Section: .. / Last 20 Advisory Files /
| /// File Name: | USN-682-1.txt | Description:
| Ubuntu Security Notice USN-682-1 - It was discovered that libvorbis did not correctly handle certain malformed sound files. If a user were tricked into opening a specially crafted sound file with an application that uses libvorbis, an attacker could execute arbitrary code with the user's privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 12589 | | Related CVE(s): | CVE-2008-1419, CVE-2008-1420, CVE-2008-1423 | | Last Modified: | Dec 1 17:50:02 2008 | | MD5 Checksum: | 1560ab2afeeb34aeff6acc170b7a1d4a |
|
| /// File Name: | USN-681-1.txt | Description:
| Ubuntu Security Notice USN-681-1 - It was discovered that ImageMagick did not correctly handle certain malformed XCF images. If a user were tricked into opening a specially crafted image with an application that uses ImageMagick, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 11655 | | Related CVE(s): | CVE-2008-1096 | | Last Modified: | Dec 1 17:49:27 2008 | | MD5 Checksum: | ab83603b48fb33d8beb11a1c24b415c3 |
|
| /// File Name: | VA_VD_87_08_XRDP.pdf | Description:
| Multiple buffer overflow vulnerabilities exist in xrdp which can be leveraged to execute arbitrary code. | | Author: | Hamid Ebadi | | Homepage: | http://www.bugtraq.ir/ | | File Size: | 112048 | | Last Modified: | Dec 1 17:28:29 2008 | | MD5 Checksum: | 65d5e2f4f1dbf66e66c013e9d7dd85d8 |
|
| /// File Name: | TKADV2008-013.txt | Description:
| VLC media players versions below 0.9.7 suffer from a RealMedia processing integer overflow vulnerability. | | Author: | Tobias Klein | | Homepage: | http://www.trapkit.de/ | | File Size: | 5214 | | Related CVE(s): | CVE-2008-5276 | | Last Modified: | Dec 1 17:24:10 2008 | | MD5 Checksum: | 53dd0932afc1be3807df1da75a8a9fd0 |
|
| /// File Name: | dsa-1675-1.txt | Description:
| Debian Security Advisory 1675-1 - Masako Oono discovered that phpMyAdmin, a web-based administration interface for MySQL, insufficiently sanitises input allowing a remote attacker to gather sensitive data through cross site scripting, provided that the user uses the Internet Explorer web browser. | | Homepage: | http://www.debian.org/security | | File Size: | 3343 | | Related CVE(s): | CVE-2008-4326 | | Last Modified: | Dec 1 13:28:50 2008 | | MD5 Checksum: | a270ad8083dd0956b7681b12bb56bebb |
|
| /// File Name: | dsa-1674-1.txt | Description:
| Debian Security Advisory 1674-1 - Javier Fernandez-Sanguino Pena discovered that updatejail, a component of the chroot maintenance tool Jailer, creates a predictable temporary file name, which may lead to local denial of service through a symlink attack. | | Homepage: | http://www.debian.org/security | | File Size: | 3184 | | Related CVE(s): | CVE-2008-5139 | | Last Modified: | Nov 30 14:50:20 2008 | | MD5 Checksum: | cf1c348f9336982c7bfdb41148f11a58 |
|
| /// File Name: | dsa-1672-1.txt | Description:
| Debian Security Advisory 1672-1 - Julien Danjou and Peter De Wachter discovered that a buffer overflow in the XPM loader of Imlib2, a powerful image loading and rendering library, might lead to arbitrary code execution. | | Homepage: | http://www.debian.org/security | | File Size: | 6708 | | Related CVE(s): | CVE-2008-5187 | | Last Modified: | Nov 28 22:09:06 2008 | | MD5 Checksum: | 2fa8b95db4c1de901b203e34086204b2 |
|
| /// File Name: | USN-679-1.txt | Description:
| Ubuntu Security Notice USN-679-1 - The Linux 2.6 kernel has had various security vulnerabilities addressed. These range from bypass issues to denial of service and improper validation. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 235232 | | Related CVE(s): | CVE-2007-5498, CVE-2008-3831, CVE-2008-4210, CVE-2008-4554, CVE-2008-4576, CVE-2008-4618, CVE-2008-4933, CVE-2008-4934, CVE-2008-5025, CVE-2008-5029, CVE-2008-5033 | | Last Modified: | Nov 28 21:14:32 2008 | | MD5 Checksum: | 3179de2b2ce723c848fd67cf6a9ed0b7 |
|
| /// File Name: | USN-680-1.txt | Description:
| Ubuntu Security Notice USN-680-1 - It was discovered that Samba did not properly perform bounds checking in certain operations. A remote attacker could possibly exploit this to read arbitrary memory contents of the smb process, which could contain sensitive information or possibly have other impacts, such as a denial of service. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 10757 | | Related CVE(s): | CVE-2008-4314 | | Last Modified: | Nov 28 21:18:03 2008 | | MD5 Checksum: | f667d3f9952fb1b52bf26451ed9cba41 |
|
| /// File Name: | impresscms-fixation.txt | Description:
| Social Impress CMS version 1.1 suffers from a session fixation vulnerability. | | Author: | David "Aesthetico" Vieira-Kurz | | File Size: | 1913 | | Last Modified: | Nov 28 21:07:36 2008 | | MD5 Checksum: | dd0b176a00427a22573b0535d3f8506f |
|
| /// File Name: | USN-678-1.txt | Description:
| Ubuntu Security Notice USN-678-1 - Martin von Gagern discovered that GnuTLS did not properly verify certificate chains when the last certificate in the chain was self-signed. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 18689 | | Related CVE(s): | CVE-2008-4989 | | Last Modified: | Nov 26 15:22:56 2008 | | MD5 Checksum: | 986fa75abfcc417dd56510023f62d515 |
|
| /// File Name: | USN-668-1.txt | Description:
| Ubuntu Security Notice USN-668-1 - Georgi Guninski, Michal Zalewsk and Chris Evans discovered that the same-origin check in Thunderbird could be bypassed. If a user were tricked into opening a malicious website, an attacker could obtain private information from data stored in the images, or discover information about software on the user's computer. Jesse Ruderman discovered that Thunderbird did not properly guard locks on non-native objects. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. Several problems were discovered in the browser, layout and JavaScript engines. If a user had JavaScript enabled, these problems could allow an attacker to crash Thunderbird and possibly execute arbitrary code with user privileges. A flaw was discovered in Thunderbird's DOM constructing code. If a user were tricked into opening a malicious website while having JavaScript enabled, an attacker could cause the browser to crash and potentially execute arbitrary code with user privileges. It was discovered that the same-origin check in Thunderbird could be bypassed. If a user had JavaScript enabled and were tricked into opening malicious web content, an attacker could execute JavaScript in the context of a different website. Chris Evans discovered that Thunderbird did not properly parse E4X documents, leading to quote characters in the namespace not being properly escaped. Boris Zbarsky discovered that Thunderbird did not properly process comments in forwarded in-line messages. If a user had JavaScript enabled and opened a malicious email, an attacker may be able to obtain information about the recipient. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 19008 | | Related CVE(s): | CVE-2008-5012, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5024 | | Last Modified: | Nov 26 15:22:02 2008 | | MD5 Checksum: | 86972d3d7c0f6b2330b74a6aa3ae351a |
|
| /// File Name: | rsaenvision-disclose.txt | Description:
| RSA EnVision suffers from a remote password hash retrieval vulnerability. Versions 3.5.0, 3.5.1, 3.5.2, and 3.7.0 are all affected. | | Author: | Nicolas Viot | | Homepage: | http://www.intrinsec.com/ | | File Size: | 2030 | | Last Modified: | Nov 25 19:44:01 2008 | | MD5 Checksum: | 22638e5cdc981c0cf6342cadc0c5b191 |
|
| /// File Name: | SSRT080132.txt | Description:
| HP Security Bulletin - A potential security vulnerability has been identified in PHP running on the HP Secure Web Server for Tru64 UNIX or Internet Express for Tru64 UNIX. The vulnerability could be exploited remotely to cause a Denial of Service (DoS) or to execute arbitrary code. | | Homepage: | http://www.hp.com/ | | File Size: | 6856 | | Related CVE(s): | CVE-2008-3658 | | Last Modified: | Nov 25 18:02:17 2008 | | MD5 Checksum: | d90a003a1e5659e198ac2d1a2eb72608 |
|
| /// File Name: | FreeBSD-SA-08.11.arc4random.txt | Description:
| FreeBSD Security Advisory - When the arc4random random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random; and it may take up to 5 minutes before arc4random is reseeded with secure entropy from the Yarrow random number generator. | | Homepage: | http://security.freebsd.org/ | | File Size: | 7102 | | Related CVE(s): | CVE-2008-5162 | | Last Modified: | Nov 24 20:48:07 2008 | | MD5 Checksum: | 4a2f51cd3f6f285b3558b19b838fc534 |
|
| /// File Name: | USN-677-1.txt | Description:
| Ubuntu Security Notice USN-677-1 - Multiple memory overflow flaws were discovered in OpenOffice.org's handling of WMF and EMF files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org, created temporary files in an insecure way. Local users could exploit a race condition to create or overwrite files with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 91521 | | Related CVE(s): | CVE-2008-2237, CVE-2008-2238, CVE-2008-4937 | | Last Modified: | Nov 24 20:47:28 2008 | | MD5 Checksum: | bb1c0dab25f41efe7bd6174533a21a4c |
|
| /// File Name: | dsa-1671-1.txt | Description:
| Debian Security Advisory 1671-1 - Several remote vulnerabilities have been discovered in the Iceweasel webbrowser, an unbranded version of the Firefox browser. | | Homepage: | http://www.debian.org/security | | File Size: | 10525 | | Related CVE(s): | CVE-2008-0017, CVE-2008-4582, CVE-2008-5012, CVE-2008-5013, CVE-2008-5014, CVE-2008-5017, CVE-2008-5018, CVE-2008-5021, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024 | | Last Modified: | Nov 24 20:46:06 2008 | | MD5 Checksum: | efcd4519b2622e35698cc8d619b32911 |
|
| /// File Name: | dsa-1670-1.txt | Description:
| Debian Security Advisory 1670-1 - Several vulnerabilities have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF. | | Homepage: | http://www.debian.org/security | | File Size: | 5126 | | Related CVE(s): | CVE-2008-3863, CVE-2008-4306 | | Last Modified: | Nov 24 20:45:52 2008 | | MD5 Checksum: | 29b9efceacad844712852d015884ce63 |
|
| /// File Name: | USN-676-1.txt | Description:
| Ubuntu Security Notice USN-676-1 - It was discovered that WebKit did not properly handle Cascading Style Sheets (CSS) import statements. If a user were tricked into opening a malicious website, an attacker could cause a browser crash and possibly execute arbitrary code with user privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 3446 | | Related CVE(s): | CVE-2008-3632 | | Last Modified: | Nov 24 14:26:05 2008 | | MD5 Checksum: | 8a5e5897d00eb93d9617fef391c6490f |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
