Mandriva Linux Security Advisory 2011-178 - Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library, including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object in a subdirectory of the current working directory during execution of a setgid program that has in RUNPATH. Various other issues have also been addressed. The updated packages have been patched to correct these issues.
ade7f27c2b90a4568194c6f6e9c260f93617d30578dfd177141648cd58e91d11Ubuntu Security Notice 1280-1 - It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service.
1087da56241ea4fe0d64ef0b3568b3dd1b39a2ceafc2bfa2a57b8d6eda903151Red Hat Security Advisory 2011-1478-01 - The IBM 1.5.0 Java release includes the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. This update fixes several vulnerabilities in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. All users of java-1.5.0-ibm are advised to upgrade to these updated packages, containing the IBM 1.5.0 SR13 Java release. All running instances of IBM Java must be restarted for this update to take effect.
7cbb5153f3abe274888815acc7fa18117fcca8ce03c1474aa2d2b823dd99ca87Ubuntu Security Notice 1279-1 - Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
a57a6a4677aad213b5b06f27421d5abb8eefa70db03930de1545039b4bd62c37Ubuntu Security Notice 1278-1 - It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. Andrea Righi discovered a race condition in the KSM memory merging support. If KSM was being used, a local attacker could exploit this to crash the system, leading to a denial of service. Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Various other issues were also addressed.
8fc659e1e77c5000547f9f535c1921bdcb9f9740bffb44f47b411d8891107fd1Ubuntu Security Notice 1269-1 - Vasily Averin discovered that the NFS Lock Manager (NLM) incorrectly handled unlock requests. A local attacker could exploit this to cause a denial of service. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service. It was discovered that the wireless stack incorrectly verified SSID lengths. A local attacker could exploit this to cause a denial of service or gain root privileges. Various other issues were also addressed.
748fe00a71d2900d82893524fc7936b6d46ed4c251a839f7421b33b7b5d70cb7HP Security Bulletin HPSBUX02725 SSRT100627 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to disclose information, allow authentication bypass, allow cross-site scripting (XSS), gain unauthorized access, or create a Denial of Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.
da0edbfa949de2b7034ad0a1fe927c5c9205a87431abdda03737962e90086071HP Security Bulletin HPSBUX02724 SSRT100650 2 - A potential security vulnerability has been identified with HP-UX running SAM. This vulnerability could be locally exploited to create an increase in privilege. Revision 2 of this advisory.
150c53828ac40def657ef231f9f25d5ce03f432d4f8dfeb50cd875906b300e5cUbuntu Security Notice 1277-2 - USN-1277-1 fixed vulnerabilities in Firefox. This update provides updated Mozvoikko and ubufox packages for use with Firefox 8. Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. Various other issues were addressed as well.
28bd532ded831a89497654f782221fbde98b55af2975d73060350ebece644e3dUbuntu Security Notice 1277-1 - Yosuke Hasegawa discovered that the Mozilla browser engine mishandled invalid sequences in the Shift-JIS encoding. It may be possible to trigger this crash without the use of debugging APIs, which might allow malicious websites to exploit this vulnerability. An attacker could possibly use this flaw this to steal data or inject malicious scripts into web content. Marc Schoenefeld discovered that using Firebug to profile a JavaScript file with many functions would cause Firefox to crash. An attacker might be able to exploit this without using the debugging APIs, which could potentially remotely crash the browser, resulting in a denial of service. Various other issues were also addressed.
50cacdc3fc2d46a4452a7d176ace181644b756e1e80e2655e104e50a14231030FFmpeg Libavcodec suffers from a memory corruption vulnerability.
f37566256d4b0e7fd3d14165701b8670023e06e8c87f2e0856f1c19a5698ce98FFmpeg Libavcodec suffers from an out of bound write vulnerability.
f37566256d4b0e7fd3d14165701b8670023e06e8c87f2e0856f1c19a5698ce98FFmpeg Libavcodec suffers from a buffer overflow vulnerability.
102804c770cf657624fe4cc7f5a21b98997c1b57ba08729a69f6d7f216073221Secunia Security Advisory - Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system.
e92b6d7a0ff8e587704a23aa2ad5325239c180845927aeba95d37a0e5faa273dSecunia Security Advisory - SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
35c62d7def8ea48fbabb9e0da3f7074d915317db983b1d404d5bfd3a16225c92Secunia Security Advisory - Ubuntu has issued an update for linux-fsl-imx51. This fixes two weaknesses and a vulnerability, which can be exploited by malicious, local users to conduct session hijacking attacks and by malicious people to cause a DoS (Denial of Service).
f3439589e24c12938848eaefe85149de24a706486bdd7ea3cf960d3490231052Secunia Security Advisory - HP has issued an update for Tomcat Servlet Engine in HP-UX. This fixes some weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).
5aeee214506904de7f2c6d70290bfbc61c04b765694d6d409d8cd55614f1a659Secunia Security Advisory - Ubuntu has issued an update for kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct session hijacking attacks, cause a DoS (Denial of Service), and gain escalated privileges.
5ccc03804e2bb5e8850f9d21be8b8301ea069a49a0a218916346b77330ce7dd4Secunia Security Advisory - Two vulnerabilities have been reported in Nikki, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.
780616a705d213d54643a9c62afb2477a2db8d51d86af0aca81d559374eab593Secunia Security Advisory - Ubuntu has issued an update for kernel. This fixes multiple weaknesses and two vulnerabilities, which can be exploited by malicious, local users to conduct session hijacking attacks, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people to cause a DoS (Denial of Service).
abe08e7ea1c1b0c88aeebc5e5e8608ebbc313a728f5bd6fbc28352346777cfccSecunia Security Advisory - Ubuntu has issued an update for pidgin. This fixes multiple weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service).
13cfc3e33e98b1151d971bc3290dc02ed30b4c141ae2e464830f6decc512cab7Secunia Security Advisory - Ubuntu has issued an update for software-center. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
7fdabbfd9d50ddf12c54d5031e1b000d37242c1ec0ab9a6a80a070d333ba0de3Secunia Security Advisory - Debian has issued an update for wireshark. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
db5390da7b40940287716b932a4dead3c48ec27f242a2adcff378a9ff1b43e27Secunia Security Advisory - Ubuntu has issued an update for kdeutils. This fixes a weakness, which can be exploited by malicious people to manipulate certain data.
792e3fc763ea7c78d3852d357dafd2eb1e37442f68ee3086d8795fdc7f57baadSecunia Security Advisory - Ubuntu has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and potentially compromise a user's system.
f8bba14c5ebf4500625c5295175b293bb315c5679bc4c62b0b88c321c0a748b3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed