Secunia Security Advisory - Gentoo has issued an update for nginx. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system.
59e846d3380c88a01cfe64fe582726cce4990c5780a60ea6d7aafc4bbde798bbSecunia Security Advisory - Some vulnerabilities have been reported in the cag_tables extension for TYPO3, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting and SQL injection attacks.
707549038023853742896c57372cfd52f1f99bd86c5035ddc841dd3aa316211dSecunia Security Advisory - A vulnerability has been reported in the Event Board extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks.
6265f5dfc852d97a4be649c8c174d6c10e87445e123db7105825bcebae53af5cSecunia Security Advisory - Gentoo has issued an update for logwatch. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
2f41f0943e4235f2f5fe402e1f0a54fb1c514e27fc3d752e680fd0a61eac41bbSecunia Security Advisory - Debian has issued an update for openarena. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
5e6e009f397cd6349b3ad0b80fddc3ffbdb63efb13efd0594f8cff45f7057052Secunia Security Advisory - Lostmon has discovered a vulnerability in GreenBrowser, which can be exploited by malicious people to conduct cross-site scripting attacks.
65080ce0a55f490219f2e4cf6570f79a6e60d20c64fdbe61c8f63afe127a2ac7Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
d7c8e93eed0da37e188176a423597643063f27f59d9db7658060e0522f724854Secunia Security Advisory - A vulnerability has been reported in HP Performance Manager, which can be exploited by malicious people to compromise a vulnerable system.
852343ffa2fb04992578be5850715c078aaa83f0fa1cfc9c9553564a34bfb1b3Secunia Security Advisory - SUSE has issued an update for libzip. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
2a2487efdb1770c914b5303833728eef36e88536580a02b70b415bd7b67ef218Mandriva Linux Security Advisory 2012-041 - A memory leak and a hash table collision flaw in expat could cause denial of service attacks. The updated packages have been patched to correct this issue.
d14554c5903aec074d1a23f535fe5ef1b64473aeed5e24680db002cbdc78d94cMandriva Linux Security Advisory 2012-040 - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. The updated packages have been patched to correct this issue. The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support.
8c82c1513bd666093f762efb98cbc93ba20dbed872d8c6c946cbde14ef5e7aa3Mandriva Linux Security Advisory 2012-039 - The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. The updated packages have been patched to correct this issue.
d68b51c860745669ed80a9760b3d0f8d33e9fbc141c0beef7e8da27438734c22libzip versions 0.10 and below suffers from heap overflow and information leak vulnerabilities.
eca7dc942cdc097aced0ed595877bbe9eef5010c995ad730102ab89f12c39a5eRed Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.
501c1430723c183990aa23d2ad91107cca4dcdaf2c0b1b2c34ceca0d912eefd3Red Hat Security Advisory 2012-0427-01 - libtasn1 is a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1, could cause the application to crash.
e8df410e6f95ead4299aba87bbd6dc1d77274b0ceabe9b81f50fea399018c35bRed Hat Security Advisory 2012-0426-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. A flaw was found in the PKCS#7 and Cryptographic Message Syntax implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times.
c7a9b634b44b6697d3fc707044640a6ee4da2d50ffa6573b6d65ee91eb939e55Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.
1474501c578f805f223062c5d3b5a64942c2f200a99dc5147eb491ba6624c86bUbuntu Security Notice 1197-7 - USN-1197-5 addressed an issue in ca-certificates pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates-java. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.
ac7160e78e5c4f1586b86308adbc3d719b961f678bc8a80c5084074cce1d5a5aDebian Linux Security Advisory 2443-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
d50bf6dbe234272263b4d756659d95d7bab63dffdef93404c1f40535771db5b3Ubuntu Security Notice 1409-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.
44da8fa5faaffba0654941eea0156b631ec7b6b0252ac9c3aadef25ef4617435Ubuntu Security Notice 1408-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
f44af68c03e98ca483c515a0bbab711fa9a2025178c892ca14ec065c994a34eaUbuntu Security Notice 1406-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan B=C3=A4rwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.
daec70c79148be4f16814b730209fb95008de030d988a2c710ae8fd2ecd47c4aUbuntu Security Notice 1411-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
edb7173e9e15dc4a929335fa7af7b721f233a71ba887437bfc12602b8699aeebUbuntu Security Notice 1410-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
f15bf1820fb38e31c5db918dc42e51397cfb0163f7756c6239cbfa4f865f02d6Ubuntu Security Notice 1407-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan B=C3=A4rwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.
855ba7a3106fee31b467fdbdd5e12d64132663a4fd40edb37894503c1311c4b8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed