Package: mysql-dfsg
Severity: grave
Tags: security
Justification: user security hole
A buffer overflow in user defined functions can be exploited to
possibly execute arbitrary code by user that have been granted the
privilege to create user defined functions. For full details please
see
Package: evolution
Severity: grave
Tags: security
Multiple exploitable format string vulnerabilities have been found in
Evolution. Please see
http://www.securityfocus.com/archive/1/407789/30/0/threaded
for details. 2.3.7 fixes all these issues.
Cheers,
Moritz
-- System Information:
Horms wrote:
below patch has been slurped into the Debian patches for 2.6.8, but the
error posted looks like the same error I suffered when hitting this bug.
Patch from http://lists.osdl.org/pipermail/bridge/2004-September/000638.html
Cut and paste from the web archive, so spacing
Horms wrote:
There is no public CVE assignment for this issue. If's it easily
reproducable
for non-root, it might account as a local DoS vulnerability.
mii-tool's IOCTL is only allowed by root.
The remote DoS comes from the fact that snmpd will call this IOCTL when it
gets a
Package: wordpress
Severity: grave
Tags: security patch
Justification: user security hole
Hi,
a vulnerability in Wordpress' cookie handling has been reported that allows
arbitrary PHP command execution, if register_globals is enabled in the PHP
config. Please see
Package: centericq
Severity: grave
Tags: security
Justification: user security hole
Multiple security problems have been fixed in ekg and it's libgadu
library:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370
Package: drupal
Severity: grave
Tags: security
Justification: user security hole
[I'm pretty sure you are already aware of it; but here it is anyway]
Another XMLRPC vulnerability has been detected that affects Drupal
as well. Please see http://www.hardened-php.net/advisory_142005.66.html
for
Package: egroupware
Severity: grave
Tags: security
Justification: user security hole
Hi,
another vulnerability has been found in the XMLRPC code. Please
see http://www.hardened-php.net/advisory_142005.66.html for
more information. egroupware was affected by July's vulnerability,
so it might now
Package: phpgroupware
Severity: grave
Tags: security
Justification: user security hole
Hi,
another vulnerability has been found in the XMLRPC code. Please
see http://www.hardened-php.net/advisory_142005.66.html for
more information. phpgroupware was affected by July's vulnerability,
so it might
Package: bluez-utils
Severity: grave
Tags: security patch
Justification: user security hole
A vulnerability in hcid has been found. Please see this URL for details:
http://sourceforge.net/mailarchive/forum.php?thread_id=7893206forum_id=1881
https://bugs.gentoo.org/show_bug.cgi?id=101557
Upstream
Package: gallery
Severity: grave
Tags: security
Justification: user security hole
gallery doesn't sanitize EXIF tags when displaying them. Please
see http://cedri.cc/advisories/EXIF_XSS.txt for more information.
gallery2 might be affected as well.
Cheers,
Moritz
-- System Information:
Ola Westin wrote:
Package: libapache-auth-ldap
Version: 1.6.0-8
Severity: grave
Tags: security
Justification: user security hole
auth_ldap version 1.6.0 contains a remote security vulnerability.
See http://www.digitalarmaments.com/2006090173928420.html for details.
A fixed version
Santiago Vila wrote:
How exactly this is dangerous in *pine*? (not in the IMAP server)
The problem is that we have another case of an embedded code copy,
something we should get rid of for Etch for as many packages as
possible.
You gain access to the system if you are running pine? That would
Christian Hammers wrote:
There were some kernel security announcements on bugtrag the last couple
of days. As those CAN Ids do not show up on the cross reference
or the nonvuln list, I wonder if Debian is affected and when fixed packages
can be expected.
See
Steve Kemp wrote:
On Wed, Jan 25, 2006 at 12:29:32PM +0100, Thierry Reding wrote:
* Bastian Blank wrote:
Package: komi
Version: 1.03-4
Severity: serious
There was an error while trying to autobuild your package:
I've investigated this a bit, and it looks like the
Recai Okta? wrote:
elog (2.5.7+r1558-4+sarge1) stable-security; urgency=high
* Major security update (big thanks to Florian Weimer)
+ Backport r1333 from upstream's Subversion repository:
Fixed crashes with very long (revisions) attributes
+ Backport r1335 from
Recai Okta? wrote:
Debdiff is attached and here is the new changelog for your convenience:
elog (2.5.7+r1558-4+sarge1) stable-security; urgency=critical
* Major security update (big thanks to Florian Weimer)
+ Backport r1333 from upstream's Subversion repository:
Package: zoph
Severity: grave
Tags: security
Justification: user security hole
According to the the 0.5pre1 changelog a potential SQL injection vulnerability
was fixed:
- Fixed some possible SQL-injection issues. - Adding multiple people to a photo
at once, thanks to Neil McBride.
Recai Okta? wrote:
Let me know whether it is fine and I'll make the upload to stable-security
(right?).
Did you upload? I don't see any builds trickling in. If not, I'll do it.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Package: libavcodec-dev
Version: 0.cvs20050106-1
Severity: grave
Tags: security
Justification: user security hole
[Cc'ing security@, as at least xine-lib embeds libavcodec, there may be
more, I haven't investigated whether they are affected, but I assume it's
the case]
The most recent
Package: ethereal
Version: 0.10.12-6
Severity: grave
Tags: security
Justification: user security hole
As usual ethereal 0.10.13 fixes lots of vulnerabilities, most of them are only
denial-of-
service, but some can lead to execution of arbitrary code.
Affecting only sid:
o The ISAKMP
Hi,
as the attack is based on overflowing buf1[] through crafted len values
taken from the packet header in BoGetDirection() and this function isn't
present in 2.3 Debian doesn't seem to vulnerable.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
Hilko Bengen wrote:
mantis 1.0.0-rc2 fixed these security problems, that seem to be missing in
the latest DSA upload that fixed several others:
- 0006097: [security] user ID is cached indefinately (thraxisp)
- 0006189: [security] List of users (in filter) visible for unauthorized
Hi,
while I agree that running yiff with lesser privileges is desirable
I can't see a RC security problem in this case. You can't crash
a system be reading from /dev, /proc or /sys, even reading from raw
hard disk devices doesn't cause harm. If you know such a scenario
please describe it,
Package: bmv
Version: 1.2-17
Severity: grave
Tags: security
Justification: user security hole
An integer overflow in bmv can lead to a local privilege escalation.
Please see http://felinemenace.org/advisories/bmv_advisory.txt for
details. This has been assigned CVE-2005-3278, please mention so
in
Package: mantis
Version: 0.19.2-4
Severity: grave
Tags: security
Justification: user security hole
Another security problem has been found in mantis. Insufficient
input sanitising of the t_core_path parameter may be exploited
to perform arbitrary file inclusion. Please see
Package: flyspray
Severity: grave
Tags: security
Justification: user security hole
Multiple Cross-Site-Scripting vulnerabilties have been found in
Flyspray. Have a look at
http://lostmon.blogspot.com/2005/10/flyspray-bug-killer-multiple-variable.html
for more details. This has been assigned
Thijs Kinkhorst wrote:
Another security problem has been found in mantis. Insufficient
input sanitising of the t_core_path parameter may be exploited to perform
arbitrary file inclusion. Please see
http://secunia.com/secunia_research/2005-46/advisory/ for details.
Hello Moritz,
Thank
Martin Schulze wrote:
Thijs Kinkhorst wrote:
Another security problem has been found in mantis. Insufficient
input sanitising of the t_core_path parameter may be exploited to
perform
arbitrary file inclusion. Please see
http://secunia.com/secunia_research/2005-46/advisory/
Thijs Kinkhorst wrote:
All affect Sarge.
I've prepared updated packages for sarge. My updated package for sid is
still pending with my sponsor Luk Claes. The updated packages for sarge
are available here:
http://www.a-eskwadraat.nl/~kink/mantis_sec/
They are not signed since I'm not a
Thijs Kinkhorst wrote:
On Mon, October 31, 2005 16:07, Moritz Muehlenhoff wrote:
The included patches look fine and correlate to what I extracted from the
interdiff. But where's the fix for CVE-2005-3337 aka mantis bug 5959?
The mantis bug is non-public, but according to the description
Package: openvpn
Severity: grave
Tags: security
Justification: user security hole
A format string vulnerability has been found in openvpn's option parsing
code, which indirectly may be exploited remotely as well. Please see
http://cert.uni-stuttgart.de/archive/bugtraq/2005/10/msg00393.html
for
Hi,
this has been assigned CVE-2005-3393, please mention so in the changelog
when fixing this.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Just for the record, PHP 4.4.1 fixes more security problems
besides the ones discovered by the Hardened PHP Project.
