Section: .. / 0610-advisories /
| /// File Name: |
MDKSA-2006-171.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-171: slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3753 | | Last Modified: | Oct 3 20:46:32 2006 |
| MD5 Checksum: | 10ffc1b61bea04405ed373821f7d978e |
|
| /// File Name: |
MDKSA-2006-172-1.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-172-1: Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 9118 | | Last Modified: | Oct 3 20:47:19 2006 |
| MD5 Checksum: | fb6eb884b31ae8e9c20c753e0ab10a98 |
|
| /// File Name: |
MDKSA-2006-172.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-172: Dr S N Henson of the OpenSSL core team and Open Network Security recently developed an ASN1 test suite for NISCC (www.niscc.gov.uk). When the test suite was run against OpenSSL two denial of service vulnerabilities were discovered.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8494 | | Last Modified: | Oct 3 20:46:38 2006 |
| MD5 Checksum: | 9989d95b9fe1028d5c59239a313e1b89 |
|
| /// File Name: |
MDKSA-2006-173.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-173: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4537 | | Last Modified: | Oct 3 20:46:44 2006 |
| MD5 Checksum: | e0297abe46507c5f7af2b4bb815e32e1 |
|
| /// File Name: |
MDKSA-2006-174.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-174: Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3231 | | Last Modified: | Oct 3 20:46:51 2006 |
| MD5 Checksum: | 3838d0206ec2140adac4c1277c7ca750 |
|
| /// File Name: |
MDKSA-2006-175.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-175: Mplayer uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5266 | | Last Modified: | Oct 3 20:47:00 2006 |
| MD5 Checksum: | ab75d0ef9bd1f21cb02f3f77d23324ed |
|
| /// File Name: |
MDKSA-2006-176.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-176: Xine-lib uses an embedded copy of ffmpeg and as such has been updated to address the following issue: Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8898 | | Last Modified: | Oct 3 20:47:08 2006 |
| MD5 Checksum: | f3225bb9d65122a89bb67b51c09f9ce0 |
|
| /// File Name: |
MDKSA-2006-177.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-177: Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some MySQL versions are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5502 | | Last Modified: | Oct 3 20:47:28 2006 |
| MD5 Checksum: | 742ab8590b84f07fa11ec840001a0ccf |
|
| /// File Name: |
MDKSA-2006-178.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-178: Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3762 | | Last Modified: | Oct 3 20:47:36 2006 |
| MD5 Checksum: | 85150bb23fac28a31fb4684c3fc240ea |
|
| /// File Name: |
MDKSA-2006-179.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-179: Tavis Ormandy of the Google Security Team discovered a Denial of Service vulnerability in the SSH protocol version 1 CRC compensation attack detector. This could allow a remote unauthenticated attacker to trigger excessive CPU utilization by sending a specially crafted SSH message, which would then deny ssh services to other users or processes (CVE-2006-4924, CVE-2006-4925). Please note that Mandriva ships with only SSH protocol version 2 enabled by default.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8466 | | Last Modified: | Oct 4 18:41:46 2006 |
| MD5 Checksum: | 0e95e3d57b1492e07ea45aea6256e0d5 |
|
| /// File Name: |
MDKSA-2006-180.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-180 - An integer overflow was discovered in the PHP memory handling routines. If a script can cause memory allocation based on untrusted user data, a remote attacker sending a carefully crafted request could execute arbitrary code as the 'apache' user.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4213 | | Related CVE(s): | CVE-2006-4812 | | Last Modified: | Oct 9 00:10:59 2006 |
| MD5 Checksum: | 6d14c4619131e2f4239a801abaadbfa8 |
|
| /// File Name: |
MDKSA-2006-181.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-181: A vulnerability in python's repr() function was discovered by Benjamin C. Wiley Sittler. It was found that the function did not properly handle UTF-32/UCS-4 strings, so an application that used repr() on certin untrusted data could possibly be exploited to execute arbitrary code with the privileges of the user running the python application.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8152 | | Last Modified: | Oct 13 19:18:59 2006 |
| MD5 Checksum: | 21e1fc4ae31b3a53c207e02e20e15ea1 |
|
| /// File Name: |
MDKSA-2006-182.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-182: A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8627 | | Last Modified: | Oct 13 19:20:22 2006 |
| MD5 Checksum: | 4e8179382e164f48556aa3f7bb3c80cf |
|
| /// File Name: |
MDKSA-2006-183.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-183: The libksba library, as used by gpgsm in the gnupg2 package, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3245 | | Last Modified: | Oct 20 18:35:00 2006 |
| MD5 Checksum: | 225acc243c19807a24777976ca246124 |
|
| /// File Name: |
MDKSA-2006-184.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-184: An integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 7630 | | Last Modified: | Oct 20 18:35:08 2006 |
| MD5 Checksum: | 3371d54558b0918449b23cebb8a79d13 |
|
| /// File Name: |
MDKSA-2006-185.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-185: PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8814 | | Last Modified: | Oct 20 18:36:49 2006 |
| MD5 Checksum: | 61376419c6d91a017d81905b5e45b8f1 |
|
| /// File Name: |
MDKSA-2006-186.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-186: A vulnerability was discovered in the way that Qt handled pixmap images and the KDE khtml library used Qt in such a way that untrusted parameters could be passed to Qt, resulting in an integer overflow. This flaw could be exploited by a remote attacker in a malicious website that, when viewed by an individual using Konqueror, would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the user.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5351 | | Last Modified: | Oct 24 15:57:02 2006 |
| MD5 Checksum: | 3d070a2b1a623bfd5ea8ca5c69b4b18e |
|
| /// File Name: |
MDKSA-2006-187.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-187: An integer overflow was discovered in the way that Qt handled pixmap images. This flaw could be exploited by a remote attacker in a malicious website that, when viewed by an individual using an application that uses Qt (like Konqueror), would cause it to crash or possibly execute arbitrary code with the privileges of the user.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 17242 | | Last Modified: | Oct 27 18:47:53 2006 |
| MD5 Checksum: | 6c2bebf745cf9f732efbd0514af5d654 |
|
| /// File Name: |
MDKSA-2006-188.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-188: Sebastian Krahmer of the SUSE security team found that the System.CodeDom.Compiler classes in mono used temporary files in an insecure way that could allow a symbolic link attack to overwrite arbitrary files with the privileges of the user running a program that made use of those classes.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3554 | | Last Modified: | Oct 30 18:23:48 2006 |
| MD5 Checksum: | 3aab629ed34c3a732108bc3410c744ba |
|
| /// File Name: |
MDKSA-2006-189.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-189: Yannick Van Osselaer discovered a stack overflow in Xsupplicant, which could potentially be exploited by a remote, authenticated user to gain root privileges. Additional code cleanups to fix potential memory leaks are also included.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3246 | | Last Modified: | Oct 30 18:23:55 2006 |
| MD5 Checksum: | e69dde083e354bde40884804d57701c5 |
|
| /// File Name: |
MDKSA-2006-190.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-190: A race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4163 | | Last Modified: | Oct 30 18:24:01 2006 |
| MD5 Checksum: | d6f8213dbf2f4580c64703dcab56ea4e |
|
| /// File Name: |
MDKSA-2006-191.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-191: Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3642 | | Last Modified: | Oct 30 18:24:09 2006 |
| MD5 Checksum: | 95e40134eda956dc3de730efe58397cd |
|
| /// File Name: |
MDKSA-2006-192.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-192: The CGI library in Ruby 1.8 allowed a remote attacker to cause a Denial of Service via an HTTP request with a multipart MIME body that contained an invalid boundary specifier, which would result in an infinite loop and CPU consumption.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5750 | | Last Modified: | Oct 30 18:24:15 2006 |
| MD5 Checksum: | e4dc9b5f9f0fba547dcd24f100ae9e56 |
|
| /// File Name: |
MHL-2006-001.txt |
Description:
|
Mayhemic Labs security advisory - Eazy Cart is vulnerable to authentication bypassing, data injection, and cross site scripting attacks
| | Author: | Mayhemic Labs Security | | Homepage: | http://www.mayhemiclabs.com/ | | File Size: | 2198 | | Last Modified: | Oct 13 20:21:26 2006 |
| MD5 Checksum: | 50dfea02b86e6d87ca4bd90998f7fc83 |
|
| /// File Name: |
MHL-2006-002.txt |
Description:
|
yhemic Labs MHL-2006-002 Public Advisory: Call-Center-Software Versions 0.93 and below are vulnerable to multiple SQL injection attacks and XSS under certain conditions, along with privilege escalation.
| | Author: | Mayhemic Labs Security | | Homepage: | http://www.mayhemiclabs.com/ | | File Size: | 3092 | | Last Modified: | Oct 17 15:24:53 2006 |
| MD5 Checksum: | e5c34cecf5c5685b127cad41fca524ec |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
