rPath Security Advisory: 2006-0231-1 Previous versions of the squirrelmail package are vulnerable to multiple cross-site scripting (XSS) attacks that allow the attacker to subvert web browsers being used with squirrelmail.
12d74805d32f058bf4ca695a35a43d031b86aa7f4a029970bc617d598fb74599rPath Security Advisory: 2006-0230-1 Previous versions of the evince package contain a vulnerability that enables attackers to provide intentionally malformed postscript files which will cause evince to execute arbitrary attacker-provided code. (This vulnerability was originally discovered in the gv program.)
4e46d0359de36b4b03aa784934a549f206b3c7dd86fa8bd326c2d9a849ca36d8rPath Security Advisory: 2006-0232-1 - Previous versions of the libgsf package contain a flaw in parsing OLE documents that could allow an attacker to crash applications that use libgsf, and possibly to cause them to execute arbitrary code, by presenting a user with an intentionally malformed OLE document.
733ac83ebf6a56e8ffd4cea878a6fde0587eed0ce27da2b3687d9f5be50a1e9frPath Security Advisory: 2006-0198-1: In previous versions of the screen package, the screen program had a bug which is known to make screen vulnerable to a minor denial of service attack in which the screen program would crash if presented with particular output. It is possible that this attack could also allow a user-complicit attacker to assume the privileges of the complicit user. The screen program is not setuid in rPath Linux, so any attack is limited to the complicit user.
9d6aa5849f0d951882c19d3c203f88b7b542c54aa21a1ef825a48ca850a0ca48rPath Security Advisory: 2006-0195-2: Previous versions of the qt-x11-free package include Qt libraries contain an integer overflow flaw that causes them not to properly bound pixmap image data. This may enable a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution, in applications which use vulnerable versions of the Qt libraries.
0bfa2913fc97e3bfc7630e182f6e6aceb9c1e399a7194c1829a5a615d64446fcrPath Security Advisory: 2006-0195-1: Previous versions of the KDE khtml library use Qt in a way that allows unchecked pixmap image input to be provided to Qt, triggering an integer overflow flaw in Qt. This enables a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution.
d62aeb3881b902a5efb505319342562b3c2dd128421144cad0ce895f592acd96rPath Security Advisory: 2006-0176-1: Previous versions of the openldap package contain a slapd daemon which allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN), a privilege escalation vulnerability.
722923d68306f381aa03c7d0853269d27354c3cde93946aef564de4f116a3cc7rPath Security Advisory: 2006-0175-2 Previous versions of the openssl package are vulnerable to multiple attacks. Three of the vulnerabilities are denials of service, but the other is a buffer overflow that is expected to create remote unauthorized access vulnerabilities in other applications. In particular, any connection that the mysql daemon will accept may be vulnerable. In the default configuration of mysql, that would be a local unauthorized access vulnerability, but mysql can be configured to listen for network connections from remote hosts, which would then enable remote unauthorized access. Any program that calls the SSL_get_shared_ciphers() function may be vulnerable.
7402f00d579205e017edf9cc897a11b998a2fe9bea70b4c083cf64130422668arPath Security Advisory: 2006-0175-1: openssl Remote Deterministic Unauthorized Access
bad571b639bf6d215d6c75d795524f028ed833d69870db827c2e7bc508b2b11frPath Security Advisory: 2006-0174-1 - Remote Deterministic Denial of Service in openssh.
c1640f92d7c0341827fcd3df1abf30503aa5d4ec4a020d804833f56c1fdcc594rPSA-2006-0173-1: Previous versions of the openoffice.org packages are susceptible to several vulnerabilities, including a denial of service (application crash) and a user-complicit unauthorized access attack that enables an attacker to cause arbitrary code to be run. These versions are not susceptible to CVE-2006-2199 because Java is not enabled in those builds.
b00e4cdda3349bd8985c2b406e7fed444423732a5599fa7ac67099cdd62d4062rPath Security Advisory: 2006-0170-1 - Previous versions of the gzip package contain multiple vulnerabilities that enable user-complicit unauthorized access when a user attempts to gunzip intentionally malformed gzip files. Some network services will automatically run the gunzip program in some contexts, which may then enable direct unauthorized access to the user account that provides the network service.
