Mandriva Linux Security Advisory 2012-041 - A memory leak and a hash table collision flaw in expat could cause denial of service attacks. The updated packages have been patched to correct this issue.
d14554c5903aec074d1a23f535fe5ef1b64473aeed5e24680db002cbdc78d94c
Vitalogy Web CMS suffers from a remote SQL injection vulnerability.
e9ae1e70842ce4d3807629e810c278911ad0d03fc1159e1f0ea76595b97e7ea5
GreenBrowser suffers from dialog and stored cross site scripting vulnerabilities. Versions 6.1.0117 and 6.1.0216 are affected.
52011797f6cf6b3020e9528439fbb81b5f61d8b3df82e16e190aca42efcb4e80
Mandriva Linux Security Advisory 2012-040 - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. The updated packages have been patched to correct this issue. The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support.
8c82c1513bd666093f762efb98cbc93ba20dbed872d8c6c946cbde14ef5e7aa3
NextBBS version 0.6.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
bfa83da9859d83d6988d38e9d8dc4e00aea5881410d054635c38bf926bc80c44
WordPress Integrator plugin version 1.32 suffers from a cross site scripting vulnerability.
226dc0865f1e4637a651cc57b54000997a519d9ef7a21654f2c356f06f380d22
IP.Board Add-on IP.Gallery version 4.2.1 suffers from a cross site scripting vulnerability.
90c47186ae1674d5115aa9b5aa199e83a70e3cd3652f114d5d4cfa401a38b202
Safari for Windows versions 5.1.5 and below URL window.open() spoofing exploit.
fa47711147826c3af24200dac00cf3b0e261d6aac3b5014aeeb8cecd5a70ee04
Serido CMS suffers from a remote SQL injection vulnerability.
8f54cea7fe56f563e5f9f54ce1d3096211202437785c28a2bb98ba94f0398d21
Mandriva Linux Security Advisory 2012-039 - The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. The updated packages have been patched to correct this issue.
d68b51c860745669ed80a9760b3d0f8d33e9fbc141c0beef7e8da27438734c22
libzip versions 0.10 and below suffers from heap overflow and information leak vulnerabilities.
eca7dc942cdc097aced0ed595877bbe9eef5010c995ad730102ab89f12c39a5e
Matthew1471s ASP BlogX suffers from a cross site scripting vulnerability.
278ceb4d4521a0d480bdb5620b3f83a5315dd44c0864b48c673fe27f962b2c8f
Red Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.
501c1430723c183990aa23d2ad91107cca4dcdaf2c0b1b2c34ceca0d912eefd3
Red Hat Security Advisory 2012-0427-01 - libtasn1 is a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1, could cause the application to crash.
e8df410e6f95ead4299aba87bbd6dc1d77274b0ceabe9b81f50fea399018c35b
Red Hat Security Advisory 2012-0426-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. A flaw was found in the PKCS#7 and Cryptographic Message Syntax implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times.
c7a9b634b44b6697d3fc707044640a6ee4da2d50ffa6573b6d65ee91eb939e55
Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.
1474501c578f805f223062c5d3b5a64942c2f200a99dc5147eb491ba6624c86b
Ubuntu Security Notice 1197-7 - USN-1197-5 addressed an issue in ca-certificates pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates-java. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.
ac7160e78e5c4f1586b86308adbc3d719b961f678bc8a80c5084074cce1d5a5a
Debian Linux Security Advisory 2443-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
d50bf6dbe234272263b4d756659d95d7bab63dffdef93404c1f40535771db5b3
Ubuntu Security Notice 1409-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.
44da8fa5faaffba0654941eea0156b631ec7b6b0252ac9c3aadef25ef4617435
Ubuntu Security Notice 1408-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
f44af68c03e98ca483c515a0bbab711fa9a2025178c892ca14ec065c994a34ea
Ubuntu Security Notice 1406-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan B=C3=A4rwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.
daec70c79148be4f16814b730209fb95008de030d988a2c710ae8fd2ecd47c4a
Ubuntu Security Notice 1411-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
edb7173e9e15dc4a929335fa7af7b721f233a71ba887437bfc12602b8699aeeb
Ubuntu Security Notice 1410-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
f15bf1820fb38e31c5db918dc42e51397cfb0163f7756c6239cbfa4f865f02d6
Ubuntu Security Notice 1407-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan B=C3=A4rwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.
855ba7a3106fee31b467fdbdd5e12d64132663a4fd40edb37894503c1311c4b8
Ubuntu Security Notice 1405-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. Various other issues were also addressed.
a1810aa0224d5610b94f222d0d0a5584fecdd12de16b48ca1b2e4fb4599134d2