Gentoo Linux Security Advisory GLSA 200606-01 - SEC Consult has discovered a buffer overflow in the code processing style sheet attributes. It is caused by an integer signedness error in a length check followed by a call to a string function. It seems to be hard to exploit this buffer overflow to execute arbitrary code because of the very large amount memory that has to be copied. Versions less than 8.54 are affected.
64302d11bd4e4c3d1c80d7083cdceb788f3b773d686433443bbe2bb8296ad21a
Gentoo Linux Security Advisory GLSA 200606-08 - rgod discovered that WordPress insufficiently checks the format of cached username data. Versions less than 2.0.3 are affected.
41d2e410a1dd1a79f44f9970d33cfdf5c3f27fe00dd35698221d6da902fd8963
Gentoo Linux Security Advisory GLSA 200606-07 - Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid() in do_command.c fails due to a user exceeding assigned resource limits. Versions less than 4.1-r9 are affected.
08f1ab55b1098347b15f0fac06486462d349b590b805b7aafbf82763035ec0e7
Mandriva Linux Security Advisory MDKSA-2006-098: PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."
72e10c81a5cd123278fd9215d83709106a3e9428320c85218c591158b0992092
Mandriva Linux Security Advisory MDKSA-2006-097: SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
f086c8f04e1ca9777203babe1b5b2fff630064bdf27c35a097720601ad7cbb99
Mandriva Linux Security Advisory MDKSA-2006-096: A stack-based buffer overflow in st.c in slurpd for OpenLDAP might allow attackers to execute arbitrary code via a long hostname.
4cfece0cdbbde6d543e012f5bb8e8d20d5a311057d6d9dd3e01111358aa7b5a0
Mandriva Linux Security Advisory MDKSA-2006-095: A stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename.
0343f3b420c0ec45d47b8a592d88bec30011c8dbd89cdcaf0bf916d2d7846250
Debian Security Advisory 1090-1: A vulnerability has been discovered in SpamAssassin, a Perl-based spam filter using text analysis, that can allow remote attackers to execute arbitrary commands.
02af200793b7e244c4a6b4fe5d2841488b69e1beab1bc69d7f7aa68a87ab8331
Debian Security Advisory 1095-1: Several problems have been discovered in the FreeType 2 font engine.
0787142dcd4868da1f2fb0a20d0559fadb319bc2d91ff63c1056d908be2d4bc6
Debian Security Advisory 1094-1: Joxean Koret discovered several cross-site scripting vulnerabilities in Gforge, an online collaboration suite for software development, which allow injection of web script code.
ea4e76e50df20b3ad10c37936618719ec062d9555422fae80ceae4f0aa4ee712
Debian Security Advisory 1093-1: Several format string vulnerabilities have been discovered in xine-ui, the user interface of the xine video player, which may cause a denial of service.
d97cc69d069992890e9c1cc5156f98d9b24201b09e3467a673ed66b8ad2d67b9
Debian Security Advisory 1092-1: Josh Berkus and Tom Lane discovered that MySQL 4.1, a popular SQL database, incorrectly parses strings escaped with mysql_real_escape() which could lead to SQL injection. This problem does only exist in versions 4.1 and 5.0.
9cd677d7cab0d5299bde3ef5872d558a13d09edfdb77e41de4b88733ee229e5c
Debian Security Advisory 1091-1: Several problems have been discovered in the TIFF library.
66343940af8c0223f2a8631a194f7e7297a14918d31e5d5732112e6f4543f34d