Mandriva Linux Security Advisory 2013-259 - Use-after-free vulnerability in the doImageText function in dix/dixfonts.c in the xorg-server module before 1.14.4 in X.Org X11 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted ImageText request that triggers memory-allocation failure.
d73de32034766dc93737b3ea8cb07c6ae13f7aee39585ad2d16563b6745e2abb
Mandriva Linux Security Advisory 2013-258 - It was discovered that ICU contained a race condition affecting multi-threaded applications. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. It was discovered that ICU incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
548ed919c730db114b9bd87b6261a35bd35e86d1171dfc5eb7b59850b01cd652
Gentoo Linux Security Advisory 201310-21 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could lead to Denial of Service. Versions less than 1.21.2 are affected.
ac99ffc7a59e19273c6f7c08c59b9e2e2bc135cfd07f27fd127001d0bd0ca8d6
Gentoo Linux Security Advisory 201310-20 - A vulnerability in acpid2 may allow a local attacker to gain escalated privileges. Versions less than 2.0.17 are affected.
aabf1d5fd5c7875c07a261f92c1372e4e767ccd10a4f2bdc817de1fb02971c38
Gentoo Linux Security Advisory 201310-19 - A path vulnerability in X2Go Server may allow remote execution of arbitrary code. Versions less than 4.0.0.2 are affected.
1b4d8c2d5d5e5cc903e0656136ff595271108c26520fa60e84ddf1fb892a61a6
Debian Linux Security Advisory 2786-1 - The Google Chrome Security Team discovered two issues (a race condition and a use-after-free issue) in the International Components for Unicode (ICU) library.
fff614ff927cf78e679c00b762b70597a0e8fafbaa8f65901ab464f3c04fa797
Gentoo Linux Security Advisory 201310-18 - Multiple vulnerabilities have been discovered in GnuTLS, the worst of which could lead to Denial of Service. Versions less than 2.12.23-r1 are affected.
dae2553c4427a86dc8b3c9a695288ffe228b8243b84bee882ce07c7536efbf41
Gentoo Linux Security Advisory 201310-17 - pmake uses temporary files in an insecure manner, allowing for symlink attacks. Versions less than 1.111.3.1 are affected.
720961ebfdd7c172ab996cfa7fe9379f3ed54bc16906d9e466e5d2cf72806d13
Debian Linux Security Advisory 2787-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, does not properly sanitize the _session parameter in steps/utils/save_pref.inc during saving preferences. The vulnerability can be exploited to overwrite configuration settings and subsequently allowing random file access, manipulated SQL queries and even code execution.
16835cafc45de428b561f8da656aead6d60655755a053be0641fc356c2a3e1f6
Debian Linux Security Advisory 2785-1 - Several vulnerabilities have been discovered in the chromium web browser.
48628ebb43be4560f718b05e27f8d8a4debb8f5353ec1e118afdb50298d992fd
Gentoo Linux Security Advisory 201310-16 - Two buffer overflow vulnerabilities in TPTEST may allow remote attackers to execute arbitrary code or cause Denial of Service. Versions less than 3.1.7-r2 are affected.
8ea7d93b3f09f11db13f0a5774d837544a744a76e8540d8d14e2145af3fda22c
Gentoo Linux Security Advisory 201310-15 - Multiple vulnerabilities have been found in GNU Automake, allowing local arbitrary command execution with the privileges of the user running an Automake-based build. Versions less than 1.11.6 are affected.
c4712ff82db88c59238cb2745a8aefc2c8dff9ef3b49bb02939e39dc4769bc18
Gentoo Linux Security Advisory 201310-13 - Multiple vulnerabilities have been found in MPlayer and the bundled FFmpeg, the worst of which may lead to the execution of arbitrary code. Versions less than 1.1-r1 are affected.
08965766fcae25256090b4e385c2d0b3cb8116f70820f4e55055009d3309d422
Gentoo Linux Security Advisory 201310-12 - Multiple vulnerabilities were found in FFmpeg, the worst of which might enable remote attackers to cause user-assisted execution of arbitrary code. Versions less than 1.0.7 are affected.
d23e903782e194c3e161da651dead966b61dd687650a2ec514384ffd8de17b78
Gentoo Linux Security Advisory 201310-14 - Multiple vulnerabilities have been found in Groff, allowing context-dependent attackers to conduct symlink attacks. Versions less than 1.22.2 are affected.
4c8b8107de41173ce0db5640699699fd0f4ae5cfcb10a6a2cf1b52bf8d21c739
CA Technologies Support is alerting customers to a potential vulnerability in CA SiteMinder that can be mitigated by utilizing existing product functionality. The vulnerability can potentially allow a remote attacker to conduct a cross-site scripting attack and execute script in the security context of the SiteMinder domain. Customers should review their SiteMinder deployments to verify that the vulnerability mitigating functionality is enabled. Versions 12.51, 12.5, 12.0 and 6 Web Agents are affected.
7484ac45d17585798083790d7030a16af3adf9a7edd7018fd77567ee3e3aaf5c
Debian Linux Security Advisory 2783-2 - The update of librack-ruby in DSA-2783-1 also addressed CVE-2013-0183. The patch applied breaks rails applications like redmine (see Debian Bug #727187). Updated packages are available to address this problem.
7166a2e1c6865221cfe34af826a8c7a766cf04432e78842feb087c02e0f3fe25
Ubuntu Security Notice 2007-1 - Martin Carpenter discovered that Apport set incorrect permissions on core dump files generated by setuid binaries. A local attacker could possibly use this issue to obtain privileged information.
b01329a47b0a84943e0929f31ba03f709200ed7f5762f7a5ad9544c85128d498
Ubuntu Security Notice 2008-1 - Ralph Loader discovered that Suds incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. In the default installation of Ubuntu, this should be prevented by the Yama link restrictions.
bf71a760565d6513e96914418c72277da4c645c885cd2d33c760bcdbfcb9f300
Ubuntu Security Notice 2006-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.72 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04 and Ubuntu 13.10 have been updated to MySQL 5.5.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
cb8de417ff7f62570e9cf059820b5b3e849c9637f24c9974857bfb156a0ab65f
Red Hat Security Advisory 2013-1459-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. A denial of service flaw was found in the way GnuPG parsed certain compressed OpenPGP packets. An attacker could use this flaw to send specially crafted input data to GnuPG, making GnuPG enter an infinite loop when parsing data. It was found that importing a corrupted public key into a GnuPG keyring database corrupted that keyring. An attacker could use this flaw to trick a local user into importing a specially crafted public key into their keyring database, causing the keyring to be corrupted and preventing its further use.
66f4f380227d5284e4fe726da477005d273d6e0b0babb21afcad548a7d3c4cc5
Red Hat Security Advisory 2013-1458-01 - The GNU Privacy Guard is a tool for encrypting data and creating digital signatures, compliant with the proposed OpenPGP Internet standard and the S/MIME standard. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.
4ed140d307f2bb993d4c7916c9f09e01858d795fc86538c67ede4581485941e0
Red Hat Security Advisory 2013-1457-01 - The libgcrypt library provides general-purpose implementations of various cryptographic algorithms. It was found that GnuPG was vulnerable to the Yarom/Falkner flush+reload cache side-channel attack on the RSA secret exponent. An attacker able to execute a process on the logical CPU that shared the L3 cache with the GnuPG process could possibly use this flaw to obtain portions of the RSA secret key.
f0bc34c54d779918b986683d5fd801d334fea4b81db30f56c90de612a52fd94c
Drupal Bean third party module version 7.x suffers from a cross site scripting vulnerability.
5e97713fe4414c722908505802236b453b4140bd483353df1873c0b578da4978
In certain circumstances, RSA Authentication Agent for Web for IIS protection can be bypassed due to a fail open flaw in the agent. Versions 7.1 and 7.1.1 are affected.
1d9bdb134e4d458497e0ceca42b57c05550f4701f6e3aab2e693ee71a6cf1843