Ubuntu Security Notice 522-1 - It was discovered that OpenSSL did not correctly perform Montgomery multiplications. Local attackers might be able to reconstruct RSA private keys by examining another user's OpenSSL processes. Moritz Jodeit discovered that OpenSSL's SSL_get_shared_ciphers function did not correctly check the size of the buffer it was writing to. A remote attacker could exploit this to write one NULL byte past the end of an application's cipher list buffer, possibly leading to arbitrary code execution or a denial of service.
07593e231df1e5dc0f594139f370e808bd38529d8959b1b5b701f3d15f5be2e0Debian Security Advisory 1378-2 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
0605e3e63d0b2b1a9ed33c2af397d4bac98e7c643acc8edde998a2b4b02aa190Mandriva Linux Security Advisory - A vulnerability was discovered in KDM by Kees Huijgen where under certain circumstances and in particular configurations, KDM could be tricked into allowing users to login without a password.
282e85a63e64b85c7cc421aee20e564b2296562cd10fd53bc8702125c618ef7fUbuntu Security Notice 521-1 - Luigi Auriemma discovered that libmodplug did not properly sanitize its input. A specially crafted AMF file could be used to exploit this situation to cause buffer overflows and possibly execute arbitrary code as the user.
fedcc331c95208511c21b229acf97430edf70aba3923ab9b666e62fad87f864eA vulnerability results from the Net::HTTPS library from Ruby versions 1.8.5 and 1.8.6 failing to validate the name on the SSL certificate against the DNS name requested by the user. By not validating the name, the library allows an attacker to present a cryptographically valid certificate with an invalid CN.
30fcafc5523a3be23deee577529d910574c4482ca24286ec62b4815b2b3dcf84Secunia Security Advisory - 7jdg has reported a vulnerability in Xunlei Thunder, which can be exploited by malicious people to compromise a user's system.
4ce07bf6dc5fa1bb61b07b88eb1e1fcd81e3a2ef16065eea0daa26bfe6e9c4b4Secunia Security Advisory - Tan Chew Keong has discovered a vulnerability in ICEOWS, which can be exploited by malicious people to compromise a user's system.
9ea68eafd8da80133ef9af9fa4f91f98314b67b427f6813502fd9215c3633e23Secunia Security Advisory - Two security issues have been reported in Sun Java System Access Manager, which can be exploited by malicious people to bypass certain security restrictions.
8340589fbb55cbbacf5f34e27a4dc033b6a19cc56daa40ea84caba71d4646666Secunia Security Advisory - Mandriva has issued an update for kdebase. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
1b5ac38997dd2a508a0815131f9eb3e2e97ad6723becbd9346d893514b85775cSecunia Security Advisory - Debian has issued an update for the kernel. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or gain escalated privileges.
cf54142b73966287f86e60a11177ca6810075695a9ded931badd90236081c7efSecunia Security Advisory - Ubuntu has issued an update for libmodplug. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
28a620f7690f63cec865b8212bf1434ed74b81954044f2a429ecfcbce93593abSecunia Security Advisory - rPath has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information.
6ddf20798635a56e45321e2e9a33e7b214e8e03a94b104d1ed8d54258eb998bbSecunia Security Advisory - Mandriva has issued an update for t1lib. This fixes a vulnerability, which can be exploited by malicious users to potentially compromise a vulnerable system.
079982b42c0c6bfb1f1d591e01f11bb8cb7b9481525d0fa423461952889d3cf9Secunia Security Advisory - Gentoo has issued an update for tetex. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
81ef2d7fc79ba60e21608d5b025758a384a9ccd4943ea6534071bcd87c856023Secunia Security Advisory - Some vulnerabilities, security issues, and a weakness have been reported in the Apple iPhone, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or to compromise a vulnerable system.
2000fa3245ea879725295f0c31dd7c5721fb6935679db1a7345cd53f45c74152Secunia Security Advisory - Janek Vind has reported a vulnerability in NukeSentinel, which can be exploited by malicious people to conduct SQL injection attacks.
04d2e1b0d7e7bb3ce2959fb411a10326fd20d72f804ebd9e8ae010c7c9420288Secunia Security Advisory - xoron has discovered a vulnerability in IntegraMOD Nederland(s), which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system.
ab13646d031906b90954f9d5b2685efa8319feb4c2d056dfab6d0ea9cc2af87fSecunia Security Advisory - IBM has acknowledged some vulnerabilities in IBM Websphere Application server for z/OS, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or by malicious people to conduct cross-site scripting attacks or cause a DoS (Denial of Service).
e047cd0fb2ceff836dc946f2f017bbabb40bc378d31131e752978ba495ee345cSecunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
4060c4c1c8f6da058f043dfa1b7dffad2b3e4d149c16a561b772d8e7c3bbdcfcSecunia Security Advisory - Gentoo has issued an update for lighttpd. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
cbe3bfc77a2dd956dbf6b5cc1a278bd39bcf588314e4cc2cc60321691ab82d67Secunia Security Advisory - A vulnerability has been reported in Aipo and Aipo ASP, which can be exploited by malicious people to conduct session fixation attacks.
4443cad6f0f6269eb15a85bb1e4774a9f02d1947ec4e76ad7cb2f850cd179118Secunia Security Advisory - Ronald van den Heetkamp has discovered a weakness in Internet Explorer, which potentially can be exploited by malicious people to disclose sensitive information.
d9d250fd2f0d10c560eb3c34c3b3840df4ca84bde80f759010c8c2b4bcbb72cfGentoo Linux Security Advisory GLSA 200709-16 - Mattias Bengtsson and Philip Olausson have discovered a buffer overflow vulnerability in the function fcgi_env_add() in the file mod_fastcgi.c when processing overly long HTTP headers. Versions less than 1.4.18 are affected.
3093088bb71ab210ca1f21d2bbb63f87f37f0b88f1048feeb1a9f595f50aa2a1Gentoo Linux Security Advisory GLSA 200709-17 - Mark Richters discovered a buffer overflow in the open_sty() function in file mkind.c. Other vulnerabilities have also been discovered in the same file but might not be exploitable. Tetex also includes vulnerable code from GD library (GLSA 200708-05), and from Xpdf. Versions less than 3.0_p1-r4 are affected.
ed78c59922461445cd909f77db27128732f72ccca3c1e1af03789734f2ac7444Debian Security Advisory 1378-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Evan Teran discovered a potential local denial of service (oops) in the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests. Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions. Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavor. Michael Stone reported an issue with the JFFS2 filesystem. Legacy modes for inodes that were created with POSIX ACL support enabled were not being written out to the medium, resulting in incorrect permissions upon remount.
a56c85f0ecdf3e651d2434a366021bc2c8d68d25429c3ec3ac903a06e6f3497b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed