Section: .. / 0703-advisories /
| /// File Name: |
glsa-200703-06.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-06 - An integer overflow flaw has been found in the pixmap handling of Qt, making the AMD64 x86 emulation Qt library vulnerable as well. Versions less than 10.0 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2858 | | Related CVE(s): | CVE-2006-4811 | | Last Modified: | Mar 6 07:27:28 2007 |
| MD5 Checksum: | 670ba1eabf17812b84ec4d806b1544e5 |
|
| /// File Name: |
glsa-200703-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-07 - Two buffer overflows have been discovered, one in print floats and one in the rope constructor. Versions less than 5.0.3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2549 | | Related CVE(s): | CVE-2007-0803 | | Last Modified: | Mar 9 01:22:44 2007 |
| MD5 Checksum: | 98f6604ff8358e6438492aa5179451d8 |
|
| /// File Name: |
glsa-200703-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-08 - Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects SeaMonkey. Various researchers reported some errors in the JavaScript engine potentially leading to memory corruption. SeaMonkey also contains minor vulnerabilities involving cache collision and unsafe pop-up restrictions, filtering or CSS rendering under certain conditions. All those vulnerabilities are the same as in GLSA 200703-04 affecting Mozilla Firefox. Versions less than 1.1.1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 5292 | | Related CVE(s): | CVE-2006-6077, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0801, CVE-2007-0981, CVE-2007-0995 | | Last Modified: | Mar 14 01:19:53 2007 |
| MD5 Checksum: | 814cb617645155ad1b304d6d41d15070 |
|
| /// File Name: |
glsa-200703-10.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-10 - The KHTML code allows for the execution of JavaScript code located inside the Title HTML element, a related issue to the Safari error found by Jose Avila. Versions less than 3.5.5-r8 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2833 | | Related CVE(s): | CVE-2007-0478, CVE-2007-0537 | | Last Modified: | Mar 14 01:54:51 2007 |
| MD5 Checksum: | 188b291cd0a26f639de6d0a9a19de5b0 |
|
| /// File Name: |
glsa-200703-11.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-11 - The Magnatune downloader doesn't quote the m_currentAlbumFileName parameter while calling the unzip shell command. Versions less than 1.4.5-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2525 | | Last Modified: | Mar 14 03:57:59 2007 |
| MD5 Checksum: | 44c1d37cdcb79f0a2e70c7b2ff391880 |
|
| /// File Name: |
glsa-200703-12.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-12 - Frank Benkstein discovered a possible NULL pointer dereference in apps/silcd/command.c if a new channel is created without specifying a valid hmac or cipher algorithm name. Versions less than 1.0.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2342 | | Last Modified: | Mar 20 04:04:59 2007 |
| MD5 Checksum: | 792905849b53a216bce49214e7b25bd1 |
|
| /// File Name: |
glsa-200703-13.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-13 - The SSH Secure Shell Server contains a format string vulnerability in the SFTP code that handles file transfers (scp2 and sftp2). In some situations, this code passes the accessed filename to the system log. During this operation, an unspecified error could allow uncontrolled stack access. Versions less than 4.3.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3187 | | Related CVE(s): | CVE-2006-0705 | | Last Modified: | Mar 20 05:12:32 2007 |
| MD5 Checksum: | b56d2c9a45892d02d35e413b38c81ef8 |
|
| /// File Name: |
glsa-200703-14.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-14 - The MU Security Research Team discovered that Asterisk contains a NULL-pointer dereferencing error in the SIP channel when handling request messages. Versions less than 1.2.14-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2737 | | Related CVE(s): | CVE-2007-1306 | | Last Modified: | Mar 20 06:51:56 2007 |
| MD5 Checksum: | 566b1ca5a6accf27586188ff401748d7 |
|
| /// File Name: |
glsa-200703-15.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-15 - PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. Versions less than 8.0.11 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2855 | | Related CVE(s): | CVE-2007-0555, CVE-2007-0556 | | Last Modified: | Mar 20 06:52:12 2007 |
| MD5 Checksum: | fba6b87dae5a1f3b10d3a349749c858d |
|
| /// File Name: |
glsa-200703-16.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-16 - ZDI reported an unsafe memory copy in mod_jk that was discovered by an anonymous researcher in the map_uri_to_worker function of native/common/jk_uri_worker_map.c . Versions less than 1.2.21-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2798 | | Related CVE(s): | CVE-2007-0774 | | Last Modified: | Mar 20 06:52:28 2007 |
| MD5 Checksum: | bcfa40f532618c5cfbff78b966840f57 |
|
| /// File Name: |
glsa-200703-17.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-17 - SUSE reported unspecified buffer overflows in ulogd involving the calculation of string lengths. Versions less than 1.23-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2570 | | Related CVE(s): | CVE-2007-0460 | | Last Modified: | Mar 20 06:52:56 2007 |
| MD5 Checksum: | 9e72418c77c9a744937472af173eee71 |
|
| /// File Name: |
glsa-200703-18.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-18 - Georgi Guninski reported a possible integer overflow in the code handling text/enhanced or text/richtext MIME emails. Additionally, various researchers reported errors in the JavaScript engine potentially leading to memory corruption. Additionally, the binary version of Mozilla Thunderbird includes a vulnerable NSS library which contains two possible buffer overflows involving the SSLv2 protocol. Versions less than 1.5.0.10 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4051 | | Related CVE(s): | CVE-2007-0008, CVE-2007-0009, CVE-2007-0775, CVE-2007-0776, CVE-2007-0777, CVE-2007-1282 | | Last Modified: | Mar 20 06:53:10 2007 |
| MD5 Checksum: | 6811970b6b513a48aed797c279fe2975 |
|
| /// File Name: |
glsa-200703-19.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-19 - The LTSP server includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as Type 1 - None (GLSA-200608-05). The LTSP VNC server will accept this security type, even if it is not offered by the server. Versions less than 4.2-r1 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2738 | | Related CVE(s): | CVE-2006-2450 | | Last Modified: | Mar 20 06:53:26 2007 |
| MD5 Checksum: | c4f8d501e214aca045b88a50512bd819 |
|
| /// File Name: |
glsa-200703-20.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-20 - LSAT insecurely writes in /tmp with a predictable filename. Versions less than or equal to 0.9.2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2984 | | Last Modified: | Mar 20 06:53:45 2007 |
| MD5 Checksum: | b533e47d6e91d6e5e2cab42300d805eb |
|
| /// File Name: |
glsa-200703-21.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-21 - Several vulnerabilities were found in PHP by the Hardened-PHP Project and other researchers. These vulnerabilities include a heap-based buffer overflow in htmlentities() and htmlspecialchars() if called with UTF-8 parameters, and an off-by-one error in str_ireplace(). Other vulnerabilities were also found in the PHP4 branch, including possible overflows, stack corruptions and a format string vulnerability in the *print() functions on 64 bit systems. Versions less than 5.2.1-r3 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 4468 | | Related CVE(s): | CVE-2006-5465, CVE-2007-0906, CVE-2007-0907, CVE-2007-0908, CVE-2007-0909, CVE-2007-0910, CVE-2007-0911, CVE-2007-0988, CVE-2007-1286, CVE-2007-1375, CVE-2007-1376, CVE-2007-1380, CVE-2007-1383 | | Last Modified: | Mar 21 04:11:24 2007 |
| MD5 Checksum: | 15e2795e889773a85cb4c7c4f289c219 |
|
| /// File Name: |
glsa-200703-22.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-22 - iDefense has reported two potential buffer overflow vulnerabilities found by researcher regenrecht in the code implementing the SSLv2 protocol. Versions less than 3.11.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3031 | | Related CVE(s): | CVE-2007-0008, CVE-2007-0009 | | Last Modified: | Mar 21 04:12:23 2007 |
| MD5 Checksum: | 942dca52b7305221aa8d354bc1ea527d |
|
| /// File Name: |
glsa-200703-24.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-24 - mgv includes code from gv that does not properly boundary check user-supplied data before copying it into process buffers. Versions less than or equal to 3.1.5 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3038 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Mar 27 05:45:02 2007 |
| MD5 Checksum: | 38bd5e4e89fca134cde78bb1b571463e |
|
| /// File Name: |
glsa-200703-25.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-25 - Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Versions less than 2.0.7 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2441 | | Related CVE(s): | CVE-2007-1006 | | Last Modified: | Apr 2 23:32:46 2007 |
| MD5 Checksum: | 1a13357f18a2b83fc477cd9fed9c8807 |
|
| /// File Name: |
glsa-200703-26.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-26 - Jean-Sébastien Guay-Leroux reported an integer underflow in file_printf function. Versions less than 4.20 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2685 | | Related CVE(s): | CVE-2007-1536 | | Last Modified: | Apr 3 00:32:06 2007 |
| MD5 Checksum: | 64096e81725c67cc104d16cbc9963279 |
|
| /// File Name: |
glsa-200703-27.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-27 - Squid incorrectly handles TRACE requests that contain a Max-Forwards header field with value 0 in the clientProcessRequest() function. Versions less than 2.6.12 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2430 | | Related CVE(s): | CVE-2007-1560 | | Last Modified: | Apr 3 00:51:34 2007 |
| MD5 Checksum: | 040a5cb09700e4437e32bb0daf91150b |
|
| /// File Name: |
glsa-200703-28.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200703-28 - CUPS does not properly handle partially-negotiated SSL connections. Upon receiving a partially-negotiated SSL connection, CUPS no longer accepts further incoming connections, as the initial connection never times out. Versions less than 1.2.9 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2581 | | Related CVE(s): | CVE-2007-0720 | | Last Modified: | Apr 3 00:52:04 2007 |
| MD5 Checksum: | 920c2983777a8f7036265decde3d43a8 |
|
| /// File Name: |
ibm-xss.txt |
Description:
|
IBM's Rational ClearQuest Web application version 7.0.0.0 suffers from a cross site scripting flaw.
| | Author: | James Clarke | | Homepage: | http://www.clarkee.co.uk/ | | File Size: | 2301 | | Last Modified: | Mar 20 05:55:52 2007 |
| MD5 Checksum: | 3936fd7a6c1a097be907fd94e5050e5c |
|
| /// File Name: |
ie7-phish.txt |
Description:
|
Internet Explorer 7.0 is vulnerable to cross-site scripting in one of its local resources. In combination with a design flaw in this specific local resource it is possible for an attacker to easily conduct phishing attacks against IE7 users.
| | Author: | avivra | | Homepage: | http://aviv.raffon.net/ | | File Size: | 2162 | | Last Modified: | Mar 20 04:31:59 2007 |
| MD5 Checksum: | 3b996a2ffb89a7c0d6ec5ff9b53a31ae |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
