Section: .. / 0709-advisories /
| /// File Name: |
USN-518-1.txt |
Description:
|
Ubuntu Security Notice 518-1 - Evan Teran discovered that the Linux kernel ptrace routines did not correctly handle certain requests robustly. Local attackers could exploit this to crash the system, causing a denial of service. It was discovered that hugetlb kernels on PowerPC systems did not prevent the stack from colliding with reserved kernel memory. Local attackers could exploit this and crash the system, causing a denial of service. It was discovered that certain CIFS filesystem actions did not honor the umask of a process. Local attackers could exploit this to gain additional privileges. Wojciech Purczynski discovered that the Linux kernel ia32 syscall emulation in x86_64 kernels did not correctly clear the high bits of registers. Local attackers could exploit this to gain root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 144421 | | Related CVE(s): | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573 | | Last Modified: | Sep 25 21:13:05 2007 |
| MD5 Checksum: | b5d8988fb105e46c3ff6fc28098e12ca |
|
| /// File Name: |
sa26955.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26955/ | | File Size: | 133231 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | edb73b61f5ed89c3e83b484cad1833b7 |
|
| /// File Name: |
USN-517-1.txt |
Description:
|
Ubuntu Security Notice 517-1 - It was discovered that KDM would allow logins without password checks under certain circumstances. If autologin was configured, and "shutdown with password" enabled, a local user could exploit the problem and gain root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 58014 | | Related CVE(s): | CVE-2007-4569 | | Last Modified: | Sep 25 00:08:38 2007 |
| MD5 Checksum: | 909c4a2a9962000bca85095b2bff8aae |
|
| /// File Name: |
sa26929.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for kdm. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26929/ | | File Size: | 54672 | | Last Modified: | Sep 25 18:33:28 2007 |
| MD5 Checksum: | 3f90614fd2eae15e3ef93143e8b46618 |
|
| /// File Name: |
dsa-1375-1.txt |
Description:
|
Debian Security Advisory 1375-1 - A heap overflow vulnerability has been discovered in the TIFF parsing code of the OpenOffice.org suite. The parser uses untrusted values from the TIFF file to calculate the number of bytes of memory to allocate. A specially crafted TIFF image could trigger an integer overflow and subsequently a buffer overflow that could cause the execution of arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 52039 | | Related CVE(s): | CVE-2007-2834 | | Last Modified: | Sep 18 12:58:05 2007 |
| MD5 Checksum: | 6a3c1ff684fdd265432c277410a69a1f |
|
| /// File Name: |
USN-510-1.txt |
Description:
|
Ubuntu Security Notice 510-1 - Over a dozen vulnerabilities have been patched for the Linux 2.6 kernel.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 51361 | | Related CVE(s): | CVE-2007-2525, CVE-2007-2875, CVE-2007-2876, CVE-2007-2878, CVE-2007-3104, CVE-2007-3105, CVE-2007-3513, CVE-2007-3642, CVE-2007-3843, CVE-2007-3848, CVE-2007-3851, CVE-2007-4308 | | Last Modified: | Sep 1 00:09:47 2007 |
| MD5 Checksum: | ca3d6ef3b5512c4bf96630a40cd450f2 |
|
| /// File Name: |
sa26643.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26643/ | | File Size: | 50581 | | Last Modified: | Aug 31 22:46:36 2007 |
| MD5 Checksum: | 1815e6e7d5db4a9744237a78e44c8924 |
|
| /// File Name: |
sa26817.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for openoffice.org. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26817/ | | File Size: | 48673 | | Last Modified: | Sep 18 12:50:06 2007 |
| MD5 Checksum: | f7b3a708bf4954e72b3dea1f691f9219 |
|
| /// File Name: |
dsa-1364-2.txt |
Description:
|
Debian Security Advisory 1364-2 - Several vulnerabilities have been discovered in the vim editor. Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the "helptags" command) can lead to the execution of arbitrary code. Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim. This updated advisory repairs issues with missing files in the packages for the oldstable distribution (sarge) for the alpha, mips, and mipsel architectures.
| | Homepage: | http://www.debian.org/security | | File Size: | 41560 | | Related CVE(s): | CVE-2007-2953, CVE-2007-2438 | | Last Modified: | Sep 20 05:05:38 2007 |
| MD5 Checksum: | b58a312c9824db35ed8b97aedf36ed0a |
|
| /// File Name: |
dsa-1376-1.txt |
Description:
|
Debian Security Advisory 1376-1 - iKees Huijgen discovered that under certain circumstances KDM, an X session manage for KDE, it is possible for KDM to be tricked into allowing user logins without a password.
| | Homepage: | http://www.debian.org/security | | File Size: | 41254 | | Related CVE(s): | CVE-2007-4569 | | Last Modified: | Sep 24 22:10:58 2007 |
| MD5 Checksum: | c49bea5391596d92bf13342e932b53ec |
|
| /// File Name: |
dsa-1364-1.txt |
Description:
|
Debian Security Advisory 1364-1 - Several vulnerabilities have been discovered in the vim editor. Ulf Harnhammar discovered that a format string flaw in helptags_one() from src/ex_cmds.c (triggered through the "helptags" command) can lead to the execution of arbitrary code. Editors often provide a way to embed editor configuration commands (aka modelines) which are executed once a file is opened. Harmful commands are filtered by a sandbox mechanism. It was discovered that function calls to writefile(), feedkeys() and system() were not filtered, allowing shell command execution with a carefully crafted file opened in vim.
| | Homepage: | http://www.debian.org/security | | File Size: | 41108 | | Related CVE(s): | CVE-2007-2953, CVE-2007-2438 | | Last Modified: | Sep 5 01:14:56 2007 |
| MD5 Checksum: | fd9375eee24f1c58e41b4c7adc5831df |
|
| /// File Name: |
sa26651.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities and a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or gain escalated privileges, and by malicious people to cause a DoS.
| | Homepage: | http://secunia.com/advisories/26651/ | | File Size: | 40787 | | Last Modified: | Aug 31 22:46:36 2007 |
| MD5 Checksum: | dd0ef212950dec4d31e1713cdde8b9b6 |
|
| /// File Name: |
sa26903.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for OpenOffice_org. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26903/ | | File Size: | 40112 | | Last Modified: | Sep 24 11:00:46 2007 |
| MD5 Checksum: | 2dc7816c6cae476ca16ab1e0ded432bf |
|
| /// File Name: |
sa26904.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for kdebase. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/26904/ | | File Size: | 39362 | | Last Modified: | Sep 24 11:00:46 2007 |
| MD5 Checksum: | 6b636b5818b4a4de848d0d5444627dac |
|
| /// File Name: |
USN-513-1.txt |
Description:
|
Ubuntu Security Notice 513-1 - Dirk Mueller discovered that UTF8 strings could be made to cause a small buffer overflow. A remote attacker could exploit this by sending specially crafted strings to applications that use the Qt3 library for UTF8 processing, potentially leading to arbitrary code execution with user privileges, or a denial of service.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 39342 | | Related CVE(s): | CVE-2007-4137 | | Last Modified: | Sep 18 22:43:07 2007 |
| MD5 Checksum: | acacaa6df6c5f832cadfd25c6d90be13 |
|
| /// File Name: |
sa26653.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for vim. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/26653/ | | File Size: | 37581 | | Last Modified: | Sep 4 22:20:04 2007 |
| MD5 Checksum: | 268e6f81f90599d758131a6c84a36c0e |
|
| /// File Name: |
sa26868.txt |
Description:
|
Secunia Security Advisory - Ubuntu has issued an update for qt. This fixes a vulnerability, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/26868/ | | File Size: | 37508 | | Last Modified: | Sep 20 04:11:10 2007 |
| MD5 Checksum: | 7b7ba1b4715f98725167ebd6cca33731 |
|
| /// File Name: |
dsa-1378-1.txt |
Description:
|
Debian Security Advisory 1378-1 - Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code. Evan Teran discovered a potential local denial of service (oops) in the handling of PTRACE_SETREGS and PTRACE_SINGLESTEP requests. Adam Litke reported a potential local denial of service (oops) on powerpc platforms resulting from unchecked VMA expansion into address space reserved for hugetlb pages. Steve French reported that CIFS filesystems with CAP_UNIX enabled were not honoring a process' umask which may lead to unintentionally relaxed permissions. Wojciech Purczynski discovered a vulnerability that can be exploited by a local user to obtain superuser privileges on x86_64 systems. This resulted from improper clearing of the high bits of registers during ia32 system call emulation. This vulnerability is relevant to the Debian amd64 port as well as users of the i386 port who run the amd64 linux-image flavor. Michael Stone reported an issue with the JFFS2 filesystem. Legacy modes for inodes that were created with POSIX ACL support enabled were not being written out to the medium, resulting in incorrect permissions upon remount.
| | Homepage: | http://www.debian.org/security | | File Size: | 35220 | | Related CVE(s): | CVE-2007-3731, CVE-2007-3739, CVE-2007-3740, CVE-2007-4573, CVE-2007-4849 | | Last Modified: | Sep 27 21:33:30 2007 |
| MD5 Checksum: | 5e6dd1cd0082c7a2a3959335b7ea1e1b |
|
| /// File Name: |
sa26647.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for the kernel. This fixes some weaknesses, a security issue, and a vulnerability, which potentially can be exploited by malicious, local users to expose potentially sensitive information and bypass certain security restrictions, and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/26647/ | | File Size: | 32760 | | Last Modified: | Sep 4 22:20:04 2007 |
| MD5 Checksum: | 217346e07304268d4608132cc10370ab |
|
| /// File Name: |
sa26978.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for the kernel. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, or gain escalated privileges.
| | Homepage: | http://secunia.com/advisories/26978/ | | File Size: | 32049 | | Last Modified: | Sep 29 17:23:54 2007 |
| MD5 Checksum: | 4c6d289205eb65c462d39a49f019430d |
|
| /// File Name: |
USN-511-2.txt |
Description:
|
Ubuntu Security Notice 511-2 - USN-511-1 fixed vulnerabilities in krb5 and librpcsecgss. The fixes were incomplete, and only reduced the scope of the vulnerability, without fully solving it. It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 29284 | | Related CVE(s): | CVE-2007-3999 | | Last Modified: | Sep 7 20:28:40 2007 |
| MD5 Checksum: | a7b734c0ce5344db1d137bc8862fec37 |
|
| /// File Name: |
USN-511-1.txt |
Description:
|
Ubuntu Security Notice 511-1 - It was discovered that the libraries handling RPCSEC_GSS did not correctly validate the size of certain packet structures. An unauthenticated remote user could send a specially crafted request and execute arbitrary code with root privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 29059 | | Related CVE(s): | CVE-2007-3999 | | Last Modified: | Sep 5 01:23:52 2007 |
| MD5 Checksum: | 878c5071c2ffec3b8ab1f0df03332c3e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