I'm including the CVE assignments:
* Fixed multiple safe_mode/open_basedir bypass vulnerabilities
in ext/curl and ext/gd that could lead to exposure of
files normally not
Hi,
this issue is CVE-2005-1109 and was addressed by DSA-713 from 2005-04-13.
Do you have reason to believe that the fix used there was incomplete?
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hi,
the DSA text is indeed incorrect, this is unfixed in sid.
Attached is the patch from the DSA.
Cheers,
Moritz
diff -u graphviz-2.2.1/debian/changelog graphviz-2.2.1/debian/changelog
--- graphviz-2.2.1/debian/changelog
+++ graphviz-2.2.1/debian/changelog
@@ -1,3 +1,11 @@
+graphviz
Package: scorched3d
Version: 39.1+cvs20050929-1
Severity: grave
Tags: security
Justification: user security hole
Multiple vulnerabilities have been found in Scorched 3D, some
of which may lead to arbitrary code execution. Please see
http://aluigi.altervista.org/adv/scorchbugs-adv.txt for more
Martin Schulze wrote:
Due to a bug in the environment variable substitution code it is
possible to inject environment variables such as LD_PRELOAD and gain a
root shell.
Confirmed.
Joey we'll need an ID for it.
Please use CVE-2005-3344 and inform vendor-sec.
Package: sylpheed
Severity: grave
Tags: security
Justification: user security hole
A remotely exploitable buffer overflow was found in Sylpheed. Quoting
from the web site:
| Since a security hole was discovered, the fixed versions were released.
| All users are recommended to upgrade.
|
| There
Package: sylpheed-claws
Severity: grave
Tags: security
Justification: user security hole
Buffer overflows have been found in Sylpheed-Claws's LDID/pine/mutt
address book import features. Quoting from the 1.9.100 release
announcement:
* Buffer overflows in the address book 'Import LDIF/Mutt/Pine
Package: apache2
Severity: grave
Tags: security
Justification: user security hole
Latest 2.1.6-alpha fixes a security in the proxy HTTP code:
| The 2.1.6-alpha release addresses a security vulnerability present
| in all previous 2.x versions. This fault did not affect Apache 1.3.x
| (which did
Steve Kemp wrote:
|Proxy HTTP: If a response contains both Transfer-Encoding
|and a Content-Length, remove the Content-Length to eliminate
|an HTTP Request Smuggling vulnerability and don't reuse the
|connection, stopping some HTTP Request Spoofing attacks.
Can I be
Package: egroupware
Severity: grave
Tags: security
Justification: user security hole
egroupware ships a local copy of the vulnerable XMLRPC code, as discovered
by GulfTech Security Research. The new upstream release 1.0.0.007-3 fixes
this issue.
Cheers,
Moritz
-- System Information:
severity 315722 important
thanks
[Sorry for the late reply, I've been busy lately]
Which libsdl1.2debian variant are you using? Are you possibly
using -oss? If so, could you please try it with -alsa or -all?
Second test:
I ran sarge prboom inside gdb and was astonished.
Inside gdb, prboom
Package: affix
Severity: grave
Tags: security patch
Justification: user security hole
btsrv sanitises input inproperly. I haven't yet checked whether this
is exploitable in the Debian package configuration as well. Please
see the advisory at http://www.digitalmunition.com/DMA[2005-0712b].txt
Package: affix
Severity: grave
Tags: security patch
Justification: user security hole
An exploitable buffer overflow in the btftp userspace client has been
reported. Please see http://www.digitalmunition.com/DMA[2005-0712a].txt
for an advisory. Patches are available at
Package: tutos
Severity: grave
Tags: security
Justification: user security hole
Multiple security problems have been reported on TUTOS, including SQL
injection and cross-site-scripting. Please see
http://www.securityfocus.com/archive/1/375757
for details. All issues seem to be fixed in current
The Mozilla vulnerabilities have been assigned these CVE ids:
CAN-2005-2270: Code execution through shared function objects
CAN-2005-2269: XHTML node spoofing
CAN-2005-2268: Javascript prompt origin spoofing
CAN-2005-2266: Same origin violation: frame calling top.focus()
CAN-2005-2265: Possible
Package: mozilla-thunderbird
Severity: grave
Tags: security
Justification: user security hole
Thunderbird 1.0.5 fixes these nine security issues, some of which
are classified as critical by the Mozilla developers:
CAN-2005-2270: Code execution through shared function objects
CAN-2005-2269: XHTML
Doh! This should be CAN-2004-2161 and CAN-2004-2162, not -2005-
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Package: mysql-dfsg-4.1
Version: 4.1.12-1 (not installed)
Severity: grave
Tags: security patch
MySQL bundles a copy of zlib, which is vulnerable to DoS and potential
arbitrary code execution due to a buffer overflow in the inflate function.
