Secunia Security Advisory - Gentoo has issued an update for nginx. This fixes a weakness, a security issue, and multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), manipulate certain data, and potentially compromise a vulnerable system.
59e846d3380c88a01cfe64fe582726cce4990c5780a60ea6d7aafc4bbde798bb
Secunia Security Advisory - Some vulnerabilities have been reported in the cag_tables extension for TYPO3, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting and SQL injection attacks.
707549038023853742896c57372cfd52f1f99bd86c5035ddc841dd3aa316211d
Secunia Security Advisory - A vulnerability has been reported in the Event Board extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks.
6265f5dfc852d97a4be649c8c174d6c10e87445e123db7105825bcebae53af5c
Secunia Security Advisory - Gentoo has issued an update for logwatch. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
2f41f0943e4235f2f5fe402e1f0a54fb1c514e27fc3d752e680fd0a61eac41bb
Secunia Security Advisory - Debian has issued an update for openarena. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).
5e6e009f397cd6349b3ad0b80fddc3ffbdb63efb13efd0594f8cff45f7057052
Secunia Security Advisory - Lostmon has discovered a vulnerability in GreenBrowser, which can be exploited by malicious people to conduct cross-site scripting attacks.
65080ce0a55f490219f2e4cf6570f79a6e60d20c64fdbe61c8f63afe127a2ac7
Secunia Security Advisory - HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
d7c8e93eed0da37e188176a423597643063f27f59d9db7658060e0522f724854
Secunia Security Advisory - A vulnerability has been reported in HP Performance Manager, which can be exploited by malicious people to compromise a vulnerable system.
852343ffa2fb04992578be5850715c078aaa83f0fa1cfc9c9553564a34bfb1b3
Secunia Security Advisory - SUSE has issued an update for libzip. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
2a2487efdb1770c914b5303833728eef36e88536580a02b70b415bd7b67ef218
Mandriva Linux Security Advisory 2012-041 - A memory leak and a hash table collision flaw in expat could cause denial of service attacks. The updated packages have been patched to correct this issue.
d14554c5903aec074d1a23f535fe5ef1b64473aeed5e24680db002cbdc78d94c
Mandriva Linux Security Advisory 2012-040 - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. The updated packages have been patched to correct this issue. The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support.
8c82c1513bd666093f762efb98cbc93ba20dbed872d8c6c946cbde14ef5e7aa3
Mandriva Linux Security Advisory 2012-039 - The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. The updated packages have been patched to correct this issue.
d68b51c860745669ed80a9760b3d0f8d33e9fbc141c0beef7e8da27438734c22
libzip versions 0.10 and below suffers from heap overflow and information leak vulnerabilities.
eca7dc942cdc097aced0ed595877bbe9eef5010c995ad730102ab89f12c39a5e
Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.
501c1430723c183990aa23d2ad91107cca4dcdaf2c0b1b2c34ceca0d912eefd3
Red Hat Security Advisory 2012-0427-01 - libtasn1 is a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1, could cause the application to crash.
e8df410e6f95ead4299aba87bbd6dc1d77274b0ceabe9b81f50fea399018c35b
Red Hat Security Advisory 2012-0426-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. A flaw was found in the PKCS#7 and Cryptographic Message Syntax implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times.
c7a9b634b44b6697d3fc707044640a6ee4da2d50ffa6573b6d65ee91eb939e55
Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.
1474501c578f805f223062c5d3b5a64942c2f200a99dc5147eb491ba6624c86b
Ubuntu Security Notice 1197-7 - USN-1197-5 addressed an issue in ca-certificates pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates-java. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.
ac7160e78e5c4f1586b86308adbc3d719b961f678bc8a80c5084074cce1d5a5a
Debian Linux Security Advisory 2443-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
d50bf6dbe234272263b4d756659d95d7bab63dffdef93404c1f40535771db5b3
Ubuntu Security Notice 1409-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.
44da8fa5faaffba0654941eea0156b631ec7b6b0252ac9c3aadef25ef4617435
Ubuntu Security Notice 1408-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
f44af68c03e98ca483c515a0bbab711fa9a2025178c892ca14ec065c994a34ea
Ubuntu Security Notice 1406-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan B=C3=A4rwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.
daec70c79148be4f16814b730209fb95008de030d988a2c710ae8fd2ecd47c4a
Ubuntu Security Notice 1411-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
edb7173e9e15dc4a929335fa7af7b721f233a71ba887437bfc12602b8699aeeb
Ubuntu Security Notice 1410-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
f15bf1820fb38e31c5db918dc42e51397cfb0163f7756c6239cbfa4f865f02d6
Ubuntu Security Notice 1407-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan B=C3=A4rwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.
855ba7a3106fee31b467fdbdd5e12d64132663a4fd40edb37894503c1311c4b8