SSA-2010-069-01 pidgin

Last Updated: March 11, 2010

Synopsis : The remote host is missing the SSA-2010-069-01 security update Description : New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, and -current to fix denial of service issues. More details about the issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0277 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0420 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0423 Solution : Update the packages that are referenced in the security advisory. Risk factor : Medium / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

See the rest here:
SSA-2010-069-01 pidgin

Read more: SSA-2010-069-01 pidgin

[DSA2009] DSA-2009-1 tdiary

Last Updated: March 11, 2010

Synopsis : The remote host is missing the DSA-2009 security update Description : It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insufficient input sanitising in the TrackBack transmission plugin.

Visit link:
[DSA2009] DSA-2009-1 tdiary

Read more: [DSA2009] DSA-2009-1 tdiary

[DSA2010] DSA-2010-1 kvm

Last Updated: March 11, 2010

Synopsis : The remote host is missing the DSA-2010 security update Description : Several local vulnerabilities have been discovered in kvm, a full virtualization system. The Common Vulnerabilities and Exposures project identifies the following problems: Gleb Natapov discovered issues in the KVM subsystem where missing permission checks (CPL/IOPL) permit a user in a guest system to denial of service a guest (system crash) or gain escalated privileges with the guest. CVE-2010-0309 Marcelo Tosatti fixed an issue in the PIT emulation code in the KVM subsystem that allows privileged users in a guest domain to cause a denial of service (crash) of the host system.

Read more:
[DSA2010] DSA-2010-1 kvm

Read more: [DSA2010] DSA-2010-1 kvm

[DSA2011] DSA-2011-1 dpkg

Last Updated: March 11, 2010

Synopsis : The remote host is missing the DSA-2011 security update Description : William Grant discovered that the dpkg-source component of dpkg, the low-level infrastructure for handling the installation and removal of Debian software packages, is vulnerable to path traversal attacks. A specially crafted Debian source package can lead to file modification outside of the destination directory when extracting the package content. For the stable distribution (lenny), this problem has been fixed in version 1.14.29.

Continue reading here:
[DSA2011] DSA-2011-1 dpkg

Read more: [DSA2011] DSA-2011-1 dpkg

MDVA-2010:098: urpmi

Last Updated: March 11, 2010

Synopsis : The remote host is missing the patch for the advisory MDVA-2010:098 (urpmi). Description : Fix packages signature management when a package is in 2 sub-repositories same version but different signature. This problem occured when local media were used

Go here to read the rest:
MDVA-2010:098: urpmi

Read more: MDVA-2010:098: urpmi

MDVSA-2010:058: php

Last Updated: March 11, 2010

Synopsis : The remote host is missing the patch for the advisory MDVSA-2010:058 (php). Description : Multiple vulnerabilities has been found and corrected in php: * Improved LCG entropy. (Rasmus, Samy Kamkar) * Fixed safe_mode validation inside tempnam() when the directory path does not end with a /)

See the article here:
MDVSA-2010:058: php

Read more: MDVSA-2010:058: php

MDVSA-2010:059: virtualbox

Last Updated: March 11, 2010

Synopsis : The remote host is missing the patch for the advisory MDVSA-2010:059 (virtualbox).

See more here:
MDVSA-2010:059: virtualbox

Read more: MDVSA-2010:059: virtualbox

MDVSA-2010:060: squid

Last Updated: March 11, 2010

Synopsis : The remote host is missing the patch for the advisory MDVSA-2010:060 (squid). Description : A vulnerability has been found and corrected in squid: The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0 through 3.0.STABLE23 allows remote attackers to cause a denial of service (crash) via crafted packets to the HTCP port, which triggers a NULL pointer dereference (CVE-2010-0639). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.

Go here to read the rest:
MDVSA-2010:060: squid

Read more: MDVSA-2010:060: squid

Solaris 9 (sparc) : 117143-02

Last Updated: March 11, 2010

Synopsis : The remote host is missing Sun Security Patch number 117143-02 Description : SunOS 5.9: xntpd Patch. Date this patch was last updated by Sun : Mar/09/10 See also : http://sunsolve.sun.com/search/document.do?assetkey=1-21-117143-02-1 Solution : You should install this patch for your system to be up-to-date

See original here:
Solaris 9 (sparc) : 117143-02

Read more: Solaris 9 (sparc) : 117143-02

Solaris 9 (x86) : 117144-02

Last Updated: March 11, 2010

Synopsis : The remote host is missing Sun Security Patch number 117144-02 Description : SunOS 5.9_x86: xntpd Patch. Date this patch was last updated by Sun : Mar/09/10 See also : http://sunsolve.sun.com/search/document.do?assetkey=1-21-117144-02-1 Solution : You should install this patch for your system to be up-to-date

See the original post:
Solaris 9 (x86) : 117144-02

Read more: Solaris 9 (x86) : 117144-02

CodeRed Center

Visit EC-Council's CodeRed Center

iClass

Attend online, live security training anywhere, anytime.

Hacker Halted 2009

Attend Hacker Halted 2009 USA Conference in Miami, Florida.