This is fixed in latest 4.1.13 upstream or in the
Welly Hartanto wrote:
Package: lincity-ng
Version: 1.0.1-1
Severity: serious
Justification: 4
I'm new to lincity-ng nad found the game exciting.
After playing a while I save my game. While saving, my game
was on accelerate mode ( by clicking the yellow arrow ).
I opened the saved game
Package: mozilla
Version: 2:1.7.11-1
Severity: grave
Tags: security
Justification: user security hole
As usual Mozilla 1.7.12 fixes several security issues. I'm copying
the bug descriptions from a Red Hat advisory, because they are not
yet public on the Mozilla website:
--
A bug was found in the
Hi,
there has been a Gentoo advisory about insecure temp files in rkhunter,
which got assigned CAN-2005-1270:
http://www.gentoo.org/security/en/glsa/glsa-200504-25.xml
So please check, whether the mentioned check_update.sh script is
vulnerable in the Debian package as well.
Cheers,
Package: mantis
Severity: grave
Tags: security
Justification: user security hole
mantis 1.0.0-rc2 fixed these security problems, that seem to be missing in
the latest DSA upload that fixed several others:
- 0006097: [security] user ID is cached indefinately (thraxisp)
- 0006189: [security] List
Package: bugzilla
Version: 2.18.3-2
Severity: grave
Tags: security
Justification: user security hole
Two information disclosure vulnerabilities have been found in Bugzilla:
+ It is possible to bypass the user visibility groups restrictions
if user-matching is turned on in substring mode.
+
Hi,
this potential license problem is blocking (among others) the transition
of 1.0.7-1, which fixes several serious security problems. As the problems
some debian-legal people seem to have spotted haven't been noticed by noone
else since the MPL is in use and triple-licensing is already being
Package: mediawiki
Severity: grave
Tags: security
Justification: user security hole
1.4.11 fixes two security problems:
CAN-2005-3167:
Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not
properly remove certain CSS inputs (HTML inline style attributes) that
are processed as
Package: storebackup
Version: 1.18.4-2
Severity: grave
Tags: security
Justification: user security hole
Although it's not really mentioned in the changelog storebackup 1.19 fixed
several security problems, which are still present in Sarge, they've been
assigned CAN-2005-3150, CAN-2005-3149 and
Arthur Korn wrote:
BTW, I made an error in my initial bug report, it's CAN-2005-314[876].
1.19-1 source and binary packages work on stable, and the
differences to 1.18.4-2 are all local bugfixes, so I figure it
doesn't make any sense to separate bugfixes from bugfixes for a
special security
Package: xloadimage
Severity: grave
Tags: security
Justification: user security hole
A report about several buffer overflows in the xloadimage code for
processing NIFF images has been posted to Bugtraq. Please see
http://msgs.securepoint.com/cgi-bin/get/bugtraq0510/57.html
for details and a demo
The demonstation exploits are stripped off in the Bugtraq archives,
I've attached them.
Cheers,
Moritz
large.niff.bz2
Description: Binary data
small.niff.bz2
Description: Binary data
Martin Schulze wrote:
I'm not sure about
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3148,
which would require some more studying of the code.
It's the chown call.
It seems that the old version executed chown uid gid link which doesn't
work. The new version executes chown
Package: xine-lib
Severity: grave
Tags: security
Justification: user security hole
A format string vulnerability in xine-lib's CDDB response parsing has been
found.
Exploitation is quite unlikely, as it would require a rogue CDDB server, but it
should be fixed nevertheless, as the fix is
Ulf Harnhammar wrote:
No, you don't need to set up a rogue CDDB server, as CDDB servers let anyone
add or modify information about records.
But according to the freedb.org FAQs every submission is reviewed before being
applied to the database. So it seems quite unlikely submissions of crafted
Package: kword
Version: 1:1.3.5-4.3
Severity: grave
Tags: security
Justification: user security hole
An exploitable heap overflow has been found in kword's RTF import function.
Please see http://www.kde.org/info/security/advisory-20051011-1.txt for
more information and a patch against 1.3.5. This
Package: curl
Version: 7.14.1-5
Severity: grave
Tags: security
Justification: user security hole
Another buffer overflow has been found in curl's NTLM authentication
code. (This one is different from CAN-2005-0490 and doesn't seem to
have a CVE assignment yet). Please see
Horms wrote:
The non-suid command loadkeys can be used by any local user having
console access. It does not just apply to the current virtual console
but to all virtual consoles and its effect persists even after logout.
This has been assigned CAN-2005-3257.
Cheers,
Moritz
--
To
Package: libcurl3
Version: 7.13.0-1
Severity: grave
Tags: patch
Justification: user security hole
iDefense discovered a buffer overflow in NTLM authentication that may lead
to arbitrary code execution. This is CAN-2005-0490. Woody is not affected,
as it doesn't contain the vulnerable NTLM code.
Package: lesstif1-1
Severity: grave
Tags: security, patch
Justification: user security hole
Quoting from a recent Gentoo security advisory:
Chris Gilbert discovered potentially exploitable buffer overflow cases
in libXpm that weren't fixed in previous libXpm security advisories.
This has been
Package: mysql-dfsg
Version: unavailable; reported 2005-03-11
Severity: grave
Tags: security
Stefano Di Paola discovered that MySQL is vulnerable to a symlink attack
if an authenticated user has CREATE TEMPORARY TABLE privileges on any
existent database.
There does not seem to be a CVE
Package: mysql-dfsg
Version: 4.0.23-10
Severity: grave
Tags: security
Stefano Di Paola discovered that it's possible to use a library located
in an arbitrary directory, if an authenticated user has INSERT and DELETE
privileges on the 'mysql' administrative database.
There does not seem to be a
Package: openslp
Severity: grave
Tags: security
Justification: user security hole
SuSE Security has found several buffer overflows and out-of-memory access
possibilities during a code audit. Neither the original SuSE nor the Mandrake
advisory contain detailed information, openslp.org lacks usable
Package: wine
Version: 0.0.20050211-1
Severity: grave
Tags: security
Justification: user security hole
[ Note; feel free to downgrade the severity, I chose it under the assumption
that a user runs applications which store sensitive data in the registry
and that Sarge should not include this
Package: limewire
Version: 3.4.5-2
Severity: grave
Tags: security
Justification: user security hole
Secunia reports two vulnerabilities in Limewire that allow attackers remote
access to arbitrary files. For full details see
http://secunia.com/advisories/14555
Note: Limewire has been orphaned for
Package: icecast2
Severity: grave
Tags: security
Justification: user security hole
Several security issues have been reported for Icecast2. Please refer to
the CAN Ids in the changelog when fixing them:
CAN-2005-0838:
Multiple buffer overflows in the XSL parser may cause DoS and possibly
remote
Package: kernel-source-2.6.8
Version: 2.6.8-15
Severity: grave
Tags: security
Kernels before 2.6.11 do not properly restrict access to the N_MOUSE line
disciple for TTYs, which allows local users to inject mouse or keyboard
events into other's users sessions and possibly gain extended privileges.
Package: linux-ftpd-ssl
Severity: grave
Tags: security
Justification: user security hole
A remotely exploitable buffer overflow has been found in linux-ftpd-ssl.
Please see http://seclists.org/lists/fulldisclosure/2005/Nov/0140.html for
a PoC exploit.
A proposed patch is available at
Package: rar
Severity: grave
Tags: security
Justification: user security hole
RAR 3.51 fixes two unspecified security problems:
| fixed two vulnerabilities, which could be exploited with
| specially crafted ACE and UUE/XXE archives;
Due to the non-free nature of rar I'm not sure whether rar 3.30
Package: phpsysinfo
Severity: grave
Tags: security
Justification: user security hole
Two security problems have been found in phpsysinfo. Please see
http://www.hardened-php.net/advisory_212005.81.html for more
information. 2.4.1 fixes these issues.
MITRE has assigned the identifiers
Package: kernel-patch-openswan
Version: 1:2.4.0-3
Severity: grave
Tags: security
Justification: user security hole
The Oulu University Secure Programming Group has discovered several
problems in ISAKMP implementations. openswan is among the affected
products. Please see
Package: gtk+2.0
Severity: grave
Tags: security
Justification: user security hole
An integer overflow in gdk-pixbuf's XPM rendering code can be exploited
to overwrite the heap and exploit arbitrary code through crafted images.
Please see
Loic Minier wrote:
An integer overflow in gdk-pixbuf's XPM rendering code can be exploited
to overwrite the heap and exploit arbitrary code through crafted images.
Please see
www.idefense.com/application/poi/display?id=339type=vulnerabilities
for more details.
Did you identify other
Loic Minier wrote:
The Redhat security advisory also fixes CVE-2005-2975, for which I see
no entry in the Debian changelog, could you please investifate on this
id and report whether gtk1 and gtk2 are affected for Debian?
The vulnerability matrix for Woody and Sarge (the entries are the
Debian Bug Tracking System wrote:
Changes:
gdk-pixbuf (0.22.0-11) unstable; urgency=high
.
* Fix for integer overflows in io-xpm.c which could be exploited to execute
arbitrary code (CVE-2005-2975 and CVE-2005-2976 from
Ryan Murray wrote:
On Wed, Nov 16, 2005 at 11:33:35PM +0100, Moritz Muehlenhoff wrote:
Debian Bug Tracking System wrote:
Changes:
gdk-pixbuf (0.22.0-11) unstable; urgency=high
.
* Fix for integer overflows in io-xpm.c which could be exploited to
execute
arbitrary
Package: egroupware-phpldapadmin
Severity: grave
Tags: security
Justification: user security hole
egroupware-phpldapadmin contains a shared/forked(?) copy of
phpldapadmin. There have been a couple of security problems
in phpldapadmin, namely:
Jan De Luyck wrote:
Package: lincity-ng
Severity: grave
Justification: renders package unusable
Lincity-ng is not installable in Debian Sid:
libsdl-gfx1.2-4 exists, and I guess lincity should be rebuilt against
this library.
libsdl-gfx changed it's soname. An update is in preparation,
Hi,
This has been assigned CVE-2005-3648, please mention it in the changelog
when fixing it.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Sorry, I've been to hasty:
The redirection vulnerability in jumpto.php is CVE-2005-3649 and
the SQL injection vulnerabilities are CVE-2005-3648.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
There have been CVE assignment for these issues:
CVE-2005-3488:
Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a denial
of service (long loop and server hang) via a negative numplayers value that
bypasses a signed check in ServerConnectHandler.cpp.
CVE-2005-3487:
Multiple
Package: phpgroupware-fudforum
Severity: grave
Tags: security
Justification: user security hole
phpgroupware embeds a shared/forked copy of fudforum, which was
vulnerable to:
| The Avatar upload feature in FUD Forum before 2.7.0 does not properly
| verify uploaded files, which allows remote
Package: cscope
Version: 15.5+cvs20050816-1
Severity: grave
Tags: security
Justification: user security hole
Source code with overly long file names in #include statements may trigger a
buffer overflow and permit arbitrary code execution. Please see
Package: helix-player
Severity: grave
Tags: security
Justification: user security hole
There's been an eeye advisory about several serious security problems in
Real Player: http://www.eeye.com/html/research/advisories/AD20051110b.html
According to some other security web sites Helix player might
Noah Meyerhans wrote:
According to http://service.real.com/help/faq/security/051110_player/EN/
helix-player is not vulnerable to the malicious skin problems, but
only to the stack overrun via malicious RealMedia file. This bug is
allegedly fixed in 1.0.6.
I can examine the diff
Package: otrs
Severity: grave
Tags: security
Justification: user security hole
OTRS is vulnerable to several SQL injection and Cross-Site-Scripting
vulnerabilities. Please see here for more information:
http://otrs.org/advisory/OSA-2005-01-en/
http://moritz-naumann.com/adv/0007/otrsmulti/0007.txt
Package: fuse-utils
Version: 2.4.0-1
Severity: grave
Tags: security
Justification: user security hole
Thomas Biege from the SuSE security team discovered that special chars
such as \n, \t and \\ are misinterpreted by fusermount, which
could potentially allow a user from the fuse group (or
Package: jetty
Version: 5.1.5rc1-6
Severity: grave
Tags: security
Justification: user security hole
An input validation error when processing HTTP requests containing specially
crafted characters can be exploited to display the source code of Java
Server pages instead of an expected HTML
Package: libstruts1.2-java
Severity: grave
Tags: security
Justification: user security hole
A Cross-Site-Scriping vulnerability has been found in the request handler
for generating error messages. Please see
http://www.securityfocus.com/archive/1/archive/1/417296/30/0/threaded for
more details.
Package: centericq
Severity: grave
Tags: security
A buffer overflow has been found in the VGETSTRING function of
the ktools library included in centericq, which judging from the
description, sounds remotely exploitable. Please see
http://www.zone-h.org/en/advisories/read/id=8480/ for details.
As
1 - 100 of 2326 matches
Mail list logo