Advisoiries

August 21, 2008

12:30
MDVSA-2008-177.txt
Mandriva Linux Security Advisory - Guido Landi found a stack-based buffer overflow in xine-lib that could allow a remote attacker to cause a denial of service (crash) and potentially execute arbitrary code via a long NSF title. The updated packages have been patched to correct this issue.
Source: Packet Storm Advisories
Categories: Advisoiries, Alerts
12:30
MDVSA-2008-176.txt
Mandriva Linux Security Advisory - A stack-based buffer overflow was found in mtr prior to version 0.73 that allowed remote attackers to execute arbitrary code via a crafted DNS PTR record, when called with the --split option. The updated packages provide mtr 0.73 which corrects this issue.
Source: Packet Storm Advisories
Categories: Advisoiries, Alerts
12:30
MDVSA-2008-175.txt
Mandriva Linux Security Advisory - A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs. The updated packages have been patched to correct this issue.
Source: Packet Storm Advisories
Categories: Advisoiries, Alerts
12:30
CORE-2008-0813.txt
Core Security Technologies Advisory - vBulletin versions 3.7.2 Patch Level 1 and 3.6.10 Patch Level 3 suffer from a cross site scripting vulnerability.
Source: Packet Storm Advisories
Categories: Advisoiries, Alerts

August 20, 2008

15:30
Mandriva: Subject: [Security Announce] [ MDVSA-2008:174 ] kernel
Source: Linux Security advisories
Categories: Advisoiries, Alerts
15:30
Ubuntu: xine-lib vulnerabilities
Source: Linux Security advisories
Categories: Advisoiries, Alerts
15:30
Ubuntu: Postfix vulnerability
Source: Linux Security advisories
Categories: Advisoiries, Alerts
15:30
Mandriva: Subject: [Security Announce] [ MDVSA-2008:173 ] kdegraphics
Source: Linux Security advisories
Categories: Advisoiries, Alerts
10:02
Turbolinux Security Announcement - postfix Rocal privilege escalation (20/Aug/2008)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================ Turbolinux Security Announcement 20/Aug/2008 ========================================...
Source: Help Net Security advisories
Categories: Advisoiries, Alerts
10:01
Mandriva Linux Security Update Advisory - kernel (MDVSA-2008:174)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:174 ...
Source: Help Net Security advisories
Categories: Advisoiries, Alerts
10:01
Ubuntu Security Notice - xine-lib vulnerabilities (USN-635-1)
=========================================================== Ubuntu Security Notice USN-635-1 August 06, 2008 xine-lib vulnerabilities CVE-2008-0073, CVE-2008-0225, CVE-2008-0238, CVE-20...
Source: Help Net Security advisories
Categories: Advisoiries, Alerts
10:00
Ubuntu Security Notice - postfix vulnerability (USN-636-1)
=========================================================== Ubuntu Security Notice USN-636-1 August 19, 2008 postfix vulnerability CVE-2008-2936 =======================================...
Source: Help Net Security advisories
Categories: Advisoiries, Alerts
10:00
Mandriva Linux Security Update Advisory - kdegraphics (MDVSA-2008:173)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:173 ...
Source: Help Net Security advisories
Categories: Advisoiries, Alerts
09:30
USN-636-1.txt
Ubuntu Security Notice 636-1 - Sebastian Krahmer discovered that Postfix was not correctly handling mailbox ownership when dealing with Linux's implementation of hardlinking to symlinks. In certain mail spool configurations, a local attacker could exploit this to append data to arbitrary files as the root user. The default Ubuntu configuration was not vulnerable.
Source: Packet Storm Advisories
Categories: Advisoiries, Alerts
09:30
MDVSA-2008-174.txt
Mandriva Linux Security Advisory - Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel.
Source: Packet Storm Advisories
Categories: Advisoiries, Alerts
09:30
MDVSA-2008-173.txt
Mandriva Linux Security Advisory - Kees Cook of Ubuntu security found a flaw in how poppler prior to version 0.6 displayed malformed fonts embedded in PDF files. An attacker could create a malicious PDF file that would cause applications using poppler to crash, or possibly execute arbitrary code when opened. This vulnerability also affected older versions of kpdf, so the updated packages have been patched to correct this issue.
Source: Packet Storm Advisories
Categories: Advisoiries, Alerts
08:30
SSRT080117-2.txt
HP Security Bulletin - Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
Source: Packet Storm Advisories
Categories: Advisoiries, Alerts
08:30
dsa-1629-2.txt
Debian Security Advisory 1629-2 - Due to a version numbering problem, the Postfix update for DSA 1629 was not installable on the i386 (Intel ia32) architecture. This update increases the version number to make it installable on i386 as well.
Source: Packet Storm Advisories
Categories: Advisoiries, Alerts

August 19, 2008

15:30
Debian: New postfix packages fix installability problem on i386
Source: Linux Security advisories
Categories: Advisoiries, Alerts
15:30
Debian: New postfix packages fix privilege escalation
Source: Linux Security advisories
Categories: Advisoiries, Alerts