Jump to content

paul

Admin
  • Content Count

    5598
  • Joined

  • Last visited

  • Days Won

    6

Posts posted by paul


  1. A vulnerability has been found and corrected in socat:

     

    Stack-based buffer overflow in the nestlex function in nestlex.c

    in Socat 1.5.0.0 through 1.7.1.2 and 2.0.0-b1 through 2.0.0-b3,

    when bidirectional data relay is enabled, allows context-dependent

    attackers to execute arbitrary code via long command-line arguments

    (CVE-2010-2799).

     

    The updated packages have been patched to correct this issue.


  2. A vulnerability has been found and corrected in kdegraphics (ksvg):

     

    Use-after-free vulnerability in the garbage-collection implementation

    in WebCore in WebKit in Apple Safari before 4.0 allows remote

    attackers to execute arbitrary code or cause a denial of service

    (heap corruption and application crash) via an SVG animation element,

    related to SVG set objects, SVG marker elements, the targetElement

    attribute, and unspecified caches. (CVE-2009-1709)

     

    Packages for 2008.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  3. A vulnerability has been found and corrected in ntop:

     

    The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier

    allows remote attackers to cause a denial of service (NULL pointer

    dereference and daemon crash) via an Authorization HTTP header

    that lacks a : (colon) character in the base64-decoded string

    (CVE-2009-2732).

     

    The updated packages have been patched to correct this issue.


  4. A vulnerability has been found and corrected in rpm:

     

    lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and

    RPM before 4.4.3, does not properly reset the metadata of an executable

    file during replacement of the file in an RPM package upgrade, which

    might allow local users to gain privileges by creating a hard link

    to a vulnerable (1) setuid or (2) setgid file (CVE-2010-2059).

     

    The updated packages have been patched to correct this issue.


  5. A vulnerability has been found and corrected in libglpng:

     

    Multiple integer overflows in glpng.c in glpng 1.45 allow

    context-dependent attackers to execute arbitrary code via a crafted

    PNG image, related to (1) the pngLoadRawF function and (2) the pngLoadF

    function, leading to heap-based buffer overflows (CVE-2010-1519).

     

    The updated packages have been patched to correct this issue.


  6. Multiple vulnerabilities has been found and corrected in ocsinventory:

     

    Multiple cross-site scripting (XSS) vulnerabilities in

    ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers

    to inject arbitrary web script or HTML via (1) the query string, (2)

    the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these

    details are obtained from third party information (CVE-2010-1594).

     

    Multiple SQL injection vulnerabilities in ocsreports/index.php in

    OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary

    SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter

    (CVE-2010-1595).

     

    Multiple SQL injection vulnerabilities in OCS Inventory NG before

    1.02.3 allow remote attackers to execute arbitrary SQL commands via

    (1) multiple inventory fields to the search form, reachable through

    index.php; or (2) the Software name field to the All softwares search

    form, reachable through index.php. NOTE: the provenance of this

    information is unknown; the details are obtained solely from third

    party information (CVE-2010-1733).

     

    This upgrade provides ocsinventory 1.02.3 which is not vulnerable

    for these security issues.


  7. Multiple vulnerabilities has been found and corrected in tomcat5:

     

    Directory traversal vulnerability in Apache Tomcat 5.5.0 through

    5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or

    overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,

    as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).

     

    The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and

    6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase

    files that remain from a failed undeploy, which might allow remote

    attackers to bypass intended authentication requirements via HTTP

    requests (CVE-2009-2901).

     

    Directory traversal vulnerability in Apache Tomcat 5.5.0 through

    5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete

    work-directory files via directory traversal sequences in a WAR

    filename, as demonstrated by the ...war filename (CVE-2009-2902).

     

    Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might

    allow remote attackers to discover the server's hostname or IP

    address by sending a request for a resource that requires (1) BASIC or

    (2) DIGEST authentication, and then reading the realm field in the

    WWW-Authenticate header in the reply (CVE-2010-1157).

     

    Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0

    beta does not properly handle an invalid Transfer-Encoding header,

    which allows remote attackers to cause a denial of service (application

    outage) or obtain sensitive information via a crafted header that

    interferes with recycling of a buffer. (CVE-2010-2227)

     

    Packages for 2009.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  8. Multiple vulnerabilities has been found and corrected in tomcat5:

     

    Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0

    through 4.1.36 does not properly handle (1) double quote (") characters

    or (2) %5C (encoded backslash) sequences in a cookie value, which

    might cause sensitive information such as session IDs to be leaked

    to remote attackers and enable session hijacking attacks. NOTE:

    this issue exists because of an incomplete fix for CVE-2007-3385

    (CVE-2007-5333).

