[ MDVSA-2009:060-1 ] nfs-utils

2009-03-20 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:060-1 http://www.mandriva.com/security/

[USN-741-1] Thunderbird vulnerabilities

2009-03-20 Thread Jamie Strandboge
=== Ubuntu Security Notice USN-741-1 March 19, 2009 mozilla-thunderbird, thunderbird vulnerabilities CVE-2009-0352, CVE-2009-0772, CVE-2009-0774, CVE-2009-0776 === A

LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)

2009-03-20 Thread Chris Evans
Hi, LittleCMS (or lcms) prior to v1.18beta2 contains various integer overflow, buffer overflow and memory leak errors. At least one of these bugs is a stack-based buffer overflow which is good for arbitrary code execution. I have an exploit that works on my Ubuntu-8.10 laptop but am holding off

[ GLSA 200903-33 ] FFmpeg: Multiple vulnerabilities

2009-03-20 Thread Pierre-Yves Rofes
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-33 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -

[security bulletin] HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS)

2009-03-20 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01466051 Version: 3 HPSBMA02338 SSRT080024, SSRT080041 rev.3 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code, Denial of Service (DoS) NOTICE: The information

[SECURITY] [DSA 1746-1] New ghostscript packages fix arbitrary code execution

2009-03-20 Thread Steffen Joeris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1746-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris March 20, 2009

[SECURITY] [DSA 1748-1] New libsoup packages fix arbitrary code execution

2009-03-20 Thread Steffen Joeris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1748-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris March 20, 2009

[SECURITY] [DSA 1745-1] New lcms packages fix arbitrary code execution

2009-03-20 Thread Steffen Joeris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1745-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris March 20, 2009

[SECURITY] [DSA 1747-1] New glib2.0 packages fix arbitrary code execution

2009-03-20 Thread Steffen Joeris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1747-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris March 20, 2009

Bs.Player = 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh)

2009-03-20 Thread nospam
?php /* Bs.Player = 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh) by Nine:Situations:Group::pyrokinesis Overlong hostnames in bsplayer playlist files causes eax and seh handlers to be overwritten. Cannot reliably debug with olly because of code compression, just used

[oCERT-2009-003] LittleCMS integer errors

2009-03-20 Thread Andrea Barisani
#2009-003 LittleCMS integer errors Description: LittleCMS, an open source color management engine, suffers from several integer errors, resulting in stack based buffer overflows and various heap errors as well as dangerous memory leaks. Decoding a specially crafted image file will result in

[ GLSA 200903-34 ] Amarok: User-assisted execution of arbitrary code

2009-03-20 Thread Tobias Heinlein
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200903-34 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - -