Mandriva Linux Security Advisory 2012-041 - A memory leak and a hash table collision flaw in expat could cause denial of service attacks. The updated packages have been patched to correct this issue.
d14554c5903aec074d1a23f535fe5ef1b64473aeed5e24680db002cbdc78d94cVitalogy Web CMS suffers from a remote SQL injection vulnerability.
e9ae1e70842ce4d3807629e810c278911ad0d03fc1159e1f0ea76595b97e7ea5GreenBrowser suffers from dialog and stored cross site scripting vulnerabilities. Versions 6.1.0117 and 6.1.0216 are affected.
52011797f6cf6b3020e9528439fbb81b5f61d8b3df82e16e190aca42efcb4e80Mandriva Linux Security Advisory 2012-040 - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure. The updated packages have been patched to correct this issue. The GnuTLS packages for Mandriva Linux 2011 has been upgraded to the 2.12.8 version due to problems with the test suite while building it, additionally a new dependency was added on p11-kit for the PKCS #11 support.
8c82c1513bd666093f762efb98cbc93ba20dbed872d8c6c946cbde14ef5e7aa3NextBBS version 0.6.0 suffers from authentication bypass, cross site scripting, and remote SQL injection vulnerabilities.
bfa83da9859d83d6988d38e9d8dc4e00aea5881410d054635c38bf926bc80c44WordPress Integrator plugin version 1.32 suffers from a cross site scripting vulnerability.
226dc0865f1e4637a651cc57b54000997a519d9ef7a21654f2c356f06f380d22IP.Board Add-on IP.Gallery version 4.2.1 suffers from a cross site scripting vulnerability.
90c47186ae1674d5115aa9b5aa199e83a70e3cd3652f114d5d4cfa401a38b202Safari for Windows versions 5.1.5 and below URL window.open() spoofing exploit.
fa47711147826c3af24200dac00cf3b0e261d6aac3b5014aeeb8cecd5a70ee04Serido CMS suffers from a remote SQL injection vulnerability.
8f54cea7fe56f563e5f9f54ce1d3096211202437785c28a2bb98ba94f0398d21Mandriva Linux Security Advisory 2012-039 - The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. The updated packages have been patched to correct this issue.
d68b51c860745669ed80a9760b3d0f8d33e9fbc141c0beef7e8da27438734c22libzip versions 0.10 and below suffers from heap overflow and information leak vulnerabilities.
eca7dc942cdc097aced0ed595877bbe9eef5010c995ad730102ab89f12c39a5eMatthew1471s ASP BlogX suffers from a cross site scripting vulnerability.
278ceb4d4521a0d480bdb5620b3f83a5315dd44c0864b48c673fe27f962b2c8fRed Hat Security Advisory 2012-0429-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.
501c1430723c183990aa23d2ad91107cca4dcdaf2c0b1b2c34ceca0d912eefd3Red Hat Security Advisory 2012-0427-01 - libtasn1 is a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1, could cause the application to crash.
e8df410e6f95ead4299aba87bbd6dc1d77274b0ceabe9b81f50fea399018c35bRed Hat Security Advisory 2012-0426-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength, general purpose cryptography library. A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. A flaw was found in the PKCS#7 and Cryptographic Message Syntax implementations in OpenSSL. An attacker could possibly use this flaw to perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or S/MIME message by sending a large number of chosen ciphertext messages to a service using OpenSSL and measuring error response times.
c7a9b634b44b6697d3fc707044640a6ee4da2d50ffa6573b6d65ee91eb939e55Red Hat Security Advisory 2012-0428-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. GnuTLS includes libtasn1, a library developed for ASN.1 structures management that includes DER encoding and decoding. A flaw was found in the way GnuTLS decrypted malformed TLS records. This could cause a TLS/SSL client or server to crash when processing a specially-crafted TLS record from a remote TLS/SSL connection peer.
1474501c578f805f223062c5d3b5a64942c2f200a99dc5147eb491ba6624c86bUbuntu Security Notice 1197-7 - USN-1197-5 addressed an issue in ca-certificates pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides the corresponding update for ca-certificates-java. It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. Various other issues were also addressed.
ac7160e78e5c4f1586b86308adbc3d719b961f678bc8a80c5084074cce1d5a5aDebian Linux Security Advisory 2443-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
d50bf6dbe234272263b4d756659d95d7bab63dffdef93404c1f40535771db5b3Ubuntu Security Notice 1409-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.
44da8fa5faaffba0654941eea0156b631ec7b6b0252ac9c3aadef25ef4617435Ubuntu Security Notice 1408-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
f44af68c03e98ca483c515a0bbab711fa9a2025178c892ca14ec065c994a34eaUbuntu Security Notice 1406-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan B=C3=A4rwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.
daec70c79148be4f16814b730209fb95008de030d988a2c710ae8fd2ecd47c4aUbuntu Security Notice 1411-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
edb7173e9e15dc4a929335fa7af7b721f233a71ba887437bfc12602b8699aeebUbuntu Security Notice 1410-1 - Louis Rilling discovered a flaw in Linux kernel's clone command when CLONE_IO is specified. An unprivileged local user could exploit this to cause a denial of service.
f15bf1820fb38e31c5db918dc42e51397cfb0163f7756c6239cbfa4f865f02d6Ubuntu Security Notice 1407-1 - Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Stephan B=C3=A4rwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. Various other issues were also addressed.
855ba7a3106fee31b467fdbdd5e12d64132663a4fd40edb37894503c1311c4b8Ubuntu Security Notice 1405-1 - Somnath Kotur discovered an error in the Linux kernel's VLAN (virtual lan) and be2net drivers. An attacker on the local network could exploit this flaw to cause a denial of service. Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. Various other issues were also addressed.
a1810aa0224d5610b94f222d0d0a5584fecdd12de16b48ca1b2e4fb4599134d2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed