http://www.linuxsecurity.com – LinuxSecurity.com: Ivan Shmakov discovered that the htmlscrubber component of ikwiki, a wiki compiler, performs insufficient input sanitization on data:image/svg+xml URIs. As these can contain script code this can be used by an attacker to conduct cross-site scripting attacks. [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: Updated java-1.4.2-ibm packages that fix one security issue and a bug are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: It was discovered that Audio File Library contained a heap-based bufferoverflow. If a user or automated system processed a crafted WAV file, anattacker could cause a denial of service via application crash, or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. The default compiler options for Ubuntu should reduce this [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: It was discovered that libpng did not properly initialize memory whendecoding certain 1-bit interlaced images. If a user or automated systemwere tricked into processing crafted PNG images, an attacker could possiblyuse this flaw to read sensitive information stored in memory. This issueonly affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042) [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: This update of OpenOffice_org includes fixes for the following vulnerabilities: - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: CVE-2009-3725 Philipp Reisner reported an issue in the connector subsystem which allows unprivileged users to send netlink packets. This [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in ncpfs: sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insuficient input sanitising in the TrackBack transmission plugin. [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: It was discovered that gnome-screensaver did not correctly lock all screenswhen monitors get hotplugged. An attacker with physical access could usethis flaw to gain access to a locked session. (CVE-2010-0285) [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: Pam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames (CVE-2009-1384). This update provides the version 2.3.5 of pam_krb5, which is not [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. On openSUSE 11.0 and 11.1 Mozilla Firefox was updated to version 3.0.18. On openSUSE 11.2 Mozilla Seamonkey was updated to version 2.0.2. (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: Two vulnerabilities in sudo might allow local users to escalateprivileges and execute arbitrary code with root privileges. (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: A vulnerabilitiy has been found and corrected in apache: mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR (CVE-2010-0408). [More...] (Security)
Email this pagehttp://www.linuxsecurity.com – LinuxSecurity.com: Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users database server. The Common Vulnerabilities and Exposures project identifies the [More...] (Security)
Email this page
