LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 04-18-2005, 11:03 PM   #1
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
LQ Security Report - April 18th 2005


April 12th 2005
27 issues handled (SF)
1. Remstats Local Insecure Temporary File Creation Vulnerabilit...
2. Remstats Remote Command Execution Vulnerability
3. GNU Sharutils Unshar Local Insecure Temporary File Creation ...
4. PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities
5. Linux Kernel Asynchronous Input/Output Local Denial Of Servi...
6. IBM iSeries AS400 LDAP Server Remote Information Disclosure ...
7. GNU GZip CHMod File Permission Modification Race Condition W...
8. Gaim Gaim_Markup_Strip_HTML Remote Denial Of Service Vulnera...
9. CommuniGate Pro LIST Unspecified Denial of Service Vulnerabi...
10. Gaim IRC Protocol Plug-in Markup Language Injection Vulnerab...
11. Gaim Jabber File Request Remote Denial Of Service Vulnerabil...
12. PHP-Nuke Your_Account Module Username Cross-Site Scripting V...
13. PHP-Nuke Your_Account Module Avatarcategory Cross-Site Scrip...
14. PHP-Nuke Downloads Module Lid Parameter Cross-Site Scripting...
15. Vixie Cron Crontab File Disclosure Vulnerability
16. PHP-Nuke Web_Links Module Multiple Cross-Site Scripting Vuln...
17. PHP-Nuke Banners.PHP Cross-Site Scripting Vulnerability
18. PHP-Nuke Top Module SQL Injection Vulnerability
19. SurgeFTP LEAK Command Denial of Service Vulnerability
20. PHP-Nuke Web_Links Module Multiple SQL Injection Vulnerabili...
21. Axel HTTP Redirection Buffer Overflow Vulnerability
22. Macromedia ColdFusion MX Updater Remote File Disclosure Vuln...
23. PHP-Nuke Downloads Module Multiple SQL Injection Vulnerabili...
24. SUSE Netapplet Unspecified Local Privilege Escalation Vulner...
25. SUSE Tetex tmp File Existence Disclosure Vulnerability
26. PostNuke Phoenix OP Parameter Remote Cross-Site Scripting Vu...
27. PostNuke Phoenix Module Parameter Remote Cross-Site Scriptin...

April 14th 2005
63 issues handled (SN)
[SA14949] Red Hat update for kdegraphics
[SA14922] Microsoft Internet Explorer Multiple Vulnerabilities
[SA14914] SUSE update for kdelibs3
[SA14908] KDE kdelibs PCX Image Buffer Overflow Vulnerability
[SA14900] SUSE Updates for Multiple Packages
[SA14893] UnixWare update for libtiff
[SA14963] Fedora update for openoffice
[SA14939] Debian update for axel
[SA14933] Gentoo update for axel
[SA14907] UnixWare update for telnet
[SA14897] Access_user Class Undocumented Default Password
[SA14873] Camino JavaScript Engine Information Disclosure Vulnerability
[SA14951] Gentoo update for gld
[SA14948] Red Hat update for dhcp
[SA14941] Gld Multiple Vulnerabilities
[SA14891] UnixWare CDE dtlogin XDMCP Parsing Vulnerability
[SA14946] AIX Various Communication Protocol Security Issues
[SA14945] Sun Solaris ICMP Message Handling Denial of Service
[SA14925] KDE KMail User Interface Spoofing Vulnerability
[SA14911] Gentoo update for phpmyadmin
[SA14898] FirstClass Client Bookmark Files Can Launch Local Programs
[SA14895] Fedora update for gftp
[SA14877] Gentoo update for gnome-vfs/libcdaudio
[SA14936] Debian update for mysql
[SA14872] Mandrake update for mysql
[SA14863] Ubuntu update for mysql-server
[SA14956] Gentoo update for rsnapshot
[SA14926] Ubuntu update for kernel
Part 2
[SA14903] portupgrade Insecure Temporary File Creation Vulnerability
[SA14894] UnixWare update for cdrecord
[SA14892] OpenServer auditsh/atcronsh/termsh Buffer Overflow Vulnerabilities
[SA14878] rsnapshot "copy_symlink()" Privilege Escalation Vulnerability
[SA14876] OpenServer update for cscope
[SA14875] SGI IRIX gr_osview Privilege Escalation and Information Disclosure
[SA14952] Mandrake update for gaim
[SA14947] Red Hat update for gaim
[SA14886] Mandrake update for gtk+2.0
[SA14885] Mandrake update for gdk-pixbuf
[SA14899] Pine rpdump File Creation Race Condition Vulnerability
[SA14887] Mandrake update for sharutils
[SA14883] Red Hat vixie-cron Exposure of Arbitrary Cron Files
[SA14862] Fedora Core vixie-cron Exposure of Arbitrary Cron Files
[SA14916] DokuWiki File Upload Vulnerability
[SA14890] ModernBill Cross-Site Scripting and File Inclusion Vulnerabilities
[SA14935] Oracle Products Multiple Unspecified Vulnerabilities
[SA14929] Mambo zOOm Media Gallery Module "catid" SQL Injection
[SA14919] jPortal Banner Module SQL Injection Vulnerability
[SA14913] aeDating Multiple Vulnerabilities
[SA14912] OpenOffice ".doc" Document Handling Buffer Overflow
[SA14906] RadBids Gold Multiple Vulnerabilities
[SA14888] SurgeFTP "LEAK" Command Denial of Service Vulnerability
[SA14882] PunBB SQL Injection and Cross-Site Scripting Vulnerabilities
[SA14881] Macromedia ColdFusion MX Exposure of Class Files
[SA14869] Runcms / exoops Arbitrary File Upload Vulnerability
[SA14866] PHP-Nuke Multiple SQL Injection Vulnerabilities
[SA14934] Veritas i3 FocalPoint Server Unspecified Vulnerability
[SA14940] eGroupWare Exposure of Mail Attachments
[SA14924] Pinnacle Cart "pg" Cross-Site Scripting Vulnerability
[SA14902] Sun Java JDK/SDK Jar Directory Traversal Vulnerability
[SA14884] TowerBlog Exposure of Sensitive Information
[SA14868] PostNuke Cross-Site Scripting and SQL Injection Vulnerabilities
[SA14867] CubeCart "language" PHP Script Inclusion Vulnerability
[SA14865] HP OpenView Network Node Manager Unspecified Denial of Service

April 15 2005
19 issues handled over 6 distros (LAW)
axel
gftp
wireless-tools
glibc-2.3.5
selinux-policy-targeted
kernel
autofs
gcc
GnomeVFS/libcdaudio
smarty
phpMyAdmin
shorewall
gtk+2.0
sharutils
gdk-pixbuf
dhcp
kdegraphics
gaim
KDE

Last edited by Capt_Caveman; 04-18-2005 at 11:12 PM.
 
Old 04-18-2005, 11:05 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 69
April 12th 2005 (SF)

Security Focus

1. Remstats Local Insecure Temporary File Creation Vulnerabilit...
BugTraq ID: 12979
Remote: No
Date Published: Apr 04 2005
Relevant URL: http://www.securityfocus.com/bid/12979
Summary:
A local insecure file creation vulnerability affects Remstats. This issue is due to a design error that causes a file to be insecurely opened or created and subsequently written to. An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the affected application.

2. Remstats Remote Command Execution Vulnerability
BugTraq ID: 12980
Remote: Yes
Date Published: Apr 04 2005
Relevant URL: http://www.securityfocus.com/bid/12980
Summary:
A remote command execution vulnerability affects Remstats. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. An attacker may leverage this issue to execute arbitrary commands with the privileges of the unsuspecting users that activated the affected application.

3. GNU Sharutils Unshar Local Insecure Temporary File Creation ...
BugTraq ID: 12981
Remote: No
Date Published: Apr 04 2005
Relevant URL: http://www.securityfocus.com/bid/12981
Summary:
A local insecure temporary file creation vulnerability affects the GNU Sharutils 'unshar' utility. This issue is due to a design error that causes a file to be insecurely opened or created and subsequently written to. An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the affected application.

4. PHPNuke Multiple Module Cross-Site Scripting Vulnerabilities
BugTraq ID: 12983
Remote: Yes
Date Published: Apr 03 2005
Relevant URL: http://www.securityfocus.com/bid/12983
Summary:
PHPNuke is reported prone to multiple cross-site scripting vulnerabilities affecting various modules. The affected modules include 'Search', 'FAQ', and 'Encyclopedia'. The 'banners.php' script is also affected. An attacker can exploit these issues by creating a malicious link containing HTML and script code and send this link to a vulnerable user. This can allow for theft of cookie-based authentication credentials and other attacks. PHPNuke 7.6 and prior versions are reportedly affected by these issues.

5. Linux Kernel Asynchronous Input/Output Local Denial Of Servi...
BugTraq ID: 12987
Remote: No
Date Published: Apr 04 2005
Relevant URL: http://www.securityfocus.com/bid/12987
Summary:
A local denial of service vulnerability affects the Linux kernel. This issue arises due to a failure of the application to properly manage input/output resources. A local attacker may leverage this issue to cause an affected Linux kernel to panic, effectively denying service to legitimate users.

6. IBM iSeries AS400 LDAP Server Remote Information Disclosure ...
BugTraq ID: 12991
Remote: Yes
Date Published: Apr 04 2005
Relevant URL: http://www.securityfocus.com/bid/12991
Summary:
A remote information disclosure issue affects IBM iSeries AS400 LDAP Server. This issue is due to a failure of the application to properly secure sensitive information. An authenticated attacker may leverage this issue to disclose user names and account information of users in their group. This may facilitate further attacks against the affected server.

7. GNU GZip CHMod File Permission Modification Race Condition W...
BugTraq ID: 12996
Remote: No
Date Published: Apr 05 2005
Relevant URL: http://www.securityfocus.com/bid/12996
Summary:
gzip is reported prone to a security weakness; the issue is only present when an archive is extracted into a world or group writeable directory. It is reported that gzip employs non-atomic procedures to write a file and later change the permissions on the newly extracted file. A local attacker may leverage this issue to modify file permissions of target files. This weakness is reported to affect gzip versions 1.2.4 and 1.3.3 and previous versions.

8. Gaim Gaim_Markup_Strip_HTML Remote Denial Of Service Vulnera...
BugTraq ID: 12999
Remote: Yes
Date Published: Apr 05 2005
Relevant URL: http://www.securityfocus.com/bid/12999
Summary:
Gaim is reported prone to a remote denial of service vulnerability. The issue manifests when the Gaim client handles a malformed HTML string triggering an out-of-bounds read operation. A remote attacker may exploit this vulnerability to deny service for legitimate users. This vulnerability is reported to affect Gaim version 1.2.0 and previous versions.

9. CommuniGate Pro LIST Unspecified Denial of Service Vulnerabi...
BugTraq ID: 13001
Remote: Yes
Date Published: Apr 05 2005
Relevant URL: http://www.securityfocus.com/bid/13001
Summary:
CommuniGate Pro is prone to a denial of service when multipart messages are sent to a list. Successful exploitation could cause the server to crash.

10. Gaim IRC Protocol Plug-in Markup Language Injection Vulnerab...
BugTraq ID: 13003
Remote: Yes
Date Published: Apr 05 2005
Relevant URL: http://www.securityfocus.com/bid/13003
Summary:
Gaim IRC protocol plug-in is reported prone to an input validation vulnerability. The issue is reported to exist due to a lack of sufficient sanitization performed on 'irc_msg' data. A remote attacker may exploit this vulnerability to execute arbitrary Gaim and Pango Markup language in the context of the user that is running the affected software. This vulnerability is reported to affect Gaim version 1.2.0 and previous versions

11. Gaim Jabber File Request Remote Denial Of Service Vulnerabil...
BugTraq ID: 13004
Remote: Yes
Date Published: Apr 05 2005
Relevant URL: http://www.securityfocus.com/bid/13004
Summary:
Gaim is reported prone to a remote denial of service vulnerability. The issue manifests when the Gaim client handles an unspecified Jabber file transfer request, triggering an out-of-bounds read operation. A remote attacker may exploit this vulnerability to deny service for legitimate users. This vulnerability is reported to affect Gaim version 1.2.0 and previous versions.

12. PHP-Nuke Your_Account Module Username Cross-Site Scripting V...
BugTraq ID: 13007
Remote: Yes
Date Published: Apr 05 2005
Relevant URL: http://www.securityfocus.com/bid/13007
Summary:
It is reported that the PHP-Nuke 'Your_Account' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicious HTML and script code is sent to the application through the 'username' parameter of the 'Your_Account' module. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. This vulnerability is reported to affect PHP-Nuke version 7.6 and previous versions.

13. PHP-Nuke Your_Account Module Avatarcategory Cross-Site Scrip...
BugTraq ID: 13010
Remote: Yes
Date Published: Apr 05 2005
Relevant URL: http://www.securityfocus.com/bid/13010
Summary:
It is reported that the PHP-Nuke 'Your_Account' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicious HTML and script code is sent to the application through the 'Avatarcategory' parameter of the 'Your_Account' module. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. This vulnerability is reported to affect PHP-Nuke version 7.6 and previous versions.

14. PHP-Nuke Downloads Module Lid Parameter Cross-Site Scripting...
BugTraq ID: 13011
Remote: Yes
Date Published: Apr 05 2005
Relevant URL: http://www.securityfocus.com/bid/13011
Summary:
It is reported that the PHP-Nuke 'Downloads' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This problem presents itself when malicious HTML and script code is sent to the application through the 'Downloads' module. This issue could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. This vulnerability is reported to affect PHP-Nuke version 7.6 and previous versions.

15. Vixie Cron Crontab File Disclosure Vulnerability
BugTraq ID: 13024
Remote: No
Date Published: Apr 06 2005
Relevant URL: http://www.securityfocus.com/bid/13024
Summary:
Vixie cron crontab is reported prone to an information disclosure vulnerability that may allow local attackers to disclose users' crontab files. It is reported that this issue arises due to a design error resulting in the insecure creation of a temporary file in the '/tmp' directory. This occurs when crontab is executed with the '-e' option used for editing the current crontab. An attacker may leverage this issue to disclose potentially sensitive data, which may be used to carry out further attacks against a computer. Vixie cron 4.1-24_FC3 running on Fedora Core 3 is reported vulnerable. It is possible that other versions on different operating systems are affected as well. This issue may be specific to Red Hat operating systems. It is also possible that this issue is related to BID 1845 (HP-UX crontab /tmp File Vulnerability).

16. PHP-Nuke Web_Links Module Multiple Cross-Site Scripting Vuln...
BugTraq ID: 13025
Remote: Yes
Date Published: Apr 06 2005
Relevant URL: http://www.securityfocus.com/bid/13025
Summary:
PHP-Nuke is reportedly affected by multiple cross-site scripting vulnerabilities in the Web_Links Module. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

17. PHP-Nuke Banners.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 13026
Remote: Yes
Date Published: Apr 06 2005
Relevant URL: http://www.securityfocus.com/bid/13026
Summary:
PHP-Nuke is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

18. PHP-Nuke Top Module SQL Injection Vulnerability
BugTraq ID: 13047
Remote: Yes
Date Published: Apr 06 2005
Relevant URL: http://www.securityfocus.com/bid/13047
Summary:
PHP-Nuke is prone to an SQL injection vulnerability. This issue arises due to insufficient sanitization of user-supplied input. This issue may allow a remote attacker to manipulate query logic, potentially leading to unauthorized access to sensitive information such as the administrator password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

19. SurgeFTP LEAK Command Denial of Service Vulnerability
BugTraq ID: 13054
Remote: Yes
Date Published: Apr 07 2005
Relevant URL: http://www.securityfocus.com/bid/13054
Summary:
SurgeFTP is prone to a denial of service condition. This issue exists when the LEAK command is issued to the FTP server. Successful exploitation will cause the FTP server to either refuse new connections or not be able to send or receive files.

20. PHP-Nuke Web_Links Module Multiple SQL Injection Vulnerabili...
BugTraq ID: 13055
Remote: Yes
Date Published: Apr 07 2005
Relevant URL: http://www.securityfocus.com/bid/13055
Summary:
The Web_Links module of PHP-Nuke is affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. These issues are reported to affect PHP-Nuke version 7.6; earlier versions may also be affected.

21. Axel HTTP Redirection Buffer Overflow Vulnerability
BugTraq ID: 13059
Remote: Yes
Date Published: Apr 07 2005
Relevant URL: http://www.securityfocus.com/bid/13059
Summary:
Axel is prone to a buffer overflow vulnerability when handling HTTP redirection. A malicious HTTP response can trigger this issue, potentially allowing for arbitrary code execution.

22. Macromedia ColdFusion MX Updater Remote File Disclosure Vuln...
BugTraq ID: 13060
Remote: Yes
Date Published: Apr 07 2005
Relevant URL: http://www.securityfocus.com/bid/13060
Summary:
A remote file disclosure vulnerability affects Macromedia ColdFusion MX. The problem presents itself due to a design error that causes potentially sensitive files to be stored in insecure locations. An attacker may leverage this issue to gain access to compiled Java class files processed by the affected application server. This may facilitate further attacks and application code disclosure.

23. PHP-Nuke Downloads Module Multiple SQL Injection Vulnerabili...
BugTraq ID: 13061
Remote: Yes
Date Published: Apr 07 2005
Relevant URL: http://www.securityfocus.com/bid/13061
Summary:
PHP-Nuke Downloads module is reportedly affected by multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. These issues are reported to affect PHP-Nuke version 7.6; earlier versions may also be affected.

24. SUSE Netapplet Unspecified Local Privilege Escalation Vulner...
BugTraq ID: 13068
Remote: No
Date Published: Apr 08 2005
Relevant URL: http://www.securityfocus.com/bid/13068
Summary:
Netapplet is prone to a local input validation issue. This could allow a local user to gain elevated privileges. Specific details of this vulnerability are not currently known.

25. SUSE Tetex tmp File Existence Disclosure Vulnerability
BugTraq ID: 13072
Remote: No
Date Published: Apr 08 2005
Relevant URL: http://www.securityfocus.com/bid/13072
Summary:
teTex is prone to a symbolic link issue that could allow users to determine the existence of files in directories they do not have permission to access. Information gathered through this vulnerability could be used to carry out further attacks against the computer.

26. PostNuke Phoenix OP Parameter Remote Cross-Site Scripting Vu...
BugTraq ID: 13075
Remote: Yes
Date Published: Apr 08 2005
Relevant URL: http://www.securityfocus.com/bid/13075
Summary:
A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

27. PostNuke Phoenix Module Parameter Remote Cross-Site Scriptin...
BugTraq ID: 13076
Remote: Yes
Date Published: Apr 08 2005
Relevant URL: http://www.securityfocus.com/bid/13076
Summary:
A remote cross-site scripting vulnerability affects PostNuke. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
 
Old 04-18-2005, 11:07 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 69
April 14th 2005 (SN) - Part 1

Secunia

[SA14949] Red Hat update for kdegraphics
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-04-13
Red Hat has issued an update for kdegraphics. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14949/

[SA14922] Microsoft Internet Explorer Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-04-12
Some vulnerabilities has been reported in Microsoft Internet Explorer,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14922/

[SA14914] SUSE update for kdelibs3
Critical: Highly critical
Where: From remote
Impact: Spoofing, DoS, System access
Released: 2005-04-12
SUSE has issued an update for kdelibs3. This fixes some
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service), spoof the URL displayed in an address bar and status bar, or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14914/

[SA14908] KDE kdelibs PCX Image Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-04-12
Bruno Rohee has reported a vulnerability in KDE kdelibs, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14908/

[SA14900] SUSE Updates for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Privilege escalation,
System access
Released: 2005-04-11
SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious, local users to
escalate their privileges and by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14900/

[SA14893] UnixWare update for libtiff
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-04-08
SCO has issued an update for libtiff. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14893/

[SA14963] Fedora update for openoffice
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-04-14
Fedora has issued an update for openoffice. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14963/

[SA14939] Debian update for axel
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-04-13
Debian has issued an update for axel. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14939/

[SA14933] Gentoo update for axel
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-04-13
Gentoo has issued an update for axel. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14933/

[SA14907] UnixWare update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-04-11
Unixware has issued an update for telnet. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14907/

[SA14897] Access_user Class Undocumented Default Password
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-04-08
The vendor has reported a security issue in Access_user Class, which
can be exploited by malicious people to get access to arbitrary
accounts.
Full Advisory:
http://secunia.com/advisories/14897/

[SA14873] Camino JavaScript Engine Information Disclosure Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive information
Released: 2005-04-08
A vulnerability has been discovered in Camino, which can be exploited
by malicious people to gain knowledge of potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/14873/

[SA14951] Gentoo update for gld
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-04-13
Gentoo has issued an update for gld. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14951/

[SA14948] Red Hat update for dhcp
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-04-13
Red Hat has issued an update for dhcp. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14948/

[SA14941] Gld Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-04-13
dong-hun you has reported some vulnerabilities in Gld, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14941/

[SA14891] UnixWare CDE dtlogin XDMCP Parsing Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2005-04-08
SCO has acknowledged a vulnerability in UnixWare, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14891/

[SA14946] AIX Various Communication Protocol Security Issues
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-04-13
IBM has acknowledged some security issues in AIX, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14946/

[SA14945] Sun Solaris ICMP Message Handling Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-04-13
Sun has acknowledged some security issues in Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14945/

[SA14925] KDE KMail User Interface Spoofing Vulnerability
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2005-04-11
Noam Rathaus has discovered a vulnerability in KMail, which can be
exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/14925/

[SA14911] Gentoo update for phpmyadmin
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-04-12
Gentoo has issued an update for phpmyadmin. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attack.
Full Advisory:
http://secunia.com/advisories/14911/

[SA14898] FirstClass Client Bookmark Files Can Launch Local Programs
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-04-08
dila has reported a vulnerability in FirstClass, which can be exploited
by malicious people to execute arbitrary commands on a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14898/

