what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 28 RSS Feed

Files

rPSA-2006-0195-1.txt
Posted Oct 21, 2006
Site rpath.com

rPath Security Advisory: 2006-0195-1: Previous versions of the KDE khtml library use Qt in a way that allows unchecked pixmap image input to be provided to Qt, triggering an integer overflow flaw in Qt. This enables a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution.

tags | advisory, denial of service, overflow, arbitrary, code execution
SHA-256 | d62aeb3881b902a5efb505319342562b3c2dd128421144cad0ce895f592acd96

Related Files

rPSA-2006-0230-1.txt
Posted Dec 14, 2006
Site rpath.com

rPath Security Advisory: 2006-0230-1 Previous versions of the evince package contain a vulnerability that enables attackers to provide intentionally malformed postscript files which will cause evince to execute arbitrary attacker-provided code. (This vulnerability was originally discovered in the gv program.)

tags | advisory, arbitrary
SHA-256 | 4e46d0359de36b4b03aa784934a549f206b3c7dd86fa8bd326c2d9a849ca36d8
rPSA-2006-0231-1.txt
Posted Dec 14, 2006
Site rpath.com

rPath Security Advisory: 2006-0231-1 Previous versions of the squirrelmail package are vulnerable to multiple cross-site scripting (XSS) attacks that allow the attacker to subvert web browsers being used with squirrelmail.

tags | advisory, web, xss
SHA-256 | 12d74805d32f058bf4ca695a35a43d031b86aa7f4a029970bc617d598fb74599
rPSA-2006-0232-1.txt
Posted Dec 14, 2006
Site rpath.com

rPath Security Advisory: 2006-0232-1 - Previous versions of the libgsf package contain a flaw in parsing OLE documents that could allow an attacker to crash applications that use libgsf, and possibly to cause them to execute arbitrary code, by presenting a user with an intentionally malformed OLE document.

tags | advisory, arbitrary
SHA-256 | 733ac83ebf6a56e8ffd4cea878a6fde0587eed0ce27da2b3687d9f5be50a1e9f
rPSA-2006-0198-1.txt
Posted Oct 27, 2006
Site rpath.com

rPath Security Advisory: 2006-0198-1: In previous versions of the screen package, the screen program had a bug which is known to make screen vulnerable to a minor denial of service attack in which the screen program would crash if presented with particular output. It is possible that this attack could also allow a user-complicit attacker to assume the privileges of the complicit user. The screen program is not setuid in rPath Linux, so any attack is limited to the complicit user.

tags | advisory, denial of service
systems | linux
SHA-256 | 9d6aa5849f0d951882c19d3c203f88b7b542c54aa21a1ef825a48ca850a0ca48
rPSA-2006-0195-2.txt
Posted Oct 27, 2006
Site rpath.com

rPath Security Advisory: 2006-0195-2: Previous versions of the qt-x11-free package include Qt libraries contain an integer overflow flaw that causes them not to properly bound pixmap image data. This may enable a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution, in applications which use vulnerable versions of the Qt libraries.

tags | advisory, denial of service, overflow, arbitrary, code execution
SHA-256 | 0bfa2913fc97e3bfc7630e182f6e6aceb9c1e399a7194c1829a5a615d64446fc
rPSA-2006-0176-1.txt
Posted Oct 4, 2006
Site rpath.com

rPath Security Advisory: 2006-0176-1: Previous versions of the openldap package contain a slapd daemon which allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN), a privilege escalation vulnerability.

tags | advisory, remote, arbitrary
SHA-256 | 722923d68306f381aa03c7d0853269d27354c3cde93946aef564de4f116a3cc7
rPSA-2006-0175-2.txt
Posted Oct 4, 2006
Site rpath.com

rPath Security Advisory: 2006-0175-2 Previous versions of the openssl package are vulnerable to multiple attacks. Three of the vulnerabilities are denials of service, but the other is a buffer overflow that is expected to create remote unauthorized access vulnerabilities in other applications. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.

tags | advisory, remote, overflow, local, vulnerability
SHA-256 | 7402f00d579205e017edf9cc897a11b998a2fe9bea70b4c083cf64130422668a
rPSA-2006-0175-1.txt
Posted Oct 4, 2006
Site rpath.com

rPath Security Advisory: 2006-0175-1: openssl Remote Deterministic Unauthorized Access

tags | advisory, remote
SHA-256 | bad571b639bf6d215d6c75d795524f028ed833d69870db827c2e7bc508b2b11f
rPSA-2006-0174-1.txt
Posted Oct 4, 2006
Site rpath.com

rPath Security Advisory: 2006-0174-1 - Remote Deterministic Denial of Service in openssh.

tags | advisory, remote, denial of service
SHA-256 | c1640f92d7c0341827fcd3df1abf30503aa5d4ec4a020d804833f56c1fdcc594
rPSA-2006-0173-1.txt
Posted Oct 3, 2006
Authored by rPath Update Announcements | Site rpath.com

rPSA-2006-0173-1: Previous versions of the openoffice.org packages are susceptible to several vulnerabilities, including a denial of service (application crash) and a user-complicit unauthorized access attack that enables an attacker to cause arbitrary code to be run. These versions are not susceptible to CVE-2006-2199 because Java is not enabled in those builds.

tags | advisory, java, denial of service, arbitrary, vulnerability
SHA-256 | b00e4cdda3349bd8985c2b406e7fed444423732a5599fa7ac67099cdd62d4062
rPSA-2006-0170-1.txt
Posted Sep 27, 2006
Site security.rpath.com

rPath Security Advisory: 2006-0170-1 - Previous versions of the gzip package contain multiple vulnerabilities that enable user-complicit unauthorized access when a user attempts to gunzip intentionally malformed gzip files. Some network services will automatically run the gunzip program in some contexts, which may then enable direct unauthorized access to the user account that provides the network service.

tags | advisory, vulnerability
SHA-256 | 0b107839b2c512624c59c4384749fdf31feddab324d5d21277c716174a9ca4d3
rPSA-2006-0133-1.txt
Posted Jul 24, 2006
Site rpath.com

rPath Security Advisory - Previous versions of the libpng package contain a weakness in processing images that is known to create a denial of service vulnerability and is expected also to allow unauthorized access. This weakness is triggered by malformed png images that may be provided to applications such as web browsers by an attacker.

tags | advisory, web, denial of service
advisories | CVE-2006-3334
SHA-256 | 32f2e1977a6be9cee119a0f457b46c0c4d26ac2322445ba8f7d03d2f5c6150e9
rPSA-2006-0132-1.txt
Posted Jul 24, 2006
Site rpath.com

rPath Security Advisory - All versions of the ethereal and tethereal packages contain vulnerabilities in packet dissector modules, which may allow various attacks including subverting the user who is running ethereal. Since ethereal is generally run as root to view network traffic directly, this may allow complete access to the vulnerable system.

tags | advisory, root, vulnerability
advisories | CVE-2006-3627, CVE-2006-3628, CVE-2006-3629, CVE-2006-3630, CVE-2006-3631, CVE-2006-3632
SHA-256 | c44a6d6485544a4f0867e5c2113e2255a5f08d8b4523239a0d24aa294287a2ef
rPSA-2006-0122-2.txt
Posted Jul 14, 2006
Authored by Justin M. Forbes | Site issues.rpath.com

rPath Security Advisory: 2006-0122-2 - Previous versions of the kernel package have two specific vulnerabilities that are addressed in this version.

tags | advisory, kernel, vulnerability
SHA-256 | e8c7f28067e9cd6a01b4845a2aabd4bb9cbf7f85b3ebf57cd0d6eaa0005b3744
rPSA-2006-0122-1.txt
Posted Jul 9, 2006
Site rpath.com

rPath Security Advisory: 2006-0122-1 - Multiple kernel vulnerabilities have been address in rPath Linux.

tags | advisory, kernel, vulnerability
systems | linux
advisories | CVE-2006-2451, CVE-2006-2934
SHA-256 | f289ce55b2831694808c76e2e3e4b4ebaa36572769a708e68d81845d8e7829e4
rPSA-2006-0110-1.txt
Posted Jun 27, 2006
Authored by Justin M. Forbes | Site issues.rpath.com

In previous kernel 2.6 versions, systems that use the SCTP protocol are vulnerable to remote denial of service attacks including remotely-triggered kernel crashes, and all systems are vulnerable to local denial of service including locally-triggered kernel hangs.

tags | advisory, remote, denial of service, kernel, local, protocol
advisories | CVE-2006-2445, CVE-2006-2448, CVE-2006-3085
SHA-256 | 0a184d8c9cd14cdfc29f7f2d78a66c38915f67721aee3a75be265bfc14048501
rPSA-2006-0106-1.txt
Posted Jun 26, 2006
Authored by rPath

KDM allows the user to select the session type for login. This setting is stored in the user home directory. Previous versions of KDM will follow a symbolic link and can thus disclose the contents of any file on the system (such as /etc/shadow) to arbitrary users. KDM is not the default window manager on rPath Linux.

tags | advisory, arbitrary
systems | linux
advisories | CVE-2006-2449
SHA-256 | a9c14d06d386e7a6bbe04cd8da68b66cbb0811902c497028d1b9ba9b2e4a088c
rPSA-2006-0100-1.txt
Posted Jun 14, 2006
Site rpath.com

rPath Security Advisory: 2006-0100-1: Previous versions of the freetype library contain multiple integer overflow weaknesses which allow remote providers of font files (which may include fonts embedded in documents such as PDF files) to cause applications to crash, and may possibly also allow them to execute arbitrary code as the user accessing the files.

tags | advisory, remote, overflow, arbitrary
SHA-256 | 71e1650464f0d6f1f541b9fc92d9a7012aca43e0459af5068ce0b3d122b999ca
rPSA-2006-0099-1.txt
Posted Jun 11, 2006
Site issues.rpath.com

rPath Security Advisory: 2006-0099-1 - openldap

tags | advisory
SHA-256 | 9d09b818308aeca8a5c37ba8a6612810f2862b7e33ecde4323935f3d5460484f
rPSA-2006-0098-1.txt
Posted Jun 11, 2006
Site issues.rpath.com

rPath Security Advisory: 2006-0098-1 - gdm

tags | advisory
SHA-256 | 8fef2c2920b40ab9ca6851cb7dc0d48e7c77d8b20050a7836cf6e9625c9b1413
rPSA-2006-0096-1.txt
Posted Jun 11, 2006
Site issues.rpath.com

rPath Security Advisory: 2006-0096-1 - spamassassin

tags | advisory
SHA-256 | 8584f08ad4d12a526d48dcb732cebf12ecb5a6b2d5fc7c2cd2ec6134f62d99d0
rPSA-2006-0091-1.txt
Posted Jun 3, 2006
Site rpath.com

rPath Security Advisory: 2006-0091-1 Previous versions of the firefox browser and thunderbird mail user agent have multiple vulnerabilities, some of which allow remote servers to compromise user accounts. The firefox browser is the default browser on rPath Linux, and all users are strongly recommended to update firefox and thunderbird as soon as possible.

tags | advisory, remote, vulnerability
systems | linux
SHA-256 | 27bd7d8714b37e6a0e3d04f904095e130aa210389f06defad89fc008600a4f9b
rPSA-2006-0089-1.txt
Posted Jun 1, 2006
Site rpath.com

rPath Security Advisory: 2006-0089-1 Previous versions of mysql server and client libraries contain weaknesses parsing certain character encodings (such as SJIS, BIG5 and GBK, but not ASCII) which, when using the vulnerable encodings, can enable SQL injection attacks against applications (particularly web applications) which use non-standard escaping of quote characters.

tags | advisory, web, sql injection
SHA-256 | d70a743926a3935231f3bb26db14389eae3897af43df7beba718ec8b6efb15e6
rPSA-2006-0087-1.txt
Posted Jun 1, 2006
Site rpath.com

rPath Security Advisory: 2006-0087-1 - Previous versions of the kernel package have a small information leak that exposes 6 bytes of arbitrary kernel memory when the getsockopt system call is called with the SO_ORIGINAL_DST argument. An attacking program cannot choose which 6 bytes of memory are exposed.

tags | advisory, arbitrary, kernel
SHA-256 | 6c24624302fb3626d75c087038738bdbbe9c24632ad878a8ef9e3432f672a47f
rPSA-2006-0084-1.txt
Posted May 29, 2006
Site rpath.com

rPath Security Advisory: 2006-0084-1 Previous versions of fetchmail, when talking to a hostile (possibly compromised) mail server, are vulnerable to possible denial of service or user compromise.

tags | advisory, denial of service
SHA-256 | e5df4287ed7a5ff69e27921d12ab11a97f215a2ad865a08c83a5abd12aeefa5e
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    18 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    27 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    6 Files
  • 28
    May 28th
    12 Files
  • 29
    May 29th
    31 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close