Mandriva Linux Security Advisory 2012-023 - A vulnerability has been found and corrected in libvpx. VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in SPLITMV blocks. The updated packages have been patched to correct this issue. This is a symbolic advisory correction because there was a clash with MDVSA-2012:023 that addressed libxml2.
5760ddad7ab7f5d50d45e9d6d2b01846dcf94ede1f8a9d2ef97fe65d6bc27c3f
Mandriva Linux Security Advisory 2012-022 - Security issues were identified and fixed in mozilla firefox and thunderbird. An integer overflow in the libpng library can lead to a heap-buffer overflow when decompressing certain PNG images. This leads to a crash, which may be potentially exploitable. The mozilla firefox and thunderbird packages have been upgraded to the latest respective versions which is not affected by this security flaw. Additionally the rootcerts packages has been upgraded to the latest version as of 2012/02/18 and the NSS library has been rebuilt accordingly to pickup the changes. This is a symbolic advisory correction because there was a clash with MDVSA-2012:022 that addressed libpng.
6c745d9d52173219392680d02b0a80f2ccd95e95f7941c4746e37f33fda62ceb
Mandriva Linux Security Advisory 2012-025 - Heap-based buffer overflow in process.c in smbd in Samba allows remote attackers to cause a denial of service or possibly execute arbitrary code via a Batched request that triggers infinite recursion. The updated packages have been patched to correct this issue.
af6946ff7346145357d5f9633e3b4cabee3c482c6018138fa764fa1f07c698c8
Mandriva Linux Security Advisory 2012-024 - Ruby before 1.8.7-p357 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service via crafted input to an application that maintains a hash table. The updated packages have been patched to correct this issue.
44b5393632217703390da470f7fefc75b8bdaafb0b6e2a9d36de950d30ad3bcd
darkb0t is an IRC bot written in Python that is capable of doing reverse DNS lookups, google dork searching, performing link checking on SQL injection, and more.
fc4219efe6ae1275b002e2675f490152ed141e4cb8ee0e508199e6134eff932d
Ubuntu Security Notice 1377-1 - Drew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. Drew Yao discovered that Ruby's BigDecimal module did not properly allocate memory on 64-bit platforms. An attacker could use this flaw to cause a denial of service or possibly execute arbitrary code with user privileges. Various other issues were also addressed.
cec298eba7976ebaa181ffd4c17d9f86fd8b7f0120e64642a7761c57933776cd
Whitepaper called Metasploit: Low Level View. It touches on topics such as code injection and malware detection evasion / Metasploit encoders.
07e3eb3f9a8a6d81bd3f80976de99d9b360b6c9b90ddb4432b6343a6f12cc0c2
ImgPals Photo Host version 1.0 STABLE suffers from a remote administrative account disabling vulnerability.
8c780762899fca7c8bc34cb516d77adf4aed068e1971cb7d7c17d6457fafd235
The REC0N 2012 Call For Papers has been announced. It will take place June 14th through June 16h, 2012 in Montreal, Canada.
d8be753bc58b7479ec005c38ff804b7f008e8d9737d33209f5c4b6326927ca60
Ubuntu Security Notice 1375-1 - The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in applications that used the httplib2 library.
a63a7a4c0796d2e294993168bb60e26b7a9fa704397e1fe1bdc13730e913f609
Gentoo Linux Security Advisory 201202-7 - Multiple vulnerabilities were found in libvirt, the worst of which might allow guest OS users to read arbitrary files on the host OS. Versions less than 0.9.3-r1 are affected.
174a3477cdb83676abe9282ccb2195b63c18c5ee3d51f67ae0d74c3aeffc9587
Ubuntu Security Notice 1376-1 - Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause a denial of service.
073bc618e97ea21ba50aa4f143095cd3ce54bb7398fe488d63f3e1eda1db3105
Debian Linux Security Advisory 2419-1 - Two vulnerabilities were discovered in Puppet, a centralized configuration management tool.
11d35b7f35e7ba4a7e843737818ea54afa99b8b4146c843dba48c5f54f55e6d0
Debian Linux Security Advisory 2418-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database.
11a657217072f0210bb50b55f2208a3bed8d0b8e9a9900e5683fd14a41024efb
Debian Linux Security Advisory 2414-2 - It was discovered that the last security update for F*X, DSA-2414-1, introduced a regression. Updated packages are now available to address this problem.
163b9eaa211f872e647739bda275ef73dadabe562d1e45464ced23724f4d2944