Secunia Security Advisory - SirGod has discovered a vulnerability in PaoLink, PaoBacheca, and PaoLiber, which can be exploited by malicious people to bypass certain security restrictions.
fc2259512e58d97bce73ea29882cf8ab3bd618bfe18e24994858005dd5893be8
Secunia Security Advisory - NetBSD has issued an update for ISC DHCP. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
4eaf35d637bf6bee76cd7cad4fa2fe2eac787cda0622fb27e2f2a230e9721062
Secunia Security Advisory - Fedora has issued an update for kdelibs. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
7cfd9a5f77312964c6a990696d09f12a060528fcbaed4bf54fa4889e367668b4
Secunia Security Advisory - Debian has issued an update for squid3. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
e94d53cf8e4e781f178ae69292efc7b7b6d78a40dfbc080ce5499427996002ff
Secunia Security Advisory - Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious people to potentially compromise a user's system.
39723d722b55ffc9de9cf6a6611530aaf3326d033b4785915d4fba0ba38b3cc3
Secunia Security Advisory - Slackware has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system.
836524267863753b70d23497ffdbd01491b1d9d16fd2462aa0c6ac9da862c425
Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system.
c09519165b35189beacbcdebbf4fe4e7589b8c75ec6c54030bb8f21068fae4bd
Secunia Security Advisory - Fedora has issued an update for bugzilla. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
35cf2b9a9a1a3c2dd4c09d421ccfcd430e532bfd967bed65a2afb5291c37d5dd
Secunia Security Advisory - A vulnerability has been discovered in Ajax IM, which can be exploited by malicious users to conduct script insertion attacks.
df734e5b0016b035309bb331db83d088c33bfae18d0bd67ba9fa0fdb13333714
Secunia Security Advisory - Debian has issued an update for kvm. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
015ae269507e112e541eb7220531c0dc9e22c7fb3c4b6cc13e62baea25975230
Mandriva Linux Security Advisory 2009-177 - The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 allows context-dependent attackers to cause a denial of service (application crash) via a string argument that represents a large number, as demonstrated by an attempted conversion to the Float data type. This update corrects the problem.
0fd98c4ebc36f2cd2987b88dc0bb1f02ad698ffd6f931d8903d8e2f37cd345ee
Mandriva Linux Security Advisory 2009-176 - git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a request containing extra unrecognized arguments. This update provides fixes for this vulnerability.
8e6d8e09960d48b01040ac3367fd7b20b5a9b2dfe8356f578a79e6c45a70a746
Mandriva Linux Security Advisory 2009-175 - Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue.
4e780c1e782e5ecde92c1ce83219f27bf2da9d87929572324bedf3d1cad1b37e
Mandriva Linux Security Advisory 2009-174 - Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. This update provides fixes for this vulnerability.
8a5c2997c6caac6c46e1dac877a304bdafdc0dd8e5243223b58c435f4e7ca6c5
Mandriva Linux Security Advisory 2009-173 - Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin (formerly Gaim) before 2.5.6 allows remote authenticated users to execute arbitrary code via vectors involving an outbound XMPP file transfer. Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) before 2.5.6 allows remote attackers to cause a denial of service (application crash) via a QQ packet. The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol. Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows.
2b59c2d42635d453fe9cfa37545cf630aad2deaed3ed8ca7ed76ad685147da46
Debian Security Advisory 1847-1 - It was discovered that the BIND DNS server terminates when processing a specially crafted dynamic DNS update. This vulnerability affects all BIND servers which serve at least one DNS zone authoritatively, as a master, even if dynamic updates are not enabled. The default Debian configuration for resolvers includes several authoritative zones, too, so resolvers are also affected by this issue unless these zones have been removed.
d960652c458b82724cffc42f08caf5a2da1661b518fb338a1238b9264835e4e6
Ubuntu Security Notice USN-808-1 - Micha Krause discovered that Bind did not correctly validate certain dynamic DNS update packets. An unauthenticated remote attacker could send specially crafted traffic to crash the DNS server, leading to a denial of service.
321adf8642de15d5ade0593a9fc17f483a670db20ed3b6b6722571deb78f5934
Debian Security Advisory 1846-1 - Matt T. Yourst discovered an issue in the kvm subsystem. Local users with permission to manipulate /dev/kvm can cause a denial of service (hang) by providing an invalid cr3 value to the KVM_SET_SREGS call.
b94adbef572be3d44e0873584f7f7586c9c04d22eb8bc147d2906e2ff0190454
Debian Security Advisory 1845-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, or privilege escalation.
ddce2a1f54158deb8c3002cf6fd5f7f63349871281f4dfeaa4907542189e2839
Debian Security Advisory 1844-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
3e4337776a6b1affbc02de5ed8349b5fee27fdcee9cda24ab22b8932ebc72584
FreeBSD Security Advisory - When named(8) receives a specially crafted dynamic update message an internal assertion check is triggered which causes named(8) to exit. To trigger the problem, the dynamic update message must contains a record of type "ANY" and at least one resource record set (RRset) for this fully qualified domain name (FQDN) must exist on the server.
63f6e9c33b817f0e2995a59692b493e8ec93d0332cc4781442f1c4b5e3d35798
Ubuntu Security Notice USN-807-1 - Michael Tokarev discovered that the RTL8169 network driver did not correctly validate buffer sizes. A remote attacker on the local network could send specially traffic traffic that would crash the system or potentially grant elevated privileges. Julien Tinnes and Tavis Ormandy discovered that when executing setuid processes the kernel did not clear certain personality flags. A local attacker could exploit this to map the NULL memory page, causing other vulnerabilities to become exploitable. Ubuntu 6.06 was not affected. Matt T. Yourst discovered that KVM did not correctly validate the page table root. A local attacker could exploit this to crash the system, leading to a denial of service. Ubuntu 6.06 was not affected. Ramon de Carvalho Valle discovered that eCryptfs did not correctly validate certain buffer sizes. A local attacker could create specially crafted eCryptfs files to crash the system or gain elevated privileges. Ubuntu 6.06 was not affected.
76e56d56aac365a9fbbf33f82d67fb4d45dbf243bfe856e1d294cc57021817a8
Secunia Security Advisory - A vulnerability has been discovered in the UIajaxIM component for Joomla, which can be exploited by malicious users to conduct script insertion attacks.
d5ce9ebc360eefe888e4221ca46afea031caacc3de6689e287131ff280ac9ef7
Secunia Security Advisory - A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service).
351fdfe6331db0306b4d160e5fdddbfc029d764b04d92ee6a6b4244c98445dc7
Secunia Security Advisory - tixxDZ has reported a vulnerability in MPlayer, which can be exploited by malicious people to potentially compromise a user's system.
79c5903edd8c62db16325465ff24170307457e643353197873c1421bed582a7b