Secunia Security Advisory - A vulnerability has been reported in the Suhosin extension for PHP, which can be exploited by malicious people to compromise a vulnerable system.
9a590ad32676f7aefdfa27fd0aa9c15408cade26172974088450671e6ea24856Secunia Security Advisory - Ubuntu has issued an update for linux. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information and to cause a DoS (Denial of Service).
ed7f0718907441a892d9788fdbd34fc3cf7ab506bdfc7d5923a2e49ea699670cSecunia Security Advisory - IBM has acknowledged some vulnerabilities in IBM DB2 Accessories Suite, which can be exploited by malicious people to compromise a vulnerable system.
37515000f2354363c2bd29a3f4bf4f84f1996e0e948ea875004998e59a2870d2Secunia Security Advisory - A vulnerability with has been reported in vBSEO, which can be exploited by malicious people to compromise a vulnerable system.
28cda41c2128c4d6c50282dc363c870797ed922a5198898fb58c896bf9e54702Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
50a2ebfd9ec0bf4b9374ede5aae8d45c2836f73226e0df17e89b317ecae495d8Secunia Security Advisory - Gentoo has issued an update for tor. This fixes a security issue and a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.
4187251df786db0141e42f692c7eb8f8e9b891807beefdd1050247e295953125Secunia Security Advisory - A vulnerability has been reported in the Kish Guest Posting plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.
789ca5d73a98ab65af7bc5efde7489681ec6e74f895c932f426442ee7055672fSecunia Security Advisory - Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
2aaa40a42e65962d2d45613d74553722b64cd5c259e00ea664037643584006b9Secunia Security Advisory - Ubuntu has issued an update for rsyslog. This fixes a vulnerability, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
45a38e41b39b5f6ce404adface852b40249cc5aaf77f44ec66169fd37fade5bfSecunia Security Advisory - Ubuntu has issued an update for linux-lts-backport-natty. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service).
29ed8ad53846397e4acc4c49423f4c6edcb7db3c87371f7e1afdea074d0828a8Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information and cause a DoS (Denial of Service).
bc081e73efd7ebc60c5e226ac8cba54b33e97c8d6113f852e44d62efc7b259e9Secunia Security Advisory - Red Hat has issued an update for t1lib. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
ba05d35d46693d69bb2260f25b9bf11e91bb4bef5f9c9e166ee0fd9dbc0972bcSecunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
9ede31f906d913f676ea36f35fb64de3ec896330bed7ff365e66297bc426c303Secunia Security Advisory - Stuart Passe has reported a vulnerability in Trend Micro DataArmor and Trend Micro DriveArmor, which can be exploited by malicious, local users with physical access to gain escalated privileges.
e7abe534091b89aa8b0eda117354eda61dec0df29844f35f644429cd9810dd6fUbuntu Security Notice 1263-2 - USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm to fail when using certain algorithms. This update fixes the problem. Various other issues were also addressed.
632d73fc6be378641a2c7b71828c08584abbea1d6a2f3799cf2b70c494ab9b0eRed Hat Security Advisory 2012-0061-01 - The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: It was found that permissions were not checked properly in the Linux kernel when handling the /proc/[pid]/mem writing functionality. A local, unprivileged user could use this flaw to escalate their privileges. Refer to Red Hat Knowledgebase article DOC-69129, linked to in the References, for further information.
e40b8b8aaddc8e2fe581d83de354223aa3949157644b6f2661a2d8f354618f40Red Hat Security Advisory 2012-0062-01 - The t1lib library allows you to rasterize bitmaps from PostScript Type 1 fonts. Two heap-based buffer overflow flaws were found in the way t1lib processed Adobe Font Metrics files. If a specially-crafted font file was opened by an application linked against t1lib, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An invalid pointer dereference flaw was found in t1lib. A specially-crafted font file could, when opened, cause an application linked against t1lib to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
a926a8831f5e655d16df1e35d4dd911ee1b2e36511144fac9a380ee7434eb26aRed Hat Security Advisory 2012-0060-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. A double free flaw was discovered in the policy checking code in OpenSSL. A remote attacker could use this flaw to crash an application that uses OpenSSL by providing an X.509 certificate that has specially-crafted policy extension data.
626386dc502d12fc29e4780f91473a6509e4ce82830fd07413d30317383f9ba0Red Hat Security Advisory 2012-0058-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
d4d1780461ee1cfaa9d79baa47a009d2377c5860a1e2cf3da7318da99a2c5585Red Hat Security Advisory 2012-0059-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. It was discovered that the Datagram Transport Layer Security protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS server as a padding oracle. An information leak flaw was found in the SSL 3.0 protocol implementation in OpenSSL. Incorrect initialization of SSL record padding bytes could cause an SSL client or server to send a limited amount of possibly sensitive data to its SSL peer via the encrypted connection.
637d4b3792e367e77118dadf6e654fba56f63a5136cbc78f5b4bd3c1b6efa812Ubuntu Security Notice 1346-1 - Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected.
0b171085fe24790e993a5cb1a612f7517c2b818e647d6a61a9fbb85732a32b7dDataArmor versions 3.0.10 and above and DriveArmor versions 3.0.0 and above suffer from restricted environment breakout, privilege escalation and full disk encryption vulnerabilities.
b41ef1f168f30852ea4d0d4812fadcaa0d376c38f648c6c50c2dac11f4b25ebeUbuntu Security Notice 1343-1 - Alexandre Poirot, Chris Blizzard, Kyle Huey, Scoobidiver, Christian Holler, David Baron, Gary Kwong, Jim Blandy, Bob Clary, Jesse Ruderman, Marcia Knous, and Rober Longson discovered several memory safety issues which could possibly be exploited to crash Thunderbird or execute arbitrary code as the user that invoked Thunderbird. Aki Helin discovered a crash in the YARR regular expression library that could be triggered by javascript in web content. Various other issues were also addressed.
b320552fd3ebcdce074815e44c55cd3a05de20c7d4838165adb6112d9accbbbfUbuntu Security Notice 1345-1 - Peter Huewe discovered an information leak in the handling of reading security-related TPM data. A local, unprivileged user could read the results of a previous TPM command. Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system. Various other issues were also addressed.
c5e2c5ccabf794f03dfb9229198594f7253ed79ba331f08d1ef2aa77b46bb0ddUbuntu Security Notice 1344-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
b59d95f9f986e002c805f641ed404a6ad915b27e325adde2cf5cd116b992ac73
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed