Ubuntu Security Notice 1435-1 - Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain ResolutionUnit tags. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Joonas Kuorilehto and Aleksis Kauppinen discovered that ImageMagick incorrectly handled certain IFD structures. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. Various other issues were also addressed.
73ba7d5a3bfc03583f1359586e171a6afd57f0bd2cabb0ad28c5b5b48ed912b5Ubuntu Security Notice 1434-1 - Ivano Cristofolini discovered that Samba incorrectly handled some Local Security Authority (LSA) remote procedure calls (RPC). A remote, authenticated attacker could exploit this to grant administrative privileges to arbitrary users. The administrative privileges could be used to bypass permission checks performed by the Samba server.
41f1fd4fd196ee10bd6c5b53ff41c4c499e74e7142b4e0c69a1a26d5d475ea7aUbuntu Security Notice 1433-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.
d91c996ccff95c6d7dd3c3aa09f0a4d61c622e96df26b9dd2000e3472ca4feecUbuntu Security Notice 1431-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. Various other issues were also addressed.
1f6883f19f9a2b1057e35bd8aa804fda23a4a1a09b6012236c8db13c99741688Red Hat Security Advisory 2012-0533-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the way Samba handled certain Local Security Authority Remote Procedure Calls. An authenticated user could use this flaw to issue an RPC call that would modify the privileges database on the Samba server, allowing them to steal the ownership of files and directories that are being shared by the Samba server, and create, delete, and modify user accounts, as well as other Samba server administration tasks.
7fb920737700c702f60d6b26390f696a0002b0392af25584b8c43c89be14928eRed Hat Security Advisory 2012-0532-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a Certificate Authority issued fraudulent HTTPS certificates. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
5f4958faa1940ec84e49215c74c654681567d9cc83e76643a347de582c9f6943Red Hat Security Advisory 2012-0529-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.
864d3ffb6d608bfe2b2a71547be9daddfd9edd1ae1ae007b72b5a714344c542eRed Hat Security Advisory 2012-0531-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way libtasn1 decoded DER data. An attacker could create carefully-crafted DER encoded input that, when parsed by an application that uses libtasn1, could cause the application to crash.
3ddbb5cdb4ed9bf2a1fdb71d362befb26520ec4f608d2488633e73fd436ff5eeRed Hat Security Advisory 2012-0528-01 - Red Hat Enterprise MRG is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Messaging is a high-speed reliable messaging distribution for Linux based on AMQP, an open protocol standard for enterprise messaging that is designed to make mission critical messaging widely available as a standard service, and to make enterprise messaging interoperable across platforms, programming languages, and vendors. MRG Messaging includes an AMQP 0-10 messaging broker; AMQP 0-10 client libraries for C++, Java JMS, and Python; as well as persistence libraries and management tools.
8e1f635af01186e162dc449d1ea4804d08755de2a9e4dd9ac3b2e49a7e04c767PHP Volunteer Management version 1.0.2 suffers from a remote SQL injection vulnerability in get_messages.php.
b61296f35c70283c7d0caef639eb9d1ad65481043621fc87e4b8eeab11a42ad4Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix variety except Solaris and NetBSD.
a891c0b900417f2980f0e9afcdb10d1fd5581703be2587a92c90c7631b8814dcSamhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
94dad2184e4ccfe8bb52bebf3d33dc6d653dfad67dc23d4198e3f1a6deb8463bWHMCS scanning tool that uses Google to find systems that are possible vulnerable to shell upload.
63248affded4a3ef8e56df6874025a0fb7efa8ba52238183980d54d48b884d8bPas A Pass Vers L'Assembleur is a whitepaper that discusses the basics of writing and working with assembler. Written in French.
c9b43095c52debf9c265f8a40078f29e32b0258f58d402e5f2ef396ac49c3053Secunia Security Advisory - Andrea Micalizzi has discovered a vulnerability in McAfee Virtual Technician MVTControl ActiveX Control, which can be exploited by malicious people to compromise a user's system.
06c8fb84243af9fec0d2d61b36a0ff99d4226c6244c406f6966f38cf9df01b38Secunia Security Advisory - A security issue has been reported in Samba, which can be exploited by malicious users to bypass certain security restrictions.
5a7d796a17421c3ced042bafbc556328dee737b7348c42bced1364f029c4a324Secunia Security Advisory - Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists in floats handling.
813af52e2060ed88a4a14eddff858bcee3d4f01f0e296d0618398525a750f269Secunia Security Advisory - SUSE has issued an update for samba. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
4dae43bc9c7685a52028127e8650fee3e254c6f528fea95f900ccb24a5dd9d66Secunia Security Advisory - A vulnerability has been discovered in Remote-Anything, which can be exploited by malicious people to compromise a user's system.
944a66456b125332c78ec59c5575f7039138563700e93e3c959a2dd4953c77c1Secunia Security Advisory - Ubuntu has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
31c95d9ada4f21a8ab42e58de9217de13a78f621a21cb61a2313c3d86a6fda0fSecunia Security Advisory - Multiple vulnerabilities have been reported in ManageEngine SupportCenter Plus, which can be exploited by malicious users to disclose potentially sensitive information, bypass certain security restrictions, and conduct script insertion and SQL injection attacks and by malicious people to conduct script insertion attacks.
6a21b392667e0de36f47bb1aa876311da90ad44e9ca585b88f0ded6bc3e2c351Secunia Security Advisory - Red Hat has issued an update for samba and samba3x. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
bdf9948f8dbae0c286465ec6adf70a3eeec287e009bc387d61c435d7fe685b93Secunia Security Advisory - Ubuntu has issued an update for samba. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
56e58cddf9853b21a775a065ce6621dea7b3fea6743b940eb68f85521b68c350Secunia Security Advisory - Ubuntu has issued an update for linux-lts-backport-oneiric. This fixes multiple vulnerabilities, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).
107f896f258166ad2beffc5d2cabb35b9b4288e657928247f24df35bfde4c857Secunia Security Advisory - Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose certain system and sensitive information, bypass certain security restrictions, and compromise a user's system.
e4ca1f8709a74530f385274ccb3c4fea1fe526950d34c070ab0cbd2feb0179d3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed