Twenty Year Anniversary
Showing 76 - 100 of 100 RSS Feed

Files

Mandriva Linux Security Advisory 2012-184
Posted Dec 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-184 - A stack-based buffer overflow was found in the way libtiff handled DOTRANGE tags. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-5581
MD5 | ff69d9541734261be383ad63a1cb2046

Related Files

Mandriva Linux Security Advisory 2012-066
Posted Apr 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-066 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Using the Address Sanitizer tool, security researcher Atte Kettunen from OUSPG found a heap corruption in gfxImageSurface which allows for invalid frees and possible remote code execution. Anne van Kesteren of Opera Software found a multi-octet encoding issue where certain octets will destroy the following octets in the processing of some multibyte character sets. Various other issues were also addressed.

tags | advisory, remote, code execution
systems | linux, mandriva
advisories | CVE-2012-0468, CVE-2012-0467, CVE-2012-0469, CVE-2012-0470, CVE-2012-0471, CVE-2012-0472, CVE-2012-0473, CVE-2012-0474, CVE-2012-0477, CVE-2012-0478, CVE-2011-3062, CVE-2012-0479
MD5 | 2ded3927a0b08285a7c5a07703752ec9
Mandriva Linux Security Advisory 2012-065
Posted Apr 27, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-065 - The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. Insufficient validating of upload name leading to corrupted $_FILES indices. Various other issues have also been addressed.

tags | advisory, remote, web, denial of service, arbitrary, cgi, php, sql injection
systems | linux, mandriva
advisories | CVE-2012-0788, CVE-2012-0807, CVE-2012-0830, CVE-2012-0831, CVE-2012-1172
MD5 | d970a7f09cf0264c29f9c880d7bb0874
Mandriva Linux Security Advisory 2012-064
Posted Apr 25, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-064 - It was discovered that the fix for was not sufficient to correct the issue for OpenSSL 0.9.8. The updated packages have been upgraded to the 0.9.8w version which is not vulnerable to this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-2131
MD5 | e5ea319cb53ccf046b7c53c93f07e5b1
Mandriva Linux Security Advisory 2012-063
Posted Apr 22, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-063 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6 version which is not vulnerable to this issue.

tags | advisory, remote, arbitrary, local, xxe
systems | linux, mandriva
advisories | CVE-2012-0037
MD5 | e628d38b02e4dae305adcf4cc6f0eb3f
Mandriva Linux Security Advisory 2012-062
Posted Apr 22, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-062 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary, local, xxe
systems | linux, mandriva
advisories | CVE-2012-0037
MD5 | 3bea5bdfe3a8435800c4e7d6db1d52fa
Mandriva Linux Security Advisory 2012-061
Posted Apr 22, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-061 - An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue. raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version which is not vulnerable to this issue.

tags | advisory, remote, arbitrary, local, xxe
systems | linux, mandriva
advisories | CVE-2012-0037
MD5 | 7c443e255a36794616e77c2047fb57f3
Mandriva Linux Security Advisory 2012-060
Posted Apr 20, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-060 - A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio that affects S/MIME or CMS applications using the built in MIME parser SMIME_read_PKCS7 or SMIME_read_CMS. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-2110
MD5 | 9e55a34e57ebd90c7f7e46b709a5dbc1
Mandriva Linux Security Advisory 2012-032-1
Posted Apr 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-032 - Security issues were identified and fixed in Mozilla Firefox and Thunderbird. Security researchers Blair Strang and Scott Bell of Security Assessment found that when a parent window spawns and closes a child window that uses the file open dialog, a crash can be induced in shlwapi.dll on 32-bit Windows 7 systems. This crash may be potentially exploitable. Firefox prevents the dropping of javascript: links onto a frame to prevent malicious sites from tricking users into performing a cross-site scripting attacks on themselves. Security researcher Soroush Dalili reported a way to bypass this protection. Various other issues were also addressed.

tags | advisory, javascript, xss
systems | linux, windows, mandriva, 7
advisories | CVE-2012-0454, CVE-2012-0455, CVE-2012-0457, CVE-2012-0456, CVE-2012-0451, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464
MD5 | 1fb57fab41ee6a44aa310f4553584d3d
Mandriva Linux Security Advisory 2012-059
Posted Apr 17, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-059 - It was discovered that SQLAlchemy did not sanitize values for the limit and offset keywords for SQL select statements. If an application using SQLAlchemy accepted values for these keywords, and did not filter or sanitize them before passing them to SQLAlchemy, it could allow an attacker to perform an SQL injection attack against the application. The updated packages have been patched to correct this issue.

tags | advisory, sql injection
systems | linux, mandriva
advisories | CVE-2012-0805
MD5 | 108cc463bd3a7084c17f49189d85ea3c
Mandriva Linux Security Advisory 2012-058
Posted Apr 13, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-058 - curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer. A work-around has been added to mitigate the problem. curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. The updated packages have been patched to correct these issues.

tags | advisory, protocol
systems | linux, mandriva
advisories | CVE-2011-3389, CVE-2012-0036
MD5 | 34beae45285f6850ee0d22f9391e3383
Mandriva Linux Security Advisory 2012-057
Posted Apr 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-057 - Multiple flaws were found in FreeType. Specially crafted files could cause application crashes or potentially execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1126, CVE-2012-1127, CVE-2012-1128, CVE-2012-1129, CVE-2012-1130, CVE-2012-1131, CVE-2012-1132, CVE-2012-1133, CVE-2012-1134, CVE-2012-1135, CVE-2012-1136, CVE-2012-1137, CVE-2012-1138, CVE-2012-1139, CVE-2012-1140, CVE-2012-1141, CVE-2012-1142, CVE-2012-1143, CVE-2012-1144
MD5 | 8b4f8b11f1d1636e9203539b3f167b0a
Mandriva Linux Security Advisory 2012-056
Posted Apr 12, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-056 - Multiple flaws were found in the way RPM parsed package file headers. An attacker could create a specially-crafted RPM package that, when its package header was accessed, or during package signature verification, could cause an application using the RPM library to crash or, potentially, execute arbitrary code. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0815, CVE-2012-0060, CVE-2012-0061
MD5 | ad33ca9bd77986b59308207e24a1cb5e
Mandriva Linux Security Advisory 2012-055
Posted Apr 11, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-055 - The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1182
MD5 | b1365ce3f37309392f2a856a33bc2c37
Mandriva Linux Security Advisory 2012-054
Posted Apr 6, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-054 - An integer overflow was discovered in the libtiff/tiff_getimage.c file in the tiff library which could cause execution of arbitrary code using a specially crafted TIFF image file. The updated packages have been patched to correct this issue.

tags | advisory, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-1173
MD5 | 239a741eae283cf59db47e67ef987b6b
Mandriva Linux Security Advisory 2012-053
Posted Apr 5, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-053 - Cross-site scripting vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, arbitrary, xss
systems | linux, mandriva
advisories | CVE-2011-4024
MD5 | 857f28ae19e2e27a7554a8bc3f0e99fc
Mandriva Linux Security Advisory 2012-052
Posted Apr 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-052 - If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0444
MD5 | 034cf94edb2f92ec2ab205b2d245664b
Mandriva Linux Security Advisory 2012-051
Posted Apr 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-051 - A specially-crafted Ogg Vorbis media format file could cause an application using libvorbis to crash or, possibly, execute arbitrary code when opened. If a specially-crafted Ogg Vorbis media file was opened by an application using libvorbis, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues.

tags | advisory, arbitrary
systems | linux, mandriva
advisories | CVE-2009-3379, CVE-2012-0444
MD5 | 060237fc869445675bf18066d98db22f
Mandriva Linux Security Advisory 2012-050
Posted Apr 4, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-050 - Multiple vulnerabilities have been found and corrected in phpmyadmin. It was possible to conduct XSS using a crafted database name. The show_config_errors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. This upgrade provides the latest phpmyadmin version to address these vulnerabilities.

tags | advisory, php, vulnerability
systems | linux, mandriva
advisories | CVE-2012-1190, CVE-2012-1902
MD5 | 5b6ed5995e992cc6ee8963d98e060126
Mandriva Linux Security Advisory 2012-049
Posted Apr 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-049 - Cross-site scripting vulnerability in statusmap.c in statusmap.cgi in Nagios 3.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the layer parameter. The updated packages have been patched to correct this issue.

tags | advisory, remote, web, arbitrary, cgi, xss
systems | linux, mandriva
advisories | CVE-2011-1523
MD5 | 0adfbd93180851208cfc2c88d83dc68a
Mandriva Linux Security Advisory 2012-048
Posted Apr 3, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-048 - Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, spoof
systems | linux, mandriva
advisories | CVE-2011-1429
MD5 | 094e0433b81f45554fb44dcaf700bb9f
Mandriva Linux Security Advisory 2012-047
Posted Apr 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-047 - The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a revoked X.509 client certificate. The updated packages have been patched to correct this issue.

tags | advisory, remote, protocol
systems | linux, mandriva
advisories | CVE-2011-2701
MD5 | 7a1762ccd25b5e9d8e4000ca0227c148
Mandriva Linux Security Advisory 2012-046
Posted Apr 2, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-046 - A potential memory corruption has been found and corrected in libpng. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2011-3048
MD5 | c38f825a5f1fa57b38cf268239182224
Mandriva Linux Security Advisory 2012-045
Posted Mar 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-045 - Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service via a large SessionTicket. The updated packages have been patched to correct this issue.

tags | advisory, remote, denial of service, overflow
systems | linux, mandriva
advisories | CVE-2011-4128
MD5 | 572e8c5259414309e786c80cfcc0c353
Mandriva Linux Security Advisory 2012-044
Posted Mar 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-044 - A vulnerability has been found and corrected in cvs. A heap-based buffer overflow flaw was found in the way the CVS client handled responses from HTTP proxies. A malicious HTTP proxy could use this flaw to cause the CVS client to crash or, possibly, execute arbitrary code with the privileges of the user running the CVS client. The updated packages have been patched to correct this issue.

tags | advisory, web, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2012-0804
MD5 | 6f6cec76e4956dd71f8484be89f3972c
Mandriva Linux Security Advisory 2012-043
Posted Mar 30, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-043 - A vulnerability has been found and corrected in nginx. A specially crafted backend response could result in sensitive information leak. The updated packages have been patched to correct this issue.

tags | advisory
systems | linux, mandriva
advisories | CVE-2012-1180
MD5 | 5cb01b45c3f09bf091714bb505e7fec0
Page 4 of 4
Back1234Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

June 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    14 Files
  • 2
    Jun 2nd
    1 Files
  • 3
    Jun 3rd
    3 Files
  • 4
    Jun 4th
    18 Files
  • 5
    Jun 5th
    21 Files
  • 6
    Jun 6th
    9 Files
  • 7
    Jun 7th
    16 Files
  • 8
    Jun 8th
    18 Files
  • 9
    Jun 9th
    5 Files
  • 10
    Jun 10th
    2 Files
  • 11
    Jun 11th
    21 Files
  • 12
    Jun 12th
    34 Files
  • 13
    Jun 13th
    15 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    4 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close