what you don't know can hurt you
Showing 51 - 75 of 100 RSS Feed

Files

Mandriva Linux Security Advisory 2012-012
Posted Feb 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-012 - Multiple vulnerabilities has been found and corrected in Apache. The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server 2.2.17 through 2.2.21, when a threaded MPM is used, does not properly handle a \%{}C format string, which allows remote attackers to cause a denial of service via a cookie that lacks both a name and a value. scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, local, vulnerability
systems | linux, mandriva
advisories | CVE-2012-0021, CVE-2012-0031, CVE-2012-0053
MD5 | 145fdcbbe9f6eaa1faa44e479b0dddb4

Related Files

Mandriva Linux Security Advisory 2012-091
Posted Jun 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-091 - An integer overflow vulnerability in the libreoffice graphic loading code could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. An integer overflow flaw, leading to buffer overflow, was found in the way libreoffice processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause libreoffice to crash or, potentially, execute arbitrary code with the privileges of the user running libreoffice. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.5.4 version which is not vulnerable to these issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1149, CVE-2012-2334
MD5 | 45be5b3cd4db2c86982ed5df74b78bcf
Mandriva Linux Security Advisory 2012-090
Posted Jun 14, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-090 - An integer overflow vulnerability in the openoffice.org graphic loading code could allow a remote attacker to cause a denial of service or potentially execute arbitrary code. An integer overflow flaw, leading to buffer overflow, was found in the way openoffice.org processed invalid Escher graphics records length in PowerPoint documents. An attacker could provide a specially-crafted PowerPoint document that, when opened, would cause openoffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running openoffice.org. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1149, CVE-2012-2334
MD5 | a8acc2ca8f4da43f72a3d59eb86893bb
Mandriva Linux Security Advisory 2012-089
Posted Jun 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-089 - ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. The updated packages have been upgraded to bind 9.7.6-P1 and 9.8.3-P1 which is not vulnerable to this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-1667
MD5 | cc95489515da0761cb1aa6a1fe4dfea5
Mandriva Linux Security Advisory 2012-088
Posted Jun 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-088 - Security issues were identified and fixed in mozilla firefox and thunderbird. Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure. Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column. Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns. Various other issues were also addressed.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941, CVE-2012-1946, CVE-2012-1945, CVE-2012-1944, CVE-2012-1938, CVE-2012-1939, CVE-2012-1937, CVE-2011-3101, CVE-2012-0441
MD5 | 0505f778c173a80b2a04c94cae35f2af
Mandriva Linux Security Advisory 2012-087
Posted Jun 5, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-087 - Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-2944
MD5 | 428226cf6b67d4a0c691e9e479e55678
Mandriva Linux Security Advisory 2012-086
Posted Jun 1, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-086 - acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, local
systems | linux, mandriva
advisories | CVE-2011-1159
MD5 | f1e28f687388ae4d6a8aa024ff7f467c
Mandriva Linux Security Advisory 2012-085
Posted May 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-085 - Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-0022
MD5 | 98864e82504c2072e99d71a60a50b166
Mandriva Linux Security Advisory 2012-084
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-084 - ncpfs 2.2.6 and earlier attempts to use ncpmount to append to the /etc/mtab file and ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2011-1679, CVE-2011-1680
MD5 | 0d86316871228077dc9f06fac7f939ae
Mandriva Linux Security Advisory 2012-083
Posted May 29, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-083 - Multiple vulnerabilities have been discovered and corrected in util-linux. mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a process with a small RLIMIT_FSIZE value, a related issue to CVE-2011-1089. mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ lock file after a failed attempt to add a mount entry, which has unspecified impact and local attack vectors. The updated packages have been patched to correct this issue.

tags | advisory, local, vulnerability
systems | linux, mandriva
advisories | CVE-2011-1675, CVE-2011-1677
MD5 | 807f5eabab62268adf6dce47aa1fb275
Mandriva Linux Security Advisory 2012-082
Posted May 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-082 - Multiple vulnerabilities has been discovered and corrected in pidgin. A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests. Incoming messages with certain characters or character encodings can cause clients to crash. This update provides pidgin 2.10.4, which is not vulnerable to these issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-2214, CVE-2012-2318
MD5 | bf2caeb8153215ead887245630a2c7e7
Mandriva Linux Security Advisory 2012-081
Posted May 24, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.

tags | advisory
systems | linux, windows, mandriva, vista, 7
advisories | CVE-2012-0468, CVE-2012-0467, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2011-3062, CVE-2012-0479
MD5 | 1b834a8034e8e9eb2a5c612ce032d3ce
Mandriva Linux Security Advisory 2012-080
Posted May 24, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-080 - It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This advisory provides the latest version of Wireshark which is not vulnerable to these issues.

