Ubuntu Security Notice USN-189-1 - Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran Ghory also discovered a path traversal vulnerability. Even when the --no-absolute-filenames option was specified, cpio did not filter out ".." path components. By tricking an user into unpacking a malicious cpio archive, this could be exploited to install files in arbitrary paths with the privileges of the user calling cpio. (CVE-2005-1229)
6c020b860f3162b5c142afd08d7d2ed80874cb3d6613efa8875483bac869d12a
iUbuntu Security Notice USN-188-1 - Chris Evans discovered a buffer overflow in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.
01e1e78f8d01e887963d5567608c06a38b95c46065fb9fc107226f520f9b148b
White and Case, a top NYC law firm, posted a survey on Data Security Breach Notifications on September 26, 2005. From the press release: "Victims of personal data security breaches are showing their displeasure by terminating relationships with the companies that maintained their data, according to a new national survey sponsored by global law firm White & Case. The independent survey of nearly 10,000 adults, conducted by the respected privacy research organization Ponemon Institute, reveals that nearly 20 percent of respondents say they have terminated a relationship with a company after being notified of a security breach."
34841f15fde3174b2d3ba914496579e6be03c3365d6584bd104e7dc03f893335
Gentoo Linux Security Advisory GLSA 200509-21 - Javier Fernandez-Sanguino has discovered that xferfaxstats cron script supplied by Hylafax insecurely creates temporary files with predictable filenames. Versions less than 4.2.2 are affected.
53d5854bccd2e62d8a4e1df7f42b479d79b3d31c31007143fddcc7d5dd48d544
Gentoo Linux Security Advisory GLSA 200509-20 - Chris Evans discovered that the RTF import function in AbiWord is vulnerable to a stack-based buffer overflow. Versions less than 2.2.10 are affected.
b1cd40fd62d17d116d19ef06e704c1b2958ea550798572d0be46c5a2cbcc06c0
Debian Security Advisory DSA 835-1 - Javier Fern
c34847abc1ac8e80e1ae620c6476d26a11d0e417009bebcb69e3a7f24eb6d03e
Debian Security Advisory DSA 834-1 - Tavis Ormandy discovered a buffer overflow in prozilla, a multi-threaded download accelerator, which may be exploited to execute arbitrary code.
1533fae250af0638c8c18c15114753c7f090ebfed49c458387b04fda21f89688
Debian Security Advisory DSA 833-1 - A stack-based buffer overflow in the init_syms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. The ability to create user-defined functions is not typically granted to untrusted users.
fbe0d8361c325416a0cd38b766000c2ff8a5599e7908f37af6e7b12997d88bba
Debian Security Advisory DSA 832-1 - Several buffer overflows have been discovered in gopher, a text-oriented client for the Gopher Distributed Hypertext protocol, that can be exploited by a malicious Gopher server.
87a2cda9839b4ecfd950d75d570f2f4b09ba150632b873a54ab973edea78721f
Debian Security Advisory DSA 831-1 - A stack-based buffer overflow in the init_syms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. The ability to create user-defined functions is not typically granted to untrusted users.
44435b96667e712a9639f2570ff6a5ae762d21ba9b657fdc060a20b201bd274b
Debian Security Advisory DSA 830-1 - Drew Parsons noticed that the post-installation script of ntlmaps, an NTLM authorization proxy server, changes the permissions of the configuration file to be world-readable. It contains the user name and password of the Windows NT system that ntlmaps connects to and, hence, leaks them to local users.
0efaab1176dc6599a6617dbc6f35f7c26704d76fd9382dbff5495f085e821152
Debian Security Advisory DSA 829-1 - A stack-based buffer overflow in the init_syms function of MySQL, a popular database, has been discovered that allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field. The ability to create user-defined functions is not typically granted to untrusted users.
dc9f980453c09c1d2f37e8deecc778bed4f6c1520cea662b0ab19bf7ce1530c1
Debian Security Advisory DSA 828-1 - Upstream developers of squid, the popular WWW proxy cache, have discovered that changes in the authentication scheme are not handled properly when given certain request sequences while NTLM authentication is in place, which may cause the daemon to restart.
7ef499a1227798c1d997c07bd6e5bc0392caa2dab911610da22c6d17215aaa8e
Debian Security Advisory DSA 827-1 - Moritz Muehlenhoff discovered the handler code for backupninja creates a temporary file with a predictable filename, leaving it vulnerable to a symlink attack.
eedeaf75ed88dc95af3b6e97a2d118e2aebe179609f0f3e92641954f6c21c5bc
Debian Security Advisory DSA 826-1 - Multiple security vulnerabilities have been identified in the helix-player media player that could allow an attacker to execute code on the victim's machine via specially crafted network resources.
1a0dedbb4a4a7f5196ff5e735696cc55967e4d319c5ff0dd2ade97687c66ff0b
Debian Security Advisory DSA 823-1 - David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only.
502bf8657d468c1a423a4f4d8abf0a5eb670db058194462e6a9f8aff8500b3f1
Debian Security Advisory DSA 824-1 - Two vulnerabilities have been discovered in Clam AntiVirus, the antivirus scanner for Unix, designed for integration with mail servers to perform attachment scanning. The following problems were identified:
76a8f35480ffda05f60db858104e6367f18cd4cec6b6ef911938630ef314ef44
Debian Security Advisory DSA 823-1 - David Watson discovered a bug in mount as provided by util-linux and other packages such as loop-aes-utils that allows local users to bypass filesystem access restrictions by re-mounting it read-only.
4c2adb50c18ff212a796b1305534c68e1462dc347c05728ebb614af1caf57555
Debian Security Advisory DSA 822-1 - Eric Romang discovered that gtkdiskfree, a GNOME program that shows free and used space on filesystems, creates a temporary file in an insecure fashion.
fb73331697cc0ca24d7df9184e8433b1cba8fb72fc535418e52f3b272c89d8d2
Debian Security Advisory DSA 809-2 - Certain aborted requests that trigger an assertion in squid, the popular WWW proxy cache, may allow remote attackers to cause a denial of service. This update also fixes a regression caused by DSA 751.
fea1b192de905ca27bdc9f1f7fc6aee4a4466df46a410aeb89e989f74c5c9f62
Debian Security Advisory DSA 797-2 - zsync, a file transfer program, includes a modified local copy of the zlib library, and is vulnerable to certain bugs fixed previously in the zlib package.
0094df582ef600def2ca1c12efd4469af31ffe61cc54b7fdbc884f7799bd907f
Debian Security Advisory DSA 821-1 - An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular expression.
846d0309f9895170bbb3312e9d92a9d82a1569dcfb2bb62e3a8dd1c4ac103cef
Secunia Security Advisory - A vulnerability has been reported in Hitachi Cosminexus, which potentially can be exploited by malicious people to disclose sensitive information.
cabe50b2c84cfee0fd27718537450aef7c7c068aae281566d3bc9dda2f454fe5
Secunia Security Advisory - Tavis Ormandy has reported a vulnerability in ProZilla, which can be exploited by malicious people to compromise a user's system.
d5eb8e5245baabec3d9325477eaf79100f31c9d313d9955e2e944ab8dfebf308
Secunia Security Advisory - Paul Szabo has reported a security issue in GNOME libzvt, which can be exploited by malicious, local users to spoof the hostname that is recorded into utmp.
c07fa5beddfa36cdda92584b5052d39ab26008d53b4c2fbf800aacf91b8cce9b