OpenPKG Security Advisory - Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in the regular expression compiler of the Perl programming language, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions. The bug manifests in a possible buffer overflow in the polymorphic "opcode" support code, caused by ASCII regular expressions that really are Unicode regular expressions.
fd63d18ae40b88066a847d408cc8dc4b528e6881d49215b4b27af6316352df80
OpenPKG Security Advisory - BIND 9 versions 9.4.1-P1 and below suffer from multiple vulnerabilities that allow for recursive queries and cache poisoning.
c368a04ffba7fa0bd16a6fd660ba328818e7e86d86faf603e8fd15ff53b9f706
OpenPKG Security Advisory - Multiple vulnerabilities in PHP versions 5.2.2 and below have been addressed.
de25ea5eaff6e286c1e16000b5dfce7c3dedab43e0b8b25a85fcd5852260b7f1
OpenPKG Security Advisory - A vulnerability caused by an integer signedness error was found by Victor Stinner in the font rendering library Freetype, versions up to and including 2.3.4. The vulnerability might allow remote attackers to execute arbitrary code via a specially crafted TrueType Font (TTF) file with a negative "n_points" value, which leads to an integer overflow and heap-based buffer overflow.
20e3597f4528c3bf943c842d2c4a790a8846089007afb586832a34877de6bcb1
OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the Ratbox IRC Daemon, versions up to and including 2.2.5. Too many pending connections to the server from a single unknown client could result in a resource starvation.
7f887dd38929665069a85a9b5ef03b27f0f850f52837b0cb36cf19a9a5dac310
OpenPKG Security Advisory - A Denial of Service (DoS) vulnerability exists in the routing daemon Quagga, versions up to and including 0.99.6. The Quagga bgpd(8) daemon is vulnerable as configured peers may cause it to abort because of an assertion which can be triggered by peers by sending an "UPDATE" message with a specially crafted, malformed Multi-Protocol reachable/unreachable "NLRI" attribute.
12492b05bc1c9dd6d3ab14537255e48285c3a6cb1a68486580a7e74f2e78c677
OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the PNG image format library libpng. The bug is a NULL-pointer-dereference vulnerability involving palette images with a malformed "tRNS" PNG chunk, i.e., one with a bad CRC value. This bug can, at a minimum, cause crashes in applications simply by displaying a malformed image.
63c3acc1ae79ee72024eb0a8d12f1655d8911415ac30f629fe2c5728b871eecc
OpenPKG Security Advisory - Multiple vulnerabilities were found in the CIFS/SMB server implementation Samba.
9c9c5ff7ea80d2352d3c98caf5ce202df67d9f7bcb059cafc04b46c14805b953
OpenPKG Security Advisory - According to a vendor release announcement, multiple vulnerabilities exist in the programming language PHP, versions up to and including 5.2.0.
c86db00870b10c7d75d039211794324e8c48eb4f2ebd85d7db91a0cbf5c1df07
OpenPKG Security Advisory - According to a vendor security advisory, a vulnerability exists in the SessionPlugin extension of the Wiki engine TWiki, version up to and including 4.1.0. The vulnerability allows local users to cause TWiki to execute arbitrary Perl code with the privileges of the web server process by creating CGI session files on the local filesystem.
51621d8c871de933a4c4b0ef815d8d632f8d803fcb9b63ba065faf6cc822d1b3
OpenPKG Security Advisory - Ralf S. Engelschall from OpenPKG GmbH discovered a Denial of Service (DoS) vulnerability in the CVS/Subversion/Git Version Control System (VCS) frontend CVSTrac, version 2.0.0.
1db2c81b325a11b28837a0856dc30080a87ebbd7a7462ccc43a328ae1aaabdf4
OpenPKG Security Advisory - As confirmed by vendor security advisories, two security issues exist in the DNS server BIND, versions up to 9.3.4. The first issue is a "use after free" vulnerability which allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors that cause BIND to "dereference (read) a freed fetch context". The second issue allows remote attackers to cause a Denial of Service (DoS) via a type "*" (ANY) DNS query response that contains multiple resource record (RR) sets in the answer section, which triggers an assertion error. To be vulnerable you need to have enabled DNSSEC validation in the configuration by specifying "trusted-keys".
efdefa323f0250b7bbccf97b1808ac633e806735791adbf26f360bd1575549c6
OpenPKG Security Advisory - According to vendor security advisories, two security issues exist in the Kerberos network authentication system implementation MIT Kerberos. First, the RPC library could call an uninitialized function pointer, which created a security vulnerability for kadmind(8). Second, the GSS-API "mechglue" layer could fail to initialize some output pointers, causing callers to attempt to free uninitialized pointers. This caused another security vulnerability in kadmind(8).
18eb84638a0aa1af34b0b1cdc4873ec6ac8264aa88bdd3cd284bf7eb213a80c4
OpenPKG Security Advisory - According to a security advisory from Stefan Esser, a vulnerability exists in the Weblog publishing system WordPress, versions up to and including 2.0.5.
5bb58c9bfbd9ea4823adca77bf7855e11fa850d081b036ff2dc309cfee673e95
OpenPKG Security Advisory - According to vendor release notes and security advisories, two security issues exist in the POP3/IMAP batch client Fetchmail, version up to and including 6.3.5
e848b53d79d513a6112f14b3d4de99609c0c6e7edaa805a1ed7f23529322556e
OpenPKG Security Advisory - According to upstream vendor security advisories, two vulnerabilities exist in the content management system Drupal, versions up to and including 4.7.4.
113909de07850710304b892fe3a993e72495d2f35dd0f344511576e4e4b66531
OpenPKG Security Advisory - Together with two portability and stability issues, two older security issues were fixed in the compression tool BZip2, versions up to and including 1.0.3.
25542668c12c677ad1d31a4513dd6892ca204cb22b1f1399da1eda9ec286b7cd
OpenPKG Security Advisory - Three vulnerabilities have been identified and exploited in the network monitoring and graphing frontend Cacti, versions up to and including 0.8.6i. They can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems.
d715fb2ea460dd7e357f8f6f699dde27c0bdc767cbf64fd69c81a7a05264aa07
OpenPKG Security Advisory - The Links web browser versions below 2.1pre26 suffer from an arbitrary code execution vulnerability.
ccd24a8032dfc6e3f207ae8646c3ad418869265a3599f98dba7bb0efa58e46ac
OpenPKG Security Advisory - OpenSER versions 1.1.0 and below suffer from a buffer overflow vulnerability.
5adb8463690b95ca64c0cdefd7eaad1f6fde535fd8d8a4a602092bde09153636
OpenPKG Security Advisory - As confirmed by the vendor, a Denial of Service (DoS) vulnerability exists in the programming language Ruby, versions before 1.8.5-p2.
b21d0c433a93a826301e000c138a2d7578c7c9e437c3c15008d465d9d44ccda3
OpenPKG Security Advisory OpenPKG-SA-2006.038 - The archive format utility GNU tar, versions up to and including 1.16, allows user-assisted attackers to overwrite arbitrary files via a TAR format file that contains a "GNUTYPE_NAMES" record with a symbolic link.
b3316815129634db7a89691f0f6a4712f63cc700167db955981aaf3a818c1b27
OpenPKG Security Advisory OpenPKG-SA-2006.037 - Two security issues were discovered in the OpenPGP cryptography tool GnuPG, versions up to and including 1.4.5 and 2.0.1. The first issue is a heap-based buffer overflow which has been identified by the vendor during fixing a bug reported by Hugh Warrington. The second issue is a memory management problem.
e2ad975972bd8b4d3c70e676abce3b1376c3b1ef57af266813f375814ebfe63c
OpenPKG Security Advisory OpenPKG-SA-2006.034 - Miloslav Trmac from Red Hat discovered a buffer overflow in GNU Texinfo. The flaw was found in a function used by Texinfo's texi2dvi and texindex commands. An attacker could construct a carefully crafted Texinfo file that could cause texi2dvi or texindex to crash or possibly execute arbitrary code when opened.
878e47113669a4f4780cad26b04bda1aa8d62ebe2073d4f4aa25c8cb53347bd8
OpenPKG Security Advisory OpenPKG-SA-2006.033 - Evgeny Legerov discovered a vendor-confirmed denial of service vulnerability in OpenLDAP. The vulnerability allows remote attackers to cause a DoS via a certain combination of LDAP "Bind" requests that trigger an assertion failure in "libldap". The flaw is caused by incorrectly computing the length of a normalized name.
f298e21b67c62cc61561c562fe81bcf25b76c0493617dca53ced2a579adadcbd