tags | advisory
systems | linux, mandriva
MD5 | c74ea7a4613c2f33de2b3617a94f24e7
Mandriva Linux Security Advisory 2012-079
Posted May 22, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-079 - A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated netmask listed in the sudoers file or in LDAP. As a result, users authorized to run commands on certain IP networks may be able to run commands on hosts that belong to other networks not explicitly listed in sudoers. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-2337
MD5 | a82d4f16637b3e9c765adcb020435e6e
Mandriva Linux Security Advisory 2012-078
Posted May 18, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-078 - Multiple vulnerabilities has been found and corrected in imagemagick. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2012-0247, CVE-2012-0248, CVE-2012-1185, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
MD5 | 6f125c1443abfe5487d3aa1d9138a149
Mandriva Linux Security Advisory 2012-077
Posted May 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-077 - Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory. A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format metadata. An attacker could create a specially-crafted image file that, when opened by a victim, would cause ImageMagick to crash or, potentially, execute arbitrary code. A denial of service flaw was found in the way ImageMagick processed images with malformed Exif metadata. An attacker could create a specially-crafted image file that, when opened by a victim, could cause ImageMagick to enter an infinite loop. Various other issues have also been addressed.

tags | advisory, denial of service, arbitrary, local, trojan
systems | linux, mandriva
advisories | CVE-2010-4167, CVE-2012-0247, CVE-2012-0248, CVE-2012-1185, CVE-2012-0259, CVE-2012-0260, CVE-2012-1798
MD5 | fa1ac8dbf0bf748076337278c27ec507
Mandriva Linux Security Advisory 2012-076
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-076 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-3929, CVE-2011-3936, CVE-2011-3937, CVE-2011-3940, CVE-2011-3945, CVE-2011-3947, CVE-2011-3973, CVE-2011-3974, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579, CVE-2012-0853, CVE-2012-0858
MD5 | a0a820ff84a7a248cfefc432cc727cf8
Mandriva Linux Security Advisory 2012-075
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-075 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3973, CVE-2011-3974, CVE-2011-3892, CVE-2011-3893, CVE-2011-3895, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579
MD5 | fc5eba5a7a28a4d9bf7025b44c58def1
Mandriva Linux Security Advisory 2012-074
Posted May 15, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-074 - Multiple vulnerabilities has been found and corrected in ffmpeg. The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file. cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362. Various other issues have also been addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2011-3362, CVE-2011-3504, CVE-2011-3973, CVE-2011-3974, CVE-2011-3893, CVE-2011-3895, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353, CVE-2011-4364, CVE-2011-4579
MD5 | 5ec43a309faf00d74d116213f06d1c65
Mandriva Linux Security Advisory 2012-073
Posted May 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-073 - A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers. The updated packages have been patched to correct this issue.

tags | advisory, denial of service
systems | linux, mandriva
advisories | CVE-2012-2333
MD5 | 43c03f45092b5fbb61721bc76bf257e0
Mandriva Linux Security Advisory 2012-072
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-072 - The login form in Roundcube Webmail before 0.5.1 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then compose an e-mail message, related to a login CSRF issue. Various other issues have also been addressed.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2011-1491, CVE-2011-1492, CVE-2011-2937, CVE-2011-4078
MD5 | 7f7ad031bd4842fda2bce59bb38f463e
Mandriva Linux Security Advisory 2012-071
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-071 - This is a bugfix and security advisory that upgrades php to the latest 5.3.13 version for Mandriva Linux Enterprise 5.2 which resolves numerous upstream bugs in php.

tags | advisory, php
systems | linux, mandriva
advisories | CVE-2011-1148, CVE-2011-1657, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3267, CVE-2011-3268, CVE-2011-3379, CVE-2011-2483, CVE-2011-4566, CVE-2011-4885, CVE-2012-0788, CVE-2012-0807, CVE-2012-0830, CVE-2012-0831, CVE-2012-1172, CVE-2012-1823, CVE-2012-1823, CVE-2012-2335, CVE-2012-2336
MD5 | f031e64124033b6bfd062d5ee8bdec36
Mandriva Linux Security Advisory 2012-068-1
Posted May 10, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-068 - PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server. It was discovered that the previous fix for the CVE-2012-1823 vulnerability was incomplete. The updated packages provides the latest version which provides a solution to this flaw.

tags | advisory, remote, web, denial of service, arbitrary, cgi, php
systems | linux, mandriva
advisories | CVE-2012-1823, CVE-2012-2335, CVE-2012-2336
MD5 | fbd30f892746721e8d3bfa72c142a844
Mandriva Linux Security Advisory 2012-070
Posted May 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-070 - A file existence disclosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.

tags | advisory, remote, local
systems | linux, mandriva
advisories | CVE-2012-1586
MD5 | 640015dbb9e334517799f9c5ccc440ea
Mandriva Linux Security Advisory 2012-069
Posted May 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-069 - A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS filesystem. A local user, able to mount a remote CIFS share / target to a local directory could use this flaw to confirm existence of a file system object (file, directory or process descriptor) via error messages generated during the mount.cifs tool run. The updated packages have been patched to correct this issue.

tags | advisory, remote, local
systems | linux, mandriva
advisories | CVE-2012-1586
MD5 | d69472912b4c9f639f947f72c301f442
Mandriva Linux Security Advisory 2012-067
Posted May 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-067 - A vulnerability has been found and corrected in Samba. Security checks were incorrectly applied to the Local Security Authority CreateAccount, OpenAccount, AddAccountRights and RemoveAccountRights allowing any authenticated user to modify the privileges database. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-2111
MD5 | 2c8d3d249d4dbb08ff134684f8632757
Page 3 of 4
Back1234Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    27 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close