[SA14895] Fedora update for gftp
Critical: Less critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2005-04-08
Fedora has issued an update for gftp. This fixes a vulnerability, which
can be exploited by malicious people to conduct directory traversal
attacks.
Full Advisory:
http://secunia.com/advisories/14895/

[SA14877] Gentoo update for gnome-vfs/libcdaudio
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-04-08
Gentoo has issued updates for gnome-vfs and libcdaudio. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14877/

[SA14936] Debian update for mysql
Critical: Less critical
Where: From local network
Impact: Security Bypass, Privilege escalation, System access
Released: 2005-04-14
Debian has issued an update for mysql. This fixes some vulnerabilities,
which can be exploited by malicious users to bypass certain security
restrictions and potentially compromise a vulnerable system and by
malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/14936/

[SA14872] Mandrake update for mysql
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2005-04-13
MandrakeSoft has issued an update for mysql. This fixes a
vulnerability, which can be exploited by malicious users to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14872/

[SA14863] Ubuntu update for mysql-server
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2005-04-07
Ubuntu has issued an update for mysql-server. This fixes a
vulnerability, which can be exploited by malicious users to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14863/

[SA14956] Gentoo update for rsnapshot
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-04-14
Gentoo has issued an update for rsnapshot. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/14956/

[SA14926] Ubuntu update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2005-04-11
Ubuntu has issued updates for the kernel. These fixes two
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) or gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/14926/
 
Old 04-18-2005, 11:08 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 69
April 14th 2005 (SN) - Part 2

[SA14903] portupgrade Insecure Temporary File Creation Vulnerability
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2005-04-12
Simon L. Nielsen has reported a vulnerability in portupgrade, which can
be exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/14903/

[SA14894] UnixWare update for cdrecord
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-04-08
SCO has issued an update for cdrecord. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14894/

[SA14892] OpenServer auditsh/atcronsh/termsh Buffer Overflow Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-04-08
Joel Soderberg and Christer Oberg have reported some vulnerabilities in
SCO OpenServer, which potentially can be exploited by malicious, local
users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/14892/

[SA14878] rsnapshot "copy_symlink()" Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-04-11
A vulnerability has been reported in rsnapshot, which can be exploited
by malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/14878/

[SA14876] OpenServer update for cscope
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-04-08
SCO has issued an update for cscope. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions
on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/14876/

[SA14875] SGI IRIX gr_osview Privilege Escalation and Information Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation
Released: 2005-04-08
Two vulnerabilities have been reported in SGI IRIX, which can be
exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges and disclose some sensitive
information.
Full Advisory:
http://secunia.com/advisories/14875/

[SA14952] Mandrake update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-04-14
MandrakeSoft has issued an update for gaim. This fixes three
weaknesses, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/14952/

[SA14947] Red Hat update for gaim
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-04-13
Red Hat has issued an update for gaim. This fixes three weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/14947/

[SA14886] Mandrake update for gtk+2.0
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-04-08
MandrakeSoft has issued an update for gtk+2.0. This fixes a
vulnerability, which can be exploited by malicious people to crash
certain applications on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14886/

[SA14885] Mandrake update for gdk-pixbuf
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-04-08
MandrakeSoft has issued an update for gdk-pixbuf. This fixes a
vulnerability, which can be exploited by malicious people to crash
certain applications on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14885/

[SA14899] Pine rpdump File Creation Race Condition Vulnerability
Critical: Not critical
Where: Local system
Impact: Manipulation of data
Released: 2005-04-12
Imran Ghory has reported a vulnerability in Pine, which potentially can
be exploited by malicious, local users to perform certain actions on a
vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/14899/

[SA14887] Mandrake update for sharutils
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2005-04-08
MandrakeSoft has issued an update for sharutils. This fixes a
vulnerability, which potentially can be exploited by malicious, local
users to conduct certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14887/

[SA14883] Red Hat vixie-cron Exposure of Arbitrary Cron Files
Critical: Not critical
Where: Local system
Impact: Exposure of system information
Released: 2005-04-08
Karol WiÍsek has discovered a vulnerability in vixie-cron on Red Hat
Enterprise Linux, which can be exploited by malicious, local users to
read arbitrary cron files.
Full Advisory:
http://secunia.com/advisories/14883/

[SA14862] Fedora Core vixie-cron Exposure of Arbitrary Cron Files
Critical: Not critical
Where: Local system
Impact: Exposure of system information
Released: 2005-04-08
Karol WiÍsek has discovered a vulnerability in vixie-cron on Fedora
Core, which can be exploited by malicious, local users to read
arbitrary cron files.
Full Advisory:
http://secunia.com/advisories/14862/

[SA14916] DokuWiki File Upload Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-04-13
HŚvar Henriksen has reported a vulnerability in DokuWiki, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14916/

[SA14890] ModernBill Cross-Site Scripting and File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2005-04-11
James Bercegay has reported some vulnerabilities in ModernBill, which
can be exploited by malicious people to conduct cross-site scripting
attacks and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14890/

[SA14935] Oracle Products Multiple Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS
Released: 2005-04-13
Multiple vulnerabilities have been reported in various Oracle products.
Some have an unknown impact, and others can be exploited to gain
knowledge of sensitive information, manipulate data, or cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/14935/

[SA14929] Mambo zOOm Media Gallery Module "catid" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-04-12
Andreas Constantinides has reported a vulnerability in the zOOm Media
Gallery module for Mambo, which can be exploited by malicious people to
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14929/

[SA14919] jPortal Banner Module SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2005-04-12
Marcin "CiNU5" Krupowicz has reported a vulnerability in jPortal, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14919/

[SA14913] aeDating Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2005-04-12
dionisio has reported some vulnerabilities in aeDating, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/14913/

[SA14912] OpenOffice ".doc" Document Handling Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-04-13
AD-LAB has reported a vulnerability in OpenOffice, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14912/

[SA14906] RadBids Gold Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2005-04-11
Diabolic Crab has reported some vulnerabilities in RadBids Gold, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks, and potentially disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/14906/

[SA14888] SurgeFTP "LEAK" Command Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-04-08
Tan Chew Keong has reported a vulnerability in SurgeFTP, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14888/

[SA14882] PunBB SQL Injection and Cross-Site Scripting Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-04-08
Some vulnerabilities have been reported in PunBB, which can be
exploited by malicious people to conduct cross-site scripting attacks
and by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14882/

[SA14881] Macromedia ColdFusion MX Exposure of Class Files
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-04-08
Sean Waddell has reported a security issue in Macromedia ColdFusion MX,
which can be exploited by malicious people to disclose some potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/14881/

[SA14869] Runcms / exoops Arbitrary File Upload Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-04-07
pokleyzz has reported a vulnerability in Runcms and exoops, which
potentially can be exploited by malicious users to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14869/

[SA14866] PHP-Nuke Multiple SQL Injection Vulnerabilities

Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information
Released: 2005-04-07
Some vulnerabilities have been reported in PHP-Nuke, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14866/

[SA14934] Veritas i3 FocalPoint Server Unspecified Vulnerability
Critical: Moderately critical
Where: From local network
Impact: Unknown
Released: 2005-04-13
NGSSoftware has reported a vulnerability with an unknown impact in
Veritas i3 FocalPoint server.
Full Advisory:
http://secunia.com/advisories/14934/

[SA14940] eGroupWare Exposure of Mail Attachments
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-04-13
Gerald Quakenbush has discovered a security issue in eGroupWare, which
may expose sensitive information to malicious people.
Full Advisory:
http://secunia.com/advisories/14940/

[SA14924] Pinnacle Cart "pg" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-04-13
SmOk3 has reported a vulnerability in Pinnacle Cart, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14924/

[SA14902] Sun Java JDK/SDK Jar Directory Traversal Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-04-11
Pluf has discovered a vulnerability in Sun Java JDK/SDK, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14902/

[SA14884] TowerBlog Exposure of Sensitive Information
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-04-11
CorryL has reported a vulnerability in TowerBlog, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/14884/

[SA14868] PostNuke Cross-Site Scripting and SQL Injection Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-04-08
Diabolic Crab has reported some vulnerabilities in PostNuke, which can
be exploited by malicious people to conduct SQL injection and
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14868/

[SA14867] CubeCart "language" PHP Script Inclusion Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass, Exposure of system information
Released: 2005-04-07
John Cobb has reported a vulnerability in CubeCart, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14867/

[SA14865] HP OpenView Network Node Manager Unspecified Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2005-04-07
A vulnerability has been reported in OpenView Network Node Manager (OV
NNM), which can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/14865/
 
Old 04-18-2005, 11:10 PM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 69
April 15th 2005 (LAW)

Distribution: Debian

* Debian: New axel packages fix arbitrary code execution
13th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118866