     

    Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through

    6.0.18, and possibly earlier versions normalizes the target pathname

    before filtering the query string when using the RequestDispatcher

    method, which allows remote attackers to bypass intended access

    restrictions and conduct directory traversal attacks via .. (dot dot)

    sequences and the WEB-INF directory in a Request (CVE-2008-5515).

     

    Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0

    through 6.0.18, when the Java AJP connector and mod_jk load balancing

    are used, allows remote attackers to cause a denial of service

    (application outage) via a crafted request with invalid headers,

    related to temporary blocking of connectors that have encountered

    errors, as demonstrated by an error involving a malformed HTTP Host

    header (CVE-2009-0033).

     

    Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and

    6.0.0 through 6.0.18, when FORM authentication is used, allows

    remote attackers to enumerate valid usernames via requests to

    /j_security_check with malformed URL encoding of passwords, related to

    improper error checking in the (1) MemoryRealm, (2) DataSourceRealm,

    and (3) JDBCRealm authentication realms, as demonstrated by a %

    (percent) value for the j_password parameter (CVE-2009-0580).

     

    Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0

    through 6.0.18 permits web applications to replace an XML parser used

    for other web applications, which allows local users to read or modify

    the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web

    applications via a crafted application that is loaded earlier than

    the target application (CVE-2009-0783).

     

    Directory traversal vulnerability in Apache Tomcat 5.5.0 through

    5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or

    overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file,

    as demonstrated by a ../../bin/catalina.bat entry (CVE-2009-2693).

     

    The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and

    6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase

    files that remain from a failed undeploy, which might allow remote

    attackers to bypass intended authentication requirements via HTTP

    requests (CVE-2009-2901).

     

    Directory traversal vulnerability in Apache Tomcat 5.5.0 through

    5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete

    work-directory files via directory traversal sequences in a WAR

    filename, as demonstrated by the ...war filename (CVE-2009-2902).

     

    Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might

    allow remote attackers to discover the server's hostname or IP

    address by sending a request for a resource that requires (1) BASIC or

    (2) DIGEST authentication, and then reading the realm field in the

    WWW-Authenticate header in the reply (CVE-2010-1157).

     

    Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0

    beta does not properly handle an invalid Transfer-Encoding header,

    which allows remote attackers to cause a denial of service (application

    outage) or obtain sensitive information via a crafted header that

    interferes with recycling of a buffer. (CVE-2010-2227)

     

    Packages for 2008.0 are provided as of the Extended Maintenance

    Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct these issues.


  9. A vulnerability has been found and corrected in sudo:

     

    Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does

    not properly handle use of the -u option in conjunction with the -g

    option, which allows local users to gain privileges via a command

    line containing a -u root sequence (CVE-2010-2956).

     

    The updated packages have been patched to correct this issue.


  10. Stack-based buffer overflow in the bgp_route_refresh_receive

    function in bgp_packet.c in bgpd in Quagga before 0.99.17 allows

    remote authenticated users to cause a denial of service (daemon

    crash) or possibly execute arbitrary code via a malformed Outbound

    Route Filtering (ORF) record in a BGP ROUTE-REFRESH (RR) message

    (CVE-2010-2948).

     

    bgpd in Quagga before 0.99.17 does not properly parse AS paths, which

    allows remote attackers to cause a denial of service (NULL pointer

    dereference and daemon crash) via an unknown AS type in an AS path

    attribute in a BGP UPDATE message (CVE-2010-2949).

     

    Updated packages are available that bring Quagga to version 0.99.17

    which provides numerous bugfixes over the previous 0.99.12 version,

    and also corrects these issues.


  11. Security issues were identified and fixed in firefox and

    mozilla-thinderbird:

     

    Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird

    before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7

    do not properly restrict read access to the statusText property of

    XMLHttpRequest objects, which allows remote attackers to discover

    the existence of intranet web servers via cross-origin requests

    (CVE-2010-2764).

     

    Cross-site scripting (XSS) vulnerability in Mozilla Firefox before

    3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x

    before 3.1.3, and SeaMonkey before 2.0.7 allows user-assisted remote

    attackers to inject arbitrary web script or HTML via a selection that

    is added to a document in which the designMode property is enabled

    (CVE-2010-2769).

     

    Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird

    before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do

    not properly restrict use of the type attribute of an OBJECT element

    to set a document's charset, which allows remote attackers to bypass

    cross-site scripting (XSS) protection mechanisms via UTF-7 encoding

    (CVE-2010-2768).

     

    The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka

    SJOW) implementation in Mozilla Firefox 3.6.x before 3.6.9 and

    Thunderbird 3.1.x before 3.1.3 does not properly restrict objects

    at the end of scope chains, which allows remote attackers to execute

    arbitrary JavaScript code with chrome privileges via vectors related

    to a chrome privileged object and a chain ending in an outer object

    (CVE-2010-2762).

