Jump to content

aru

Members
 View Profile  See their activity

  • Posts

    2022

  • Joined

  • Last visited

 Content Type 

Everything posted by aru

  1. aru
    Mandriva Advisories MDKSA-2006:101 : squirrelmail Updated squirrelmail packages fix vulnerabilities June 14th, 2006 A PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled. Updated packages are patched to address these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:101 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2842 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  2. aru
    Mandriva Advisories MDKSA-2006:100 : gdm Updated gdm packages fix vulnerability June 13th, 2006 A vulnerability in gdm could allow a user to activate the gdm setup program if the administrator configured a gdm theme that provided a user list.The user could do so by choosing the setup option from the menu, clicking the user list, then entering his own password instead of root's. The updated packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:100 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2452 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  3. aru
    Mandriva Advisories MDKSA-2006:099-1 : freetype2 Updated freetype2 packages fixes multiple vulnerabilities. June 13th, 2006 Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. (CVE-2006-0747) Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. (CVE-2006-1861) Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. (CVE-2006-2661) In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious bug in ttkern.c that caused some programs to go into an infinite loop when dealing with fonts that don't have a properly sorted kerning sub-table. This patch is not applicable to the earlier Mandriva releases. Update: The previous update introduced some issues with other applications and libraries linked to libfreetype, that were missed in testing for the vulnerabilty issues. The new packages correct these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 MNF2.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:099-1 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  4. aru
    Mandriva Advisories MDKSA-2006:099 : freetype2 Updated freetype2 packages fixes multiple vulnerabilities. June 12th, 2006 Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. (CVE-2006-0747) Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. (CVE-2006-1861) Ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. (CVE-2006-2661) In addition, a patch is applied to 2.1.10 in Mandriva 2006 to fix a serious bug in ttkern.c that caused some programs to go into an infinite loop when dealing with fonts that don't have a properly sorted kerning sub-table. This patch is not applicable to the earlier Mandriva releases. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 MNF2.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:099 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2661 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1861 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0747 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  5. aru
    Mandriva Advisories MDKSA-2006:098 : postgresql Updated postgresql packages fixes SQL injection vulnerabilities. June 7th, 2006 PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." (CVE-2006-2313) PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. (CVE-2006-2314) Packages have been patched or updated to correct these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:098 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  6. aru
    Mandriva Advisories MDKSA-2006:097 : MySQL Updated MySQL packages fixes SQL injection vulnerability. June 7th, 2006 SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. MySQL 4.0.18 in Corporate 3.0 and MNF 2.0 is not affected by this issue. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:097 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2753 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  7. aru
    Mandriva Advisories MDKSA-2006:096 : openldap Updated openldap packages fixes buffer overflow vulnerability. June 7th, 2006 A stack-based buffer overflow in st.c in slurpd for OpenLDAP might allow attackers to execute arbitrary code via a long hostname. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:096 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2754 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  8. aru
    Mandriva Advisories MDKSA-2006:095 : libtiff Updated libtiff packages fixes tiffsplit vulnerability June 5th, 2006 A stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid, and there may not be a common scenario under which tiffsplit is called with attacker-controlled command line arguments. The updated packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:095 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2656 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  9. aru
    Mandriva Advisories MDKA-2006:027 : xorg-x11 Updated xorg-x11 packages to address bug with keyboard layouts. June 5th, 2006 A misapplied patch in a recent X.org updated caused keyboard layout problems which resulted in some users being unable to use the CTRL-ALT-function key combination to switch to a console, as well as other keyboard mapping issues. Updated packages have been re-patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKA-2006:027 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $)
  10. aru
    Mandriva Advisories MDKSA-2006:094 : evolution Updated evolution packages fix DoS (crash) vulnerability on certain messages. June 1st, 2006 Evolution, as shipped in Mandriva Linux 2006.0, can crash displaying certain carefully crafted images, if the "Load images if sender is in address book" option in enabled in Edit | Preferences | Mail Preferences | HTML. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:094 Other references: http://bugzilla.gnome.org/show_bug.cgi?id=311440 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2006/05/25 20:55:43 aru Exp aru $)
  11. aru
    Mandriva Advisories MDKSA-2006:093 : dia Updated dia packages fix string format vulnerabilities. May 30th, 2006 A format string vulnerability in Dia allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering errors or warnings, as demonstrated via format string specifiers in a .bmp filename.NOTE: the original exploit was demonstrated through a command line argument, but there are other mechanisms inputs that are automatically process by Dia, such as a crafted .dia file. (CVE-2006-2480) Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. (CVE-2006-2453) Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:093 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2480 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2453 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2006/05/25 20:55:43 aru Exp aru $)
  12. aru
    Mandriva Advisories MDKSA-2006:092 : mpg123 Updated mpg123 packages fix DoS vulnerability. May 26th, 2006 An unspecified vulnerability in mpg123 0.59r allows user-complicit attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:092 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1655 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2006/05/25 20:55:43 aru Exp aru $)
  13. aru
    Mandriva Advisories MDKA-2006:026 : netpbm Updated netpbm packages fix crash issues with some converters May 26th, 2006 The pnmtopalm program, part of netpbm, crashes on many images. (#21020) The pnmtofits program, part of netpbm, crashes during conversion. (#21444) Updated packages have been patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKA-2006:026 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2006/05/25 20:55:43 aru Exp aru $)
  14. aru
    Mandriva Advisories MDKSA-2006:084 : MySQL Updated MySQL packages fix several vulnerabilities May 10th, 2006 The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. (CVE-2006-1516) sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. (CVE-2006-1517) Updated packages have been patched to correct these issues. The released versions of Mandriva GNU/Linux affected are: CS3.0 MNF2.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:084 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1516 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1517 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  15. aru
    Mandriva Advisories MDKSA-2006:083 : gdm Updated gdm package fixes symlink attack vulnerability May 9th, 2006 A race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:083 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1057 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  16. aru
    Mandriva Advisories MDKSA-2006:091 : php Updated php packages fix vulnerabilities May 24th, 2006 An integer overflow in the wordwrap() function could allow attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, triggering a heap-based buffer overflow (CVE-2006-1990). The substr_compare() function in PHP 5.x and 4.4.2 could allow attackers to cause a Denial of Service (memory access violation) via an out-of-bounds offset argument (CVE-2006-1991). The second vulnerability only affects Mandriva Linux 2006; earlier versions shipped with older versions of PHP that do not contain the substr_compare() function. The released versions of Mandriva GNU/Linux affected are: CS3.0 MNF2.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:091 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1990 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1991 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  17. aru
    Mandriva Advisories MDKSA-2006:090 : shadow-utils Updated shadow-utils packages fix mailbox creation vulnerability May 24th, 2006 A potential security problem was found in the useradd tool when it creates a new user's mailbox due to a missing argument to the open() call, resulting in the first permissions of the file being some random garbage found on the stack, which could possibly be held open for reading or writing before the proper fchmod() call is executed. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 MNF2.0 10.2 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:090 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1174 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  18. aru
    Mandriva Advisories MDKSA-2006:089 : kphone Updated kphone packages fixes permissions issue with .qt/kphonerc May 24th, 2006 Kphone creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:089 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2442 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  19. aru
    Mandriva Advisories MDKSA-2006:088 : hostapd Updated hostapd package to address DoS vulnerability May 24th, 2006 Hostapd 0.3.7 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:088 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2213 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  20. aru
    Mandriva Advisories MDKSA-2006:087 : kernel Updated kernel packages fixes netfilter SNMP NAT memory corruption May 24th, 2006 Memory corruption can be triggered remotely when the ip_nat_snmp_basic module is loaded and traffic on port 161 or 162 is NATed. The provided packages are patched to fix this vulnerability. Users who may be running netfilter on important servers are encouraged to upgrade to these updated kernels. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:087 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2444 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  21. aru
    Mandriva Advisories MDKA-2006:025 : gstreamer-plugins Updated gstreamer-plugins packages fix audio CD bug May 20th, 2006 The gnome-cd program would hang on certain audio CDs due to a regression in gstreamer-cdparanoia. Updated packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKA-2006:025 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  22. aru
    Mandriva Advisories MDKSA-2006:086 : kernel Updated kernel packages fix multiple vulnerabilities May 18th, 2006 A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Prior to Linux kernel 2.6.16.5, the kernel does not properly handle uncanonical return addresses on Intel EM64T CPUs which causes the kernel exception handler to run on the user stack with the wrong GS (CVE-2006-0744). The selinux_ptrace logic hooks in SELinux for 2.6.6 allow local users with ptrace permissions to change the tracer SID to an SID of another process (CVE-2006-1052). Prior to 2.6.16, the ip_push_pending_frames function increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows a remote attacker to conduct an idle scan attack, bypassing any intended protection against such an attack (CVE-2006-1242). In kernel 2.6.16.1 and some earlier versions, the sys_add_key function in the keyring code allows local users to cause a DoS (OOPS) via keyctl requests that add a key to a user key instead of a keyring key, causing an invalid dereference (CVE-2006-1522). Prior to 2.6.16.8, the ip_route_input function allows local users to cause a DoS (panic) via a request for a route for a multicast IP address, which triggers a null dereference (CVE-2006-1525). Prior to 2.6.16.13, the SCTP-netfilter code allows remote attackers to cause a DoS (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed (CVE-2006-1527). Prior to 2.6.16, local users can bypass IPC permissions and modify a read-only attachment of shared memory by using mprotect to give write permission to the attachment (CVE-2006-2071). Prior to 2.6.17, the ECNE chunk handling in SCTP (lksctp) allows remote attackers to cause a DoS (kernel panic) via an unexpected chucnk when the session is in CLOSED state (CVE-2006-2271). Prior to 2.6.17, SCTP (lksctp) allows remote attacker to cause a DoS (kernel panic) via incoming IP fragmented COOKIE_ECHO and HEARTBEAT SCTP control chunks (CVE-2006-2272). In addition to these security fixes, other fixes have been included such as: - fix a scheduler deadlock - Yenta oops fix - ftdi_sio: adds support for iPlus devices - enable kprobes on i386 and x86_64 - avoid a panic on bind mount of autofs owned directory - fix a kernel OOPs when booting with 'console=ttyUSB0' but without a USB-serial dongle plugged in - make dm-mirror not issue invalid resync requests - fix media change detection on scsi removable devices - add support for the realtek 8168 chipset - update hfsplus driver to 2.6.16 state - backport 'Gilgal' support from e1000 7.0.33 - selected ACPI video fixes - update 3w-9xxx to 2.26.02.005 (9550SX support) - fix a deadlock in the ext2 filesystem - fix usbserial use-after-free bug - add i945GM DRI support - S3 resume fixes - add ECS PF22 hda model support - SMP suspend - CPU hotplug - miscellaneous AGP fixes - added sata-suspend patch for 2.6.12 for Napa platform The provided packages are patched to fix these vulnerabilities.All users are encouraged to upgrade to these updated kernels. As well, updated mkinitrd and bootsplash packages are provided to fix minor issues; users should upgrade both packages prior to installing a new kernel. To update your kernel, please follow the directions located at: http://www.mandriva.com/en/security/kernelupdate The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:086 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0744 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1242 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1522 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1525 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1527 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2071 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2271 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2272 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  23. aru
    Mandriva Advisories MDKSA-2006:085 : xine-ui Updated xine-ui packages fix format string vulnerabilities May 10th, 2006 Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:085 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1905 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  24. aru
    Mandriva Advisories MDKSA-2006:083 : gdm Updated gdm package fixes symlink attack vulnerability May 9th, 2006 A race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. Packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:083 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1057 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
  25. aru
    Mandriva Advisories MDKSA-2006:081 : xorg-x11 Updated xorg-x11 packages fix vulnerability May 2nd, 2006 A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server. The updated packages have been patched to correct this issue. The released versions of Mandriva GNU/Linux affected are: 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:081 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 0.15 2005/11/24 16:53:12 aru Exp aru $)
×
×
  • Create New...