Distribution: Fedora

* Fedora Core 3 Update: gftp-2.0.18-0.FC3
7th, April, 2005
Updated package
http://www.linuxsecurity.com/content/view/118824

* Fedora Core 2 Update: gftp-2.0.18-0.FC2
7th, April, 2005
Updated package
http://www.linuxsecurity.com/content/view/118825

* Fedora Core 3 Update: wireless-tools-27-1.2.0.fc3
7th, April, 2005
Please see below for changes.
http://www.linuxsecurity.com/content/view/118827

* Fedora Core 3 Update: glibc-2.3.5-0.fc3.1
7th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118836

* Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.94
8th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118839

* Fedora Core 3 Update: kernel-2.6.11-1.14_FC3
11th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118851

* Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.96
11th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118852

* Fedora Core 3 Update: autofs-4.1.3-114
12th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118862

* Fedora Core 3 Update: gcc-3.4.3-22.fc3
12th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118864

* Fedora Core 3 Update: gcc4-4.0.0-0.41.fc3
12th, April, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118865

Distribution: Gentoo

* Gentoo: GnomeVFS, libcdaudio CDDB response overflow
8th, April, 2005
The GnomeVFS and libcdaudio libraries contain a buffer overflow that
can be triggered by a large CDDB response, potentially allowing the
execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118837

* Gentoo: Smarty Template vulnerability
10th, April, 2005
New ways of bypassing Smarty's "Template security" were found and
fixed in Smarty. Users making use of that feature are encouraged
to upgrade to version 2.6.9.
The updated sections appear below.
http://www.linuxsecurity.com/content/view/118843

* Gentoo: phpMyAdmin Cross-site scripting vulnerability
11th, April, 2005
phpMyAdmin is vulnerable to a cross-site scripting attack.
http://www.linuxsecurity.com/content/view/118850

* Gentoo: Axel Vulnerability in HTTP redirection handling
12th, April, 2005
A buffer overflow vulnerability has been found in Axel which could
lead to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118863

Distribution: Mandrake

* Mandrake: Updated shorewall packages
7th, April, 2005
The shorewall package is being updated to provide appropriate bogons
information and other minor fixes.
http://www.linuxsecurity.com/content/view/118823

* Mandrake: Updated gtk+2.0 packages fix
7th, April, 2005
A bug was discovered in the way that gtk+2.0 processes BMP images
which could allow for a specially crafted BMP to cause a Denial of
Service attack on applications linked against gtk+2.0. The updated
packages have been patched to correct these issues.
http://www.linuxsecurity.com/content/view/118832

* Mandrake: Updated sharutils packages
7th, April, 2005
Shaun Colley discovered a buffer overflow in shar that was triggered
by output files (using -o) with names longer than 49 characters which
could be exploited to run arbitrary attacker-specified code.
http://www.linuxsecurity.com/content/view/118833

* Mandrake: Updated gdk-pixbuf packages
7th, April, 2005
A bug was discovered in the way that gdk-pixbuf processes BMP
images which could allow for a specially crafted BMP to cause a
Denial of Service attack on applications linked against gdk-pixbuf.
The updated packages have been patched to correct these issues.
http://www.linuxsecurity.com/content/view/118834

Distribution: Red Hat

* RedHat: Moderate: kdegraphics security update
12th, April, 2005
Updated kdegraphics packages that resolve multiple security issues in
kfax are now available. This update has been rated as having moderate
security impact by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/118856

* RedHat: Moderate: dhcp security update
12th, April, 2005
An updated dhcp package that fixes a string format issue is now
available for Red Hat Enterprise Linux 2.1. This update has been
rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/118857

* RedHat: Important: gaim security update
12th, April, 2005
An updated gaim package that fixes multiple denial of service
issues is now available. This update has been rated as having
important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118858

Distribution: SuSE

* SuSE: various KDE security problems
11th, April, 2005
Several vulnerabilities have been identified and fixed in the
KDE desktop environment.
http://www.linuxsecurity.com/content/view/118849
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ Security Report - April 10th 2005 Capt_Caveman Linux - Security 2 04-10-2005 08:00 PM
LQ Security Report - April 3rd 2005 Capt_Caveman Linux - Security 3 04-03-2005 11:16 PM
LQ Security Report - September 18th 2004 unSpawn Linux - Security 2 09-18-2004 07:55 AM
LQ security report - April 16th 2004 Capt_Caveman Linux - Security 3 04-17-2004 11:09 AM
LQ security report - Feb 18th 2004 unSpawn Linux - Security 3 02-18-2004 04:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration