-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : php4
SUMMARY : Problems with per-directory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : icecast
SUMMARY : Remote root exploit
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : MySQL
SUMMARY : Remote exploit
DATE :
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : bind
SUMMARY : Buffer overflow in bind
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : kde2
SUMMARY : Password sniffing via kdesu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : glibc
SUMMARY : Local root vulnerability in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : proftpd
SUMMARY : Denial of Service
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : sudo
SUMMARY : Local buffer overflow
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : cups
SUMMARY : Several vulnerabilities in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : icecast
SUMMARY : Remote buffer overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : imap
SUMMARY : Remote buffer overflow
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : licq
SUMMARY : Remote command execution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : sgml-tools
SUMMARY : Insecure temporary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : openssh
SUMMARY : Passive traffic analysis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : xntp3
SUMMARY : Remote buffer overflow
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : netscape
SUMMARY : Remote javascript
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : kernel
SUMMARY : Several security problems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : samba
SUMMARY : Temporary file
vulnerabilities
DATE : 2001-06-07 15:44:00
ID: CLA-2001:399
RELEVANT
RELEASES : 4.0, 4.0es, 4.1, 4.2, 5.0, prg graficos, ecommerce, 5.1, 6.0
- -
DESCRIPTION
Gnupg is a OpenPGP-compliant tool for secure communication
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : exim
SUMMARY : Format string vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : fetchmail
SUMMARY : Remote buffer overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : xinetd
SUMMARY : Two security fixes for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : samba
SUMMARY : Remote root vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : xinetd
SUMMARY : Remote buffer overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : Zope
SUMMARY : Remote vulnerability
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : tcltk
SUMMARY : Insecure runtime library
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : imlib
SUMMARY : Potential vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : cups
SUMMARY : Buffer Overflow
DATE :
two vulnerabilities stated in ethereal's home
page:
1.SNMP and LDAP string handling[1]
The PROTOS[2] test suite developed by the Oulu University Secure
Programming Group found some flaws in SNMP and LDAP protocols support
in ethereal. It may be possible to crash or execute arbitrary code
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : webalizer
SUMMARY : Buffer overflow
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : mod_python
SUMMARY : Remote vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : dhcp
SUMMARY : Format string vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : imap
SUMMARY : Remote buffer overflow
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : mailman
SUMMARY : Cross site scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : mozilla
SUMMARY : Mozilla vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : bind
SUMMARY : Denial of Service
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : Resolver libraries
SUMMARY : Resolver
DATE : 2002-07-31 11:54:00
ID: CLA-2002:513
RELEVANT
RELEASES : 6.0, 7.0, 8
- -
DESCRIPTION
OpenSSL implements the Secure Sockets Layer (SSL v2/v3) and Transport
Layer Security (TLS v1) protocols as well
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : kde
SUMMARY : X.509 certificate check
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : mailman
SUMMARY : Cross site scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : postgresql
SUMMARY : Buffer overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : kdelibs
SUMMARY : Cross site scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : xchat
SUMMARY : /dns command vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : python
SUMMARY : os.execvpe()
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : XFree86
SUMMARY : Local vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : apache
SUMMARY : DoS and other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : XFree86
SUMMARY : Several vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : fetchmail
SUMMARY : Multidrop mode
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : ypserv
SUMMARY : Ypserv memory leak
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : mod_ssl
SUMMARY : Cross site scripting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : heartbeat
SUMMARY : Remote format string
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : tetex
SUMMARY : dvips command execution
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : krb5
SUMMARY : Buffer overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : gv/kghostview
SUMMARY : Buffer overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : tar/unzip
SUMMARY : Directory transversal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : glibc
SUMMARY : Fix for several
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : linuxconf
SUMMARY : Open relay in mailconf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : php4
SUMMARY : Safe mode bypass and other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : syslog-ng
SUMMARY : Buffer overflow
a
vulnerability are made public after all vendors were notified in
advance and have had a reasonable amount of time to prepare and test
updated packages. We believe this to be the most secure and
responsible method for disclosing vulnerabilities.
SOLUTION
All BIND users should upgrade immediately
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : dhcpcd
SUMMARY : Characters expansion
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : samba
SUMMARY : Buffer overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : pine
SUMMARY : Denial of Service (DoS)
DATE
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : wget
SUMMARY : Directory transversal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : fetchmail
SUMMARY : Remote vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : kernel 2.4
SUMMARY : Local denial of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : openldap
SUMMARY : Several vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : cyrus-imapd
SUMMARY : Remote command
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : cvs
SUMMARY : Update: cvs remote double
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : libpng
SUMMARY : Buffer overflow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : mcrypt
SUMMARY : Buffer overflow and memory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : mozilla
SUMMARY : Several vulnerabilities
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : kde
SUMMARY : Multiple vulnerabilities in
in encrypted connections
DATE : 2003-02-24 19:25:00
ID: CLA-2003:570
RELEVANT
RELEASES : 6.0, 7.0, 8
- -
DESCRIPTION
OpenSSL[1] implements the Secure Sockets Layer (SSL v2/v3) and
Transport Layer Security (TLS v1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --
PACKAGE : sendmail
SUMMARY : Remote vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This email is intended to provide contact information for reporting
vulnerabilities in Symantec products. If you believe that you have
discovered a vulnerability in one of Symantec supported products, we
encourage you to contact [EMAIL PROTECTED]
In
Symantec has reviewed the issue that was reported with smc.exe crashing from
the command line. We have confirmed that an improperly formatted command line
can cause the user mode process to crash. However, the privileged service
process is unaffected. The client machine maintained full
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Symantec Security Advisory
SYM06-004
17 March 2006
Veritas Backup Exec: Application Memory Denial of Service
Revision History
None
Severity
Medium
Remote Access - Yes
Local Access - No
Authentication Required -No
Exploit publicly available - No
Symantec Security Advisory
SYM06-005
17 March 2006
Veritas Backup Exec for Windows Servers: Media Server BENGINE Service Job
log Format String Overflow
Revision History
None
Severity
Low (network/system authorization and specific configuration required)
Remote Access Yes
Local Access No
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
3Com/TippingPoint identified multiple buffer overflow vulnerabilities in
daemons running on Veritas NetBackup Master, Media Servers and clients.
See
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.37.h
tml
for full advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
the correct URL for the full advisory should be
http://securityresponse.symantec.com/avcenter/security/Content/2006.03.2
7.html
-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.0.5 (Build 5050)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Title: Symantec LiveUpdate for Macintosh Local Privilege Escalation
Threat: Moderate
Impact: Local Privilege Escalation
Product: LiveUpdate for Macintosh
Situation Overview:
Some components of Symantecs LiveUpdate for Macintosh do not set their
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Title: Symantec Scan Engine Multiple Vulnerabilities
Threat: Moderate
Impact: Unauthorized access
Product: Symantec Scan Engine
Situation Overview: Three vulnerabilities have been discovered in the
Symantec Scan Engine. Symantec Scan Engine is
the Automatic LiveUpdate function, Symantec
recommends customers interactively run Symantec LiveUpdate frequently to ensure
they have the most current protection available.
Establishing more secure Internet zone settings for the local user can prohibit
activation of ActiveX controls without the users
TippingPoint is committed to assuring the security of our customers, and
we take all reports of potential security issues against our products very
seriously.
Even though this report seems less than credible, we would encourgage the
author of this advisory to contact us directly and provide
SYM07-007
May 16, 2007
Symantec Norton Personal Firewall 2004 ActiveX Control Buffer Overflow
Risk Impact
Medium
Affected Products
Norton Internet Security 2004
Norton Personal Firewall 2004
Details
CERT notified Symantec that a buffer overflow exists in an ActiveX Control used
by
Symantec Security Advisory
http://www.symantec.com/avcenter/security/Content/2007.06.01.html
SYM07-009
1 June, 2007
Symantec Storage Foundation for Windows Volume Manager: Authentication Bypass
and Potential Code Execution in Scheduler Service
Revision History
None
Severity
Medium
SYM07-012 Symantec Reporting Server Elevation of Privilege
June 5, 2007
Risk Impact
Medium
Remote Access: Yes
Local Access: Yes
Authentication Required: No
Exploit available: No
Overview
Files created by a Reporting Server may be accessible to an unauthorized user.
Affected
SYM07-011: Symantec Reporting Server Password Disclosure
June 5, 2007
Risk Impact: Medium
Remote Access: Yes
Local Access: Yes
Authentication Required:Yes
Exploit available: No
Overview
The administrator password for Symantec Reporting Server could be disclosed
after a failed login
SYM07-024
September 05, 2007
Symantec SYMTDI.SYS Device Driver Local Denial of Service
Revision History: None
Risk Impact: Low
Remote Access: No
Local Access: Yes
Authentication Required: Yes, to the local system
Exploit available: No
Overview
Some versions of Symantecs device driver
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Symantec has posted a Security Advisory for Symantec On-Demand Protection.
PLease see the advisory for complete information:
http://www.symantec.com/avcenter/security/Content/2006.08.01a.html
-BEGIN PGP SIGNATURE-
Version: PGP
Any further revisions to this information, if required, will be posted
to
the official advisory located at :
http://www.symantec.com/avcenter/security/Content/2006.08.11.html
Symantec Security Advisory
SYM06-014
BID 19479
11 August 2006
Symantec Backup Exec for Windows Server: RPC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Symantec AntiVirus and Symantec Client Security Elevation of Privilege
September 13, 2006
Overview
An elevation of privilege vulnerability in Symantec Client Security and
Symantec AntiVirus Corporate Edition could potentially allow a local
Symantec Product Security Advisory
October 23, 2006
SYM06-022 Symantec Device Driver Elevation of Privilege
Risk Impact: Medium
Remote Access: No
Local Access: Yes
Authentication Required: Yes
Exploit available: No
Overview
Symantec was notified of a vulnerability in a device driver which,
Symantec Security Advisory
SYM07-029
http://www.symantec.com/avcenter/security/Content/2007.11.27.html
27 Nov 2007
Symantec Backup Exec for Windows Server: Multiple Denial of Service Issues in
Job Engine
Revision History
None
Severity
Medium
Remote Access
Yes
Local Access
Symantec discontinued sales and support for Winfax Pro in early 2006. As such,
there will be no further updates to the product.
Anyone running a legacy version of this product and concerned about this issue
may want to follow the procedures outlined in MSKB 240797
Well maybe some times the D.O.S no work in local mode, but in my computer works,
in local mode. anyway it works in Remote Mode
"Federico - Comnet S.A." wrote:
Yes, we've tried the exploit various computers just for try it, and we can't
use the exploit in the local machine, allways the
March 27, 2006
Determina Fix for CVE-2006-1359
(Zero Day MS Internet Explorer Remote CreateTextRange() Code Execution)
Overview Instructions On Downloading The Free Determina Shield For
CVE-2006-1359
Based on the same technology used in the VPS LiveShield product, Determina
has engineered
Hi
Trustix today released updated versions of the diffutils and squid
packages with patches fixing insecure tempfile handling leading to
potential local root compromise.
All versions of Trustix Secure Linux are, as far as we know, vulnerable
and should be updated.
MD5sums:
1.2
Hi
Trustix is, like many other linux distributions, based on Glibc 2.1.3
and is therefore open to the "preload hole" discussed in various
postings to bugtraq and other lists. This is a local security hole,
and all users of TSL should upgrade their boxes.
MD5sums:
1.2:
1 - 100 of 177 matches
Mail list logo