     

    The normalizeDocument function in Mozilla Firefox before 3.5.12 and

    3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3,

    and SeaMonkey before 2.0.7 does not properly handle the removal of

    DOM nodes during normalization, which might allow remote attackers

    to execute arbitrary code via vectors involving access to a deleted

    object (CVE-2010-2766).

     

    The nsTreeContentView function in Mozilla Firefox before 3.5.12 and

    3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3,

    and SeaMonkey before 2.0.7 does not properly handle node removal in

    XUL trees, which allows remote attackers to execute arbitrary code

    via vectors involving access to deleted memory, related to a dangling

    pointer vulnerability. (CVE-2010-3167)

     

    Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird

    before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 do not

    properly restrict the role of property changes in triggering XUL tree

    removal, which allows remote attackers to cause a denial of service

    (deleted memory access and application crash) or possibly execute

    arbitrary code by setting unspecified properties (CVE-2010-3168).

     

    Use-after-free vulnerability in the nsTreeSelection function in Mozilla

    Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before

    3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow

    remote attackers to execute arbitrary code via vectors involving a XUL

    tree selection, related to a dangling pointer vulnerability. NOTE:

    this issue exists because of an incomplete fix for CVE-2010-2753

    (CVE-2010-2760).

     

    Integer overflow in the FRAMESET element implementation in Mozilla

    Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7

    and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote

    attackers to execute arbitrary code via a large number of values in the

    cols (aka columns) attribute, leading to a heap-based buffer overflow

    (CVE-2010-2765).

     

    Heap-based buffer overflow in the nsTextFrameUtils::TransformText

    function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9,

    Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before

    2.0.7 might allow remote attackers to execute arbitrary code via a

    bidirectional text run (CVE-2010-3166).

     

    The navigator.plugins implementation in Mozilla Firefox before 3.5.12

    and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before

    3.1.3, and SeaMonkey before 2.0.7 does not properly handle destruction

    of the DOM plugin array, which might allow remote attackers to cause

    a denial of service (application crash) or execute arbitrary code

    via crafted access to the navigator object, related to a dangling

    pointer vulnerability. (CVE-2010-2767)

     

    Multiple unspecified vulnerabilities in the browser engine in

    Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird

    before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 allow

    remote attackers to cause a denial of service (memory corruption and

    application crash) or possibly execute arbitrary code via unknown

    vectors (CVE-2010-3169).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates. The NSS and NSPR packages has been

    upgraded to the latest versions. The rootcerts package has been

    upgraded to the latest CVS version (as of 2010/08/27).


  12. Some vulnerabilities were discovered and corrected in the Linux

    2.6 kernel:

     

    Buffer overflow in the ecryptfs_uid_hash macro in

    fs/ecryptfs/messaging.c in the eCryptfs subsystem in the Linux

    kernel before 2.6.35 might allow local users to gain privileges

    or cause a denial of service (system crash) via unspecified

    vectors. (CVE-2010-2492)

     

    The DNS resolution functionality in the CIFS implementation in the

    Linux kernel before 2.6.35, when CONFIG_CIFS_DFS_UPCALL is enabled,

    relies on a user's keyring for the dns_resolver upcall in the

    cifs.upcall userspace helper, which allows local users to spoof the

    results of DNS queries and perform arbitrary CIFS mounts via vectors

    involving an add_key call, related to a cache stuffing issue and

    MS-DFS referrals. (CVE-2010-2524)

     

    The do_anonymous_page function in mm/memory.c in the Linux kernel

    before 2.6.27.52, 2.6.32.x before 2.6.32.19, 2.6.34.x before 2.6.34.4,

    and 2.6.35.x before 2.6.35.2 does not properly separate the stack

    and the heap, which allows context-dependent attackers to execute

    arbitrary code by writing to the bottom page of a shared memory

    segment, as demonstrated by a memory-exhaustion attack against the

    X.Org X server. (CVE-2010-2240)

     

    Integer overflow in the ext4_ext_get_blocks function in

    fs/ext4/extents.c in the Linux kernel before 2.6.34 allows local

    users to cause a denial of service (BUG and system crash) via a

    write operation on the last block of a large file, followed by a sync

    operation. (CVE-2010-3015)

     

    To update your kernel, please follow the directions located at:

     

    http://www.mandriva.com/en/security/kernelupdate


  13. A vulnerability has been found and corrected in lvm2:

     

    The cluster logical volume manager daemon (clvmd) in lvm2-cluster

    in LVM2 before 2.02.72, as used in Red Hat Global File System (GFS)

    and other products, does not verify client credentials upon a socket

    connection, which allows local users to cause a denial of service

    (daemon exit or logical-volume change) or possibly have unspecified

    other impact via crafted control commands (CVE-2010-2526).

     

    The updated packages have been patched to correct this issue.


  14. A vulnerability has been found and corrected in wget:

     

    GNU Wget 1.12 and earlier uses a server-provided filename instead of

    the original URL to determine the destination filename of a download,

    which allows remote servers to create or overwrite arbitrary files

    via a 3xx redirect to a URL with a .wgetrc filename followed by a

    3xx redirect to a URL with a crafted filename, and possibly execute

    arbitrary code as a consequence of writing to a dotfile in a home

    directory (CVE-2010-2252).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  15. Multiple vulnerabilities has been found and corrected in

    mozilla-thunderbird:

     

    dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11

    and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x

    before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress

    a script's URL in certain circumstances involving a redirect and an

    error message, which allows remote attackers to obtain sensitive

    information about script parameters via a crafted HTML document,

    related to the window.onerror handler (CVE-2010-2754).

     

    Mozilla Firefox permits cross-origin loading of CSS stylesheets

    even when the stylesheet download has an incorrect MIME type and the

    stylesheet document is malformed, which allows remote HTTP servers

    to obtain sensitive information via a crafted document (CVE-2010-0654).

     

    The importScripts Web Worker method in Mozilla Firefox 3.5.x before

    3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and

    3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not verify that

    content is valid JavaScript code, which allows remote attackers to

    bypass the Same Origin Policy and obtain sensitive information via

    a crafted HTML document (CVE-2010-1213).

     

    Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x

    before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before

    3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to execute

    arbitrary code via a large selection attribute in a XUL tree element

    (CVE-2010-2753).

     

    Integer overflow in an array class in Mozilla Firefox 3.5.x before

    3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x

    before 3.1.1, and SeaMonkey before 2.0.6 allows remote attackers to

    execute arbitrary code by placing many Cascading Style Sheets (CSS)

    values in an array (CVE-2010-2752).

     

    Multiple unspecified vulnerabilities in the browser engine in Mozilla

    Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x

    before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 allow

    remote attackers to cause a denial of service (memory corruption and

    application crash) or possibly execute arbitrary code via unknown

    vectors (CVE-2010-1211).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    Additionally, some packages which require so, have been rebuilt and

    are being provided as updates.


  16. A vulnerability has been found and corrected in openssl:

     

    Double free vulnerability in the ssl3_get_key_exchange function in

    the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7,

    and possibly other versions, when using ECDH, allows context-dependent

    attackers to cause a denial of service (crash) and possibly execute

    arbitrary code via a crafted private key with an invalid prime. NOTE:

    some sources refer to this as a use-after-free issue (CVE-2010-2939).

     

    The updated packages have been patched to correct this issue.


  17. A vulnerability has been found and corrected in perl-libwww-perl:

     

    lwp-download in libwww-perl before 5.835 does not reject downloads to

    filenames that begin with a . (dot) character, which allows remote

    servers to create or overwrite files via (1) a 3xx redirect to a

    URL with a crafted filename or (2) a Content-Disposition header

    that suggests a crafted filename, and possibly execute arbitrary

    code as a consequence of writing to a dotfile in a home directory

    (CVE-2010-2253).

     

    Packages for 2008.0 and 2009.0 are provided as of the Extended

    Maintenance Program. Please visit this link to learn more:

    http://store.mandriva.com/product_info.php?cPath=149&products_id=490

     

    The updated packages have been patched to correct this issue.


  18. A vulnerability has been found and corrected in libgdiplus:

     

    Multiple integer overflows in libgdiplus 2.6.7, as used in Mono,

    allow attackers to execute arbitrary code via (1) a crafted TIFF

    file, related to the gdip_load_tiff_image function in tiffcodec.c;

    (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal

    function in jpegcodec.c; or (3) a crafted BMP file, related to the

    gdip_read_bmp_image function in bmpcodec.c, leading to heap-based

    buffer overflows (CVE-2010-1526).

     

    The updated packages have been patched to correct this issue.


  19. A vulnerability has been found and corrected in libHX:

     

    Heap-based buffer overflow in the HX_split function in string.c in

    libHX before 3.6 allows remote attackers to execute arbitrary code

    or cause a denial of service (application crash) via a string that

    is inconsistent with the expected number of fields (CVE-2010-2947).

     

    The updated packages have been patched to correct this issue.


  20. Multiple vulnerabilities has been found and corrected in phpmyadmin:

     

    The setup script used to generate configuration can be fooled using

    a crafted POST request to include arbitrary PHP code in generated

    configuration file. Combined with the ability to save files on the

    server, this can allow unauthenticated users to execute arbitrary

    PHP code (CVE-2010-3055).

     

    It was possible to conduct a XSS attack using crafted URLs or POST

    parameters on several pages (CVE-2010-3056).

     

    This upgrade provides phpmyadmin 2.11.10.1 which is not vulnerable

    for these security issues.

×
×
  • Create New...