Secunia Security Advisory - SUSE has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to manipulate certain data, conduct cross-site scripting attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
eafa8c07bca9a89ff6f99eb4d76d068396c7d2aafb3663cc08847b81864c4330
Secunia Security Advisory - SUSE has issued an update for perl-libwww-perl. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.
a18fc3c6ba7c0bc626ed434dc2167cba8762ee17eebad7ea7c77a430e9066dc3
Secunia Security Advisory - SUSE has issued an update for ruby. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, cause a DoS (Denial of Service), and to potentially compromise a vulnerable system.
371b1d0816e770a73c46cbc62beb8a5c7ddd110b5884bbc631391725c5e0f293
Secunia Security Advisory - A vulnerability has been reported in Post Revolution, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b895c063db39563007d30014d3a2ec3f0728f854e8027c38b8388ecd63ab48e4
Secunia Security Advisory - A security issue has been reported in Zope, which can be exploited by malicious users to manipulate certain data and cause a DoS (Denial of Service).
8c0f0f9a295800c05bdf3c868baee282968f1f8156cbc420c3f242935911933b
FreeBSD Security Advisory - Very large RRSIG RRsets included in a negative response can trigger an assertion failure that will crash named(8) due to an off-by-one error in a buffer size check.
830b4abf997e208ee19a29014f1bce9fcf3eacab0dd0921152c8321eb8c768ce
Callisto 821+ ADSL modems suffer from predictable resource location and brute force vulnerabilities.
822d5a0c54180ec61e1ca3a6846235d8c78dc0026a6c0c9d4a4dfc30a5a61dcd
Ubuntu Security Notice 1140-1 - Marcus Granado discovered that PAM incorrectly handled configuration files with non-ASCII usernames. A remote attacker could use this flaw to cause a denial of service, or possibly obtain login access with a different users username. This issue only affected Ubuntu 8.04 LTS. It was discovered that the PAM pam_xauth, pam_env and pam_mail modules incorrectly handled dropping privileges when performing operations. A local attacker could use this flaw to read certain arbitrary files, and access other sensitive information. It was discovered that the PAM pam_namespace module incorrectly cleaned the environment during execution of the namespace.init script. A local attacker could use this flaw to possibly gain privileges. It was discovered that the PAM pam_xauth module incorrectly handled certain failures. A local attacker could use this flaw to delete certain unintended files. It was discovered that the PAM pam_xauth module incorrectly verified certain file properties. A local attacker could use this flaw to cause a denial of service.
1475b1ea584745e75607c08eb5e889073214913e719c51acce41d09dc235d52b
Ubuntu Security Notice 1139-1 - It was discovered that Bind incorrectly handled certain bad signatures if multiple trust anchors existed for a single zone. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service. This issue only affected Ubuntu 8.04 LTS and 10.04 LTS. Frank Kloeker and Michael Sinatra discovered that Bind incorrectly handled certain very large RRSIG RRsets included in negative responses. A remote attacker could use this flaw to cause Bind to stop responding, resulting in a denial of service.
82a2c36b85a888540cafda385a6411a7d5d9aa9aa7f327427e24d3e0ecb19e3a
Mandriva Linux Security Advisory 2011-103 - Stack-based buffer overflow in the "LIGHTING EFFECTS > LIGHT" plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the SPHERE DESIGNER plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a it may be uncommon to obtain a GIMP plugin configuration file from an untrusted source that is separate from the distribution of the plugin itself. Stack-based buffer overflow in the GFIG plugin in GIMP 2.6.11 allows user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a long Foreground field in a plugin configuration file.
a9707df186667e960fb7bcccb9b44257753c19aac46b92c0e7a54f39a8f4c029
Debian Linux Security Advisory 2246-1 - Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder.
ba3a5abdd8001f5ec154d30befa0306d62a84e4263dc60f203fbe254133a260f
Debian Linux Security Advisory 2245-1 - Several vulnerabilities were discovered in the Chromium browser.
95d73137a834ded9030bb360069113dddf15ccd4c1c7e7324bd1bff59ee266d2
Mandriva Linux Security Advisory 2011-102 - Directory traversal vulnerability in the disk_create function in disk.c in rdesktop before 1.7.0, when disk redirection is enabled, allows remote RDP servers to read or overwrite arbitrary files via a. in a pathname.
e95e4028e63acc2a106410223cc65ea955c645b12d8dd36b9ac2e57235d52189
Secunia Security Advisory - A vulnerability and a security issue have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to bypass certain security restrictions.
baea630fbcf85c09b4e4403fe1523e283d1461b0890b664e5b7ab50742dabb4b
Secunia Security Advisory - Fedora has issued an update for systemtap. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
93b02196aa223bc626e9fccb91cfdd1af22b8cac4aee55fe5db953404af0ee61
Secunia Security Advisory - Ubuntu has issued an update for dbus-glib. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security features.
28286e0752f1af2575d13dd78502de0dd65dc4223cead54188ebc464a267f715
Debian Linux Security Advisory 2244-1 - It was discovered that BIND, an implementation of the DNS protocol, does not correctly process certain large RRSIG record sets in DNSSEC responses. The resulting assertion failure causes the name server process to crash, making name resolution unavailable.
1d5d9062a169179cd4ddf94fe0a3ecabc58a694c5253fb7da52827e2d41efd17
Debian Linux Security Advisory 2243-1 - It was discovered that Unbound, a caching DNS resolver, ceases to provide answers for zones signed using DNSSEC after it has processed a crafted query.
e9b7b8f531d7f0bf62453a71f0ee84e29f0c50968fee5a72a1b77af5437f7843
Apache Archiva versions 1.3.0 through 1.3.4 suffer from a cross site scripting vulnerability.
5efbf8901967ec7d67fef99169880a4eb9b5f7f796e2016b76d3c042d56f0674
DNS BIND Security Advisory - A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets (RRSets) when trying to negatively cache a response. This can cause the BIND 9 DNS server (named process) to crash. Versions affected include 9.4-ESV-R3 and later, 9.6-ESV-R2 and later, 9.6.3, 9.7.1 and later, 9.8.0 and later.
fa50a97638e2f7e6a97d4f93201d255bcf855b0b42fd27b17eea562af70dec7f
Trustwave WebDefend suffers from a static database password vulnerability. It was discovered in various DLLs and EXEs and affects WebDefend Enterprise Manager Appliance / Console software versions 5.0 and 4.0.
af8e8db72fb21529ddd405451250cf64c1245de881c6b67c33191743d4d5a7f7
Ubuntu Security Notice 1138-2 - USN-1138-1 fixed a vulnerability in DBus-GLib. NetworkManager and ModemManager required rebuilding against the updated DBus-GLib to incorporate the changes. It was discovered that DBus-GLib did not properly verify the access flag of exported GObject properties under certain circumstances. A local attacker could exploit this to bypass intended access restrictions or possibly cause a denial of service.
3a419fab7b32032bd3eaa04ad96c2f47ef0907a28bc4afa4493a9cb97e3c90e9
Ubuntu Security Notice 1138-1 - It was discovered that DBus-GLib did not properly verify the access flag of exported GObject properties under certain circumstances. A local attacker could exploit this to bypass intended access restrictions or possibly cause a denial of service.
c935c17e82d36e21de9f5a0ab05a59ede86e3264481de05296335a94ab380a54
Ubuntu Security Notice 1137-1 - Juraj Somorovsky, Jorg Schwenk, Meiko Jensen and Xiaofeng Lou discovered that Eucalyptus did not properly validate SOAP requests. An unauthenticated remote attacker could exploit this to submit arbitrary commands to the Eucalyptus SOAP interface in the context of an authenticated user.
70f2755b4d3cbc4f775f55a6948dcb13931a0c487ececdf66ab508dac31f4c2a
Secunia Security Advisory - Debian has issued an update for cyrus-imapd-2.2. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data.
c4fedb1fe4adb7ba572d8cf87aa0fe3f2d26fb091d8de0d0370fbdfd68776663