0b107839b2c512624c59c4384749fdf31feddab324d5d21277c716174a9ca4d3rPath Security Advisory - Previous versions of the libpng package contain a weakness in processing images that is known to create a denial of service vulnerability and is expected also to allow unauthorized access. This weakness is triggered by malformed png images that may be provided to applications such as web browsers by an attacker.
32f2e1977a6be9cee119a0f457b46c0c4d26ac2322445ba8f7d03d2f5c6150e9rPath Security Advisory - All versions of the ethereal and tethereal packages contain vulnerabilities in packet dissector modules, which may allow various attacks including subverting the user who is running ethereal. Since ethereal is generally run as root to view network traffic directly, this may allow complete access to the vulnerable system.
c44a6d6485544a4f0867e5c2113e2255a5f08d8b4523239a0d24aa294287a2efrPath Security Advisory: 2006-0122-2 - Previous versions of the kernel package have two specific vulnerabilities that are addressed in this version.
e8c7f28067e9cd6a01b4845a2aabd4bb9cbf7f85b3ebf57cd0d6eaa0005b3744rPath Security Advisory: 2006-0122-1 - Multiple kernel vulnerabilities have been address in rPath Linux.
f289ce55b2831694808c76e2e3e4b4ebaa36572769a708e68d81845d8e7829e4In previous kernel 2.6 versions, systems that use the SCTP protocol are vulnerable to remote denial of service attacks including remotely-triggered kernel crashes, and all systems are vulnerable to local denial of service including locally-triggered kernel hangs.
0a184d8c9cd14cdfc29f7f2d78a66c38915f67721aee3a75be265bfc14048501KDM allows the user to select the session type for login. This setting is stored in the user home directory. Previous versions of KDM will follow a symbolic link and can thus disclose the contents of any file on the system (such as /etc/shadow) to arbitrary users. KDM is not the default window manager on rPath Linux.
a9c14d06d386e7a6bbe04cd8da68b66cbb0811902c497028d1b9ba9b2e4a088crPath Security Advisory: 2006-0100-1: Previous versions of the freetype library contain multiple integer overflow weaknesses which allow remote providers of font files (which may include fonts embedded in documents such as PDF files) to cause applications to crash, and may possibly also allow them to execute arbitrary code as the user accessing the files.
71e1650464f0d6f1f541b9fc92d9a7012aca43e0459af5068ce0b3d122b999carPath Security Advisory: 2006-0099-1 - openldap
9d09b818308aeca8a5c37ba8a6612810f2862b7e33ecde4323935f3d5460484frPath Security Advisory: 2006-0098-1 - gdm
8fef2c2920b40ab9ca6851cb7dc0d48e7c77d8b20050a7836cf6e9625c9b1413rPath Security Advisory: 2006-0096-1 - spamassassin
8584f08ad4d12a526d48dcb732cebf12ecb5a6b2d5fc7c2cd2ec6134f62d99d0rPath Security Advisory: 2006-0091-1 Previous versions of the firefox browser and thunderbird mail user agent have multiple vulnerabilities, some of which allow remote servers to compromise user accounts. The firefox browser is the default browser on rPath Linux, and all users are strongly recommended to update firefox and thunderbird as soon as possible.
27bd7d8714b37e6a0e3d04f904095e130aa210389f06defad89fc008600a4f9brPath Security Advisory: 2006-0089-1 Previous versions of mysql server and client libraries contain weaknesses parsing certain character encodings (such as SJIS, BIG5 and GBK, but not ASCII) which, when using the vulnerable encodings, can enable SQL injection attacks against applications (particularly web applications) which use non-standard escaping of quote characters.
d70a743926a3935231f3bb26db14389eae3897af43df7beba718ec8b6efb15e6rPath Security Advisory: 2006-0087-1 - Previous versions of the kernel package have a small information leak that exposes 6 bytes of arbitrary kernel memory when the getsockopt system call is called with the SO_ORIGINAL_DST argument. An attacking program cannot choose which 6 bytes of memory are exposed.
6c24624302fb3626d75c087038738bdbbe9c24632ad878a8ef9e3432f672a47frPath Security Advisory: 2006-0084-1 Previous versions of fetchmail, when talking to a hostile (possibly compromised) mail server, are vulnerable to possible denial of service or user compromise.
e5df4287ed7a5ff69e27921d12ab11a97f215a2ad865a08c83a5abd12aeefa5e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed