Ubuntu Security Notice USN-817-1 - Several flaws were discovered in the rendering engine of Thunderbird. If Javascript were enabled, an attacker could exploit these flaws to crash Thunderbird.
38533b61ed9c3d13c54fcecda662e51a0295d7712bae066e5d986a5e18076e0c
Ubuntu Security Notice USN-820-1 - Federico Muttis discovered that Pidgin did not properly handle certain malformed messages in the MSN protocol handler. A remote attacker could send a specially crafted message and possibly execute arbitrary code with user privileges.
3cb0bc8ff34af8d18496e2c3d5d2bcb732b59e6582fcf4a8ccb1838d53e7bb47
Ubuntu Security Notice USN-809-1 - Multiple vulnerabilities in gnutls12, gnutls13, and gnutls26 have been addressed.
b92205b37169716ba97e50429020fd3909591b35ccbe74027c607e8e62403c93
strongSwan is a complete IPsec and IKEv1 implementation for Linux 2.4 and 2.6 kernels. It interoperates with most other IPsec-based VPN products. It is a descendant of the discontinued FreeS/WAN project. The focus of the strongSwan project is on strong authentication mechanisms using X.509 public key certificates and optional secure storage of private keys on smartcards through a standardized PKCS#11 interface. A unique feature is the use of X.509 attribute certificates to implement advanced access control schemes based on group memberships.
40627dfae0f033cdb3af2d30fc3598c64c127f1006fe3aae8ec6c1554ca0029e
Tor-ramdisk is an i686 uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. Security is enhanced by employing a monolithically compiled GRSEC/PAX patched kernel and hardened system tools. Privacy is enhanced by turning off logging at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key which may be exported/imported by FTP.
3fd3d678efb616bb3117343908a6835a1adec67868e49730d3c5e150f5aefc1d
Firewall Builder consists of a GUI and set of policy compilers for various firewall platforms. It helps users maintain a database of objects and allows policy editing using simple drag-and-drop operations. The GUI and policy compilers are completely independent, which provides for a consistent abstract model and the same GUI for different firewall platforms. It currently supports iptables, ipfilter, ipfw, OpenBSD pf, Cisco PIX and FWSM, and Cisco routers access lists.
a01fce8c8bd46f8be8dfa7e66ecf8f2aa0795d9454c398ea271b93c4daa346d1
Mandriva Linux Security Advisory 2009-210 - A vulnerability have been discovered and corrected in GnuTLS before 2.8.2, which could allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. This update fixes this vulnerability.
eadbf55cae152edc723e6474013dda54a57861be478774358cae28695bda3567
Mandriva Linux Security Advisory 2009-209 - Multiple Java OpenJDK security vulnerabilities has been identified and fixed.
e63ca3c4a2288ce9ba25d35c65a3b5ec6f6320072a58c8b95f0f89a275cf4470
Mandriva Linux Security Advisory 2009-207 - Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391. This update provides a solution to this vulnerability.
4b957f4ba0927edc62148dab61c0db5ec568e0f71f52e958ee814a008f626a89
Debian Security Advisory 1870-1 - Federico Muttis discovered that libpurple, the shared library that adds support for various instant messaging networks to the pidgin IM client, is vulnerable to a heap-based buffer overflow. This issue exists because of an incomplete fix for CVE-2008-2927 and CVE-2009-1376. An attacker can exploit this by sending two consecutive SLP packets to a victim via MSN.
11ac33561f3bbbffca98ffd632e07b2283b4a9f19e94b23a9c98eb2ca8256b2e
Mandriva Linux Security Advisory 2009-206 - SUSE discovered a security issue in wget related to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408 This update provides a solution to this vulnerability.
d39cc0054a684cd3aafc7499acfef071f927f72badd882a14815113d933868d8
HP Security Bulletin - A potential vulnerability has been identified with HP Network Node Manager (NNM) Remote Console running on Windows. The vulnerability could be exploited by a local user to execute arbitrary code or to create a Denial of Service (DoS).
6f437506acc8bd1e6d99e311b11a0bcd48fe660f5a69729dd5907346559d1f60