4
Ubuntu: 913-1: libpng vulnerabilitiesview story

http://www.linuxsecurity.com – LinuxSecurity.com: It was discovered that libpng did not properly initialize memory whendecoding certain 1-bit interlaced images. If a user or automated systemwere tricked into processing crafted PNG images, an attacker could possiblyuse this flaw to read sensitive information stored in memory. This issueonly affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042) [More...] (Security)

5
SuSE: 2010-017: OpenOffice.orgview story

http://www.linuxsecurity.com – LinuxSecurity.com: This update of OpenOffice_org includes fixes for the following vulnerabilities: - CVE-2009-0217: XML signature weakness - CVE-2009-2949: XPM Import Integer Overflow - CVE-2009-2950: GIF Import Heap Overflow [More...] (Security)

4
SuSE: Weekly Summary 2010:006view story

http://www.linuxsecurity.com – LinuxSecurity.com: To avoid flooding mailing lists with SUSE Security Announcements for minor issues, SUSE Security releases weekly summary reports for the low profile vulnerability fixes. The SUSE Security Summary Reports do not list or download URLs like the SUSE Security Announcements that are released for more severe vulnerabilities. (Security)

4
Mandriva: 2010:061: ncpfsview story

http://www.linuxsecurity.com – LinuxSecurity.com: Multiple vulnerabilities has been found and corrected in ncpfs: sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary [More...] (Security)

5
Debian: 2012-1: linux-2.6: privilege escalation/denialview story

http://www.linuxsecurity.com – LinuxSecurity.com: CVE-2009-3725 Philipp Reisner reported an issue in the connector subsystem which allows unprivileged users to send netlink packets. This [More...] (Security)

3
Debian: 2009-1: tdiary: insufficient input sanitisiview story

http://www.linuxsecurity.com – LinuxSecurity.com: It was discovered that tdiary, a communication-friendly weblog system, is prone to a cross-site scripting vulnerability due to insuficient input sanitising in the TrackBack transmission plugin. [More...] (Security)

4
Ubuntu: 907-1: gnome-screensaver vulnerabilitiesview story

http://www.linuxsecurity.com – LinuxSecurity.com: It was discovered that gnome-screensaver did not correctly lock all screenswhen monitors get hotplugged. An attacker with physical access could usethis flaw to gain access to a locked session. (CVE-2010-0285) [More...] (Security)

5
Mandriva: 2010:054: pam_krb5view story

http://www.linuxsecurity.com – LinuxSecurity.com: Pam_krb5 2.2.14 through 2.3.4 generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames (CVE-2009-1384). This update provides the version 2.3.5 of pam_krb5, which is not [More...] (Security)

5
SuSE: 2010-015: Mozilla Firefoxview story

http://www.linuxsecurity.com – LinuxSecurity.com: Mozilla Firefox was upgraded to version 3.5.8, fixing various bugs and security issues. On openSUSE 11.0 and 11.1 Mozilla Firefox was updated to version 3.0.18. On openSUSE 11.2 Mozilla Seamonkey was updated to version 2.0.2. (Security)

3
Gentoo: 201003-01: sudo: Privilege escalationview story

http://www.linuxsecurity.com – LinuxSecurity.com: Two vulnerabilities in sudo might allow local users to escalateprivileges and execute arbitrary code with root privileges. (Security)

6
Mandriva: 2010:053: apacheview story

http://www.linuxsecurity.com – LinuxSecurity.com: A vulnerabilitiy has been found and corrected in apache: mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent after request headers indicate a request body is incoming; this is not a case of HTTP_INTERNAL_SERVER_ERROR (CVE-2010-0408). [More...] (Security)

5
Debian: 2006-1: sudo: Multiple vulnerabilitiesview story

http://www.linuxsecurity.com – LinuxSecurity.com: Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users database server. The Common Vulnerabilities and Exposures project identifies the [More...] (Security)