0d7d |
|
| /// File Name: |
USN-612-1.txt |
Description:
|
Ubuntu Security Notice 612-1 - A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledge of the system. This particularly affects the use of encryption keys in OpenSSH, OpenVPN and SSL certificates. This vulnerability only affects operating systems which (like Ubuntu) are based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. We consider this an extremely serious vulnerability, and urge all users to act immediately to secure their systems.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15288 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 11:01:40 2008 |
| MD5 Checksum: | 4798966590d2c04dbeae52eda8904882 |
|
| /// File Name: |
USN-611-3.txt |
Description:
|
Ubuntu Security Notice 611-3 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 15260 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 9 13:31:28 2008 |
| MD5 Checksum: | 26dd30b7333f05b291b099650b8a9e89 |
|
| /// File Name: |
dsa-1576-1.txt |
Description:
|
Debian Security Advisory 1576-1 - The recently announced vulnerability in Debian's openssl package (DSA-1571-1, CVE-2008-0166) indirectly affects OpenSSH. As a result, all user and host keys generated using broken versions of the openssl package must be considered untrustworthy, even after the openssl update has been applied.
| | Homepage: | http://www.debian.org/security | | File Size: | 15197 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 15 03:50:46 2008 |
| MD5 Checksum: | a79fd4e6e656f73f69d8c73cf16f3723 |
|
| /// File Name: |
sa30239.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openssh. This fixes a security issue, which can lead to weak cryptographic key material.
| | Homepage: | http://secunia.com/advisories/30239/ | | File Size: | 15102 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 9fa7cd5070cac2fafc2f6f1ca54178b2 |
|
| /// File Name: |
sa30016.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for icedove. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially compromise a user's system.
| | Homepage: | http://secunia.com/advisories/30016/ | | File Size: | 14985 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | a542c3f6ccf8d80c9d587940c8c55705 |
|
| /// File Name: |
sa30117.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for gst-plugins-good0.10. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/30117/ | | File Size: | 14982 | | Last Modified: | May 9 20:07:29 2008 |
| MD5 Checksum: | 77dadb1f44e5ec848a0b32a97f4b861f |
|
| /// File Name: |
dsa-1571-1.txt |
Description:
|
Debian Security Advisory 1571-1 - Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package. As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which does not affect other operating systems which are not based on Debian. However, other systems can be indirectly affected if weak keys are imported into them. It is strongly recommended that all cryptographic key material which has been generated by OpenSSL versions starting with 0.9.8c-1 on Debian systems is recreated from scratch. Furthermore, all DSA keys ever used on affected Debian systems for signing or authentication purposes should be considered compromised; the Digital Signature Algorithm relies on a secret random value used during signature generation.
| | Homepage: | http://www.debian.org/security | | File Size: | 14589 | | Related CVE(s): | CVE-2008-0166 | | Last Modified: | May 13 11:10:24 2008 |
| MD5 Checksum: | 3519042f913d5ce265ca79a43a1d7f92 |
|
| /// File Name: |
sa30221.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for openssl. This fixes a security issue, which can lead to weak cryptographic key material.
| | Homepage: | http://secunia.com/advisories/30221/ | | File Size: | 14249 | | Last Modified: | May 15 00:56:37 2008 |
| MD5 Checksum: | 720cfa09c22cb7f7a3d451fa619e1081 |
|
| /// File Name: |
USN-611-1.txt |
Description:
|
Ubuntu Security Notice 611-1 - It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 13345 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 9 13:30:27 2008 |
| MD5 Checksum: | 218704e90625568f9bf94f8cb18d0063 |
|
| /// File Name: |
sa30104.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for speex. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/30104/ | | File Size: | 13104 | | Last Modified: | May 9 20:07:29 2008 |
| MD5 Checksum: | 4541096203a1b14f3c0d18b03c68fbf4 |
|
| /// File Name: |
dsa-1579-1.txt |
Description:
|
Debian Security Advisory 1579-1 - A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 12452 | | Related CVE(s): | CVE-2008-0554 | | Last Modified: | May 19 21:11:24 2008 |
| MD5 Checksum: | 5ba4b12b7513e8a9eb5d95741e785e77 |
|
| /// File Name: |
sa30220.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for OpenSSL. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system, and a security issue, which can lead to weak cryptographic key material.
| | Homepage: | http://secunia.com/advisories/30220/ | | File Size: | 12255 | | Last Modified: | May 13 15:35:09 2008 |
| MD5 Checksum: | d12ee4238859f20e114301c00d2d8b16 |
|
| /// File Name: |
dsa-1589-1.txt |
Description:
|
Debian Security Advisory 1589-1 - It was discovered that libxslt, an XSLT processing runtime library, could be coerced into executing arbitrary code via a buffer overflow when an XSL style sheet file with a long XSLT "transformation match" condition triggered a large number of steps.
| | Homepage: | http://www.debian.org/security | | File Size: | 11865 | | Related CVE(s): | CVE-2008-1767 | | Last Modified: | May 28 10:43:16 2008 |
| MD5 Checksum: | 7b5f587bc9fed104901ba5bf13c35d8a |
|
| /// File Name: |
cisco-sa-20080514-cup.txt |
Description:
|
Cisco Security Advisory - Administrators of systems running all Cisco Unified Presence versions can determine the software version by viewing the main page of the Cisco Unified Presence Administration interface. The software version can be determined by running the command show version active via the Command Line Interface (CLI).
| | Homepage: | http://www.cisco.com/ | | File Size: | 11779 | | Related CVE(s): | CVE-2008-1740, CVE-2008-1741 | | Last Modified: | May 15 04:28:20 2008 |
| MD5 Checksum: | fddfe8a3e45e0c202a50e5bc67fa484a |
|
| /// File Name: |
CORE-2008-0415.txt |
Description:
|
Core Security Technologies Advisory - The Borland Interbase 2007 database server is vulnerable to an integer overflow when a malformed packet is sent to the default TCP port 3050. The integer overflow can cause a stack overflow, which allows arbitrary code execution with system privileges. Service pack 2 (0.1.0.256) on Solaris and Windows are both vulnerable.
| | Author: | Sebastian Muniz | | Homepage: | http://www.coresecurity.com/corelabs/ | | File Size: | 11715 | | Related CVE(s): | CVE-2008-0467 | | Last Modified: | May 20 19:18:22 2008 |
| MD5 Checksum: | 93959d28c78b97cac7689bb78abbd0c8 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
