PHP versions 5.2.10 and 5.3.0 suffer from a memory disclosure vulnerability.
3d596b7080a1f32c18d2373f6501a9c540935c67cdcee3b3d4fa38ba096362d2
PHP version 5.3.0 suffers from an open_basedir bypass vulnerability.
be91516ebd25b5bfc2c94ee17c0ce86798b15c507f6ccf3c9f0ef4e91a52bdad
Mandriva Linux Security Advisory 2009-161-1 - Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses. Due to incorrect data validation Squid is vulnerable to a denial of service attack when processing specially crafted responses. This update provides fixes for these vulnerabilities.
d9c81c5d316f3f5eb536548bcf3353ad3e0fde68d0cea5f5305389b06a293ab9
Ubuntu Security Notice USN-813-3 - USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr-util. Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.
a66bcad1d5b347e9c1508af29c81788f84378ee970957436e3d17b7879b48460
Ubuntu Security Notice USN-813-2 - USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.
1baed221a5a1b81cd2b58835a729530c1b4518db9c82892766ecb7a4f5236762
Ubuntu Security Notice USN-813-1 - Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.
e9c60c6687e44151935903cf7df6706d95e898506cd5109483cdafb67fbe616f
Ubuntu Security Notice USN-812-1 - Matt Lewis discovered that Subversion did not properly sanitize its input when processing svndiff streams, leading to various integer and heap overflows. If a user or automated system processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user processing the input.
b2b70a6cc53f98c6c6f9466fe8dfaecbc0c3b541bca84dc872d67c477b1ef983
Mandriva Linux Security Advisory 2009-198 - Security researcher Juan Pablo Lopez Yacubian reported that an attacker could call window.open() on an invalid URL which looks similar to a legitimate URL and then use document.write() to place content within the new document, appearing to have come from the spoofed location. Moxie Marlinspike reported a heap overflow vulnerability in the code that handles regular expressions in certificate names. This vulnerability could be used to compromise the browser and run arbitrary code by presenting a specially crafted certificate to the client. IOActive security researcher Dan Kaminsky reported a mismatch in the treatment of domain names in SSL certificates between SSL clients and the Certificate Authorities (CA) which issue server certificates. These certificates could be used to intercept and potentially alter encrypted communication between the client and a server such as sensitive bank account transactions. This update provides the latest Mozilla Firefox 3.0.x to correct these issues. Additionally, some packages which require so, have been rebuilt and are being provided as updates.
75f839274f8e82729d0a4c1aca579dbfb860f6c2f1f69f8353c4f57860a78bd7
Mandriva Linux Security Advisory 2009-197 - Security issues in nss prior to 3.12.3 could lead to a man-in-the-middle attack via a spoofed X.509 certificate and md2 algorithm flaws, and also cause a denial-of-service and possible code execution via a long domain name in X.509 certificate. This update provides the latest versions of NSS and NSPR libraries which are not vulnerable to those attacks.
bd0fc6956d963e958bc33f7098949780b68da008df3fe89a2bb4d9f2af528903
HP Security Bulletin - A potential security vulnerability has been identified with Tru64 UNIX running the BIND server. The vulnerability could be remotely exploited to create a Denial of Service (DoS).
5cc5bf3c0eceec30742ea2c7a159c9eec807fd00b573801ebcc1dafc7a661cb1
HP Security Bulletin - A potential security vulnerability has been identified with OpenVMS running HP TCP/IP Services BIND server. The vulnerability could be remotely exploited to create a Denial of Service (DoS).
44568bfa24c846d11ad5c01210754516d4154565fba5100419af14a74d4fcad3
HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running BIND. The vulnerability could be exploited remotely to create a Denial of Service (DoS).
0c17cc303eddc5f14d1296523433160a7dc7ca4466a8139afd29dccf71d36dd8