Recent Posts
- SpamAssassin Milter Plugin ‘mlfi_envrcpt()’ Remote Arbitrary Command Injection
- MS10-016: Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)
- MS10-017: Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)
- Symantec IM Manager Detection
- Symantec IM Manager KeyView OLE Parsing Integer Overflow (SYM10-006)
Categories
- Apple Security Updates
- CVE Vulnerabilities
- Debian Advisories
- Fedora Advisories
- Foresight Advisories
- FreeBSD Advisories
- Gentoo Advisories
- Linux Vulnerabilities
- Mandriva Advisories
- Microsoft Security Response Center
- Microsoft Vulnerabilities
- Nessus Plugin Updates
- Product Updates
- Red Hat Advisories
- Slackware Advisories
- Suse Advisories
- Ubuntu Advisories
SSA-2010-067-01 httpd
Synopsis : The remote host is missing the SSA-2010-067-01 security update Description : New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix security issues. mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations
Original post:
SSA-2010-067-01 httpd
[DSA2008] DSA-2008-1 typo3-src
Synopsis : The remote host is missing the DSA-2008 security update Description : Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: Cross-site scripting vulnerabilities have been discovered in both the frontend and the backend. Also, user data could be leaked. More details can be found in the Typo3 security advisory
Originally posted here:
[DSA2008] DSA-2008-1 typo3-src
FreeBSD : drupal — multiple vulnerabilities (5230)
Synopsis : The remote host is missing a security update Description : The following package needs to be updated: drupal5 See also : http://drupal.org/node/731710 http://www.FreeBSD.org/ports/portaudit/b3531fe1-2b03-11df-b6db-00248c9b4be7.html Solution : Update the package on the remote host Risk factor : High
Read the rest here:
FreeBSD : drupal — multiple vulnerabilities (5230)
Read more: FreeBSD : drupal — multiple vulnerabilities (5230)
SuSE 11.0 Security Update: kernel (2010-03-01)
Synopsis : The remote SuSE system is missing a security patch for kernel Description : The openSUSE 11.0 kernel was updated to fix following security issues: CVE-2009-4020: Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c. CVE-2010-0307: The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of service (system crash) via a 32-bit application that attempts to execute a 64-bit application and then triggers a segmentation fault, as demonstrated by amd64_killer, related to the flush_old_exec function. CVE-2010-0622: The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly have unspecified other impact via vectors involving modification of the futex value from user space
See original here:
SuSE 11.0 Security Update: kernel (2010-03-01)
SuSE 11.0 Security Update: sudo (2010-03-01)
Synopsis : The remote SuSE system is missing a security patch for sudo Description : This update fixes two security issues: – CVE-2010-0427:CVSS v2 Base Score: 6.6 Sudo failed to properly reset group permissions, when ‘runas_default’ option was used. If a local, unprivileged user was authorized by sudoers file to perform their sudo commands under default user account, it could lead to privilege escalation CVE-2010-0426:CVSS v2 Base Score: 6.6 A privilege escalation flaw was found in the way sudo used to check file paths for pseudocommands
See the article here:
SuSE 11.0 Security Update: sudo (2010-03-01)
SSA-2010-065-01 mozilla-firefox (Slackware 12.2)
Synopsis : The remote host is missing the SSA-2010-065-01 security update Description : A new mozilla-firefox package is available for Slackware 12.2 to fix security issues.
Read more from the original source:
SSA-2010-065-01 mozilla-firefox (Slackware 12.2)
MDVSA-2010:055: poppler
Synopsis : The remote host is missing the patch for the advisory MDVSA-2010:055 (poppler). Description : An out-of-bounds reading flaw in the JBIG2 decoder allows remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0799).
See the article here:
MDVSA-2010:055: poppler
MDVSA-2010:056: openoffice.org
Synopsis : The remote host is missing the patch for the advisory MDVSA-2010:056 (openoffice.org). Description : This update provides the OpenOffice.org 3.0 major version and holds the security fixes for the following issues: An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document leading to a heap-based buffer overflow (CVE-2009-0200). An heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document related to table parsing.
Original post:
MDVSA-2010:056: openoffice.org
CentOS : RHSA-2010-0124
Synopsis : The remote host is missing a security update. Description : The remote CentOS system is missing a security update which has been documented in Red Hat advisory RHSA-2010-0124. See also : https://rhn.redhat.com/errata/RHSA-2010-0124.html Solution : Upgrade to the newest packages by doing : yum update Risk factor : Critical / CVSS Base Score : 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Read the rest here:
CentOS : RHSA-2010-0124
CentOS : RHSA-2010-0126
Synopsis : The remote host is missing a security update. Description : The remote CentOS system is missing a security update which has been documented in Red Hat advisory RHSA-2010-0126. See also : https://rhn.redhat.com/errata/RHSA-2010-0126.html Solution : Upgrade to the newest packages by doing : yum update Risk factor : High / CVSS Base Score : 7.1 (CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C)
Follow this link:
CentOS : RHSA-2010-0126