Category: news
|
Posted by
Staff
327 days ago
Via: http://lists.jammed.com |
Discuss
Staff
327 days ago
Via: http://lists.jammed.com |
Discuss
========================================================================
The Secunia Weekly Advisory Summary
2008-02-07 - 2008-02-14
This week: 118 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia invites you to join us in the biggest IT Expo event of the year
- the RSA Conference in the Moscone Center, San Francisco, California
from 7 to 11 April 2008. If you are interested in going to the expo
exhibit and meeting us, please contact your Secunia Account Executive
for a FREE EXPO PASS!
========================================================================
2) This Week in Brief:
Two highly critical vulnerabilities have been reported in ClamAV, which
can be exploited by malicious people to cause a Denial of Service or
potentially compromise a vulnerable system.
An integer overflow error within the "cli_scanpe()" function in
libclamav/pe.c can be exploited to cause a heap-based buffer overflow
via a specially crafted PE file. Another error within the "unmew11()"
function in libclamav/mew.c can be exploited to corrupt heap memory.
Successful exploitation of these vulnerabilities may allow execution of
arbitrary code. The vendor has released version 0.92.1 to resolve these
issues.
For more information, refer to:
http://secunia.com/advisories/28907/
--
Some vulnerabilities have been reported in Cisco Unified IP Phone
models, which can be exploited by malicious users to compromise a
vulnerable device or by malicious people to cause a DoS (Denial of
Service) and compromise a vulnerable device.
Several boundary errors within the internal SSH server, in the parsing
of DNS responses, and in the handling of MIME encoded data can be
exploited to cause buffer overflows and may allow execution of
arbitrary code.
A boundary error within the internal telnet server can be exploited to
cause a buffer overflow via a specially crafted command. Successful
exploitation may allow execution of arbitrary code but requires that
the telnet server is enabled, which is not the default setting.
A boundary error in the handling of challenge/response messages from an
SIP proxy can be exploited to cause a heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code but
requires, for example, control of an SIP proxy.
Error in the handling of ICMP echo request packets, and within the
internal HTTP server when handling HTTP requests can be exploited to
cause a device to reboot via an overly large ICMP echo request packet
and a specially crafted HTTP request, respectively.
The vulnerabilities affect a variety of devices running SCCP and SIP
firmwares. The vendor has released firmware updates to resolve these
problems.
For more information, refer to:
http://secunia.com/advisories/28935/
--
Apple has issued Mac OS X 10.5.2, a security update for Mac OS X, which
fixes multiple vulnerabilities and weaknesses. These include:
An unspecified error within Foundation in Safari's handling of URLs.
This can be exploited to cause a memory corruption when a user is
enticed to access a specially crafted URL and may allow execution of
arbitrary code.
A weakness that is due to Launch Services allowing users to start
uninstalled applications from a Time Machine Backup.
An error in the handling of file:// URLs in Mail, which can be
exploited to execute arbitrary applications without warning when a user
is enticed to click on a URL within a message.
An unspecified error within NFS when handling mbuf chains, which can be
exploited to cause a memory corruption and allow system shutdown and
potential execution of arbitrary code.
A problem within Parental Controls, in which Parental Controls contacts
www.apple.com when a site is unblocked, allowing for detection of
computers running Parental Controls.
An input validation error in Terminal when processing URL schemes,
which can be exploited to launch an application with arbitrary command
line parameters and may allow execution of arbitrary code when a user
visits a specially crafted web page.
An error in X11, which causes certain settings ("Allow connections from
network client") not to be applied.
Other known vulnerabilities in third-party components used by Mac OS X,
such as Samba and X11 X Font Server, are also fixed in this release.
For more information, refer to:
http://secunia.com/advisories/28891/
--
Some vulnerabilities and weaknesses have been fixed in the latest
version of Mozilla Firefox, which can be exploited by malicious people
to disclose sensitive information, bypass certain security
restrictions, conduct spoofing attacks, or to compromise a user's
system.
Various errors have been fixed in Firefox's browser engine and
Javascript engine, which can be exploited to cause a memory corruption
and allow the execution of arbitrary code.
A weakness due to a design error within the focus handling and which
can potentially be exploited to trick a user into uploading arbitrary
files has also been fixed.
An error in the handling of images when a user leaves a page, which
uses "designMode" frames, can be exploited to disclose the user's
navigation history, forward navigation information, and to cause a
memory corruption. Successful exploitation of this vulnerability may
allow execution of arbitrary code.
A design error related to timer-enabled dialogs can be exploited to
trick a user into unintentionally confirming a security dialog.
A problem in Firefox, which follows "302" redirects for stylesheets and
allows reading the target URL via "element.sheet.href", can potentially
be exploited to disclose sensitive URL parameters.
The vulnerabilities are reported in versions prior to 2.0.0.12. Users
are advised to download the updated version immediately.
For more information, refer to:
http://secunia.com/advisories/28758/
To find out if your home computer is vulnerable to any of these
security problems, scan using the free Personal Software Inspector:
https://psi.secunia.com/
Check if a vulnerable version is installed on computers in your
corporate network, using the Network Software Inspector:
http://secunia.com/network/software_inspector/
--
Microsoft released eleven security bulletins for February, three of
which have been rated by Secunia as less critical issues, with the rest
as highly critical issues.
The updates include some Denial of Service conditions for Microsoft
Active Directory, and Windows Vista; a privilege escalation and a
system compromise issue for Microsoft IIS, two highly critical system
compromise vulnerabilities in the Windows operating system, four highly
critical vulnerabilities due to parsing and calculation errors in
Microsoft Office, and a security update for Internet Explorer.
Users are urged to visit Microsoft Update to patch their systems as
soon as possible.
For more information, refer to:
http://secunia.com/advisories/28764/
http://secunia.com/advisories/28828/
http://secunia.com/advisories/28849/
http://secunia.com/advisories/28893/
http://secunia.com/advisories/28894/
http://secunia.com/advisories/28902/
http://secunia.com/advisories/28901/
http://secunia.com/advisories/28903/
http://secunia.com/advisories/28904/
http://secunia.com/advisories/28906/
http://secunia.com/advisories/28909/
To find out if your home computer is vulnerable to any of these
security problems, scan using the free Personal Software Inspector:
https://psi.secunia.com/
Check if a vulnerable version is installed on computers in your
corporate network, using the Network Software Inspector:
http://secunia.com/network/software_inspector/
--
VIRUS ALERTS:
During the past week Secunia collected 155 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA28835] Linux Kernel "vmsplice()" System Call Vulnerabilities
2. [SA28758] Mozilla Firefox Multiple Vulnerabilities
3. [SA28802] Adobe Reader/Acrobat Multiple Vulnerabilities
4. [SA28851] Adobe Reader/Acrobat 7 Multiple Vulnerabilities
5. [SA28795] Sun JRE Applet Handling Two Vulnerabilities
6. [SA28808] Mozilla Thunderbird Multiple Vulnerabilities
7. [SA28804] UltraVNC vncviewer Multiple Buffer Overflow
Vulnerabilities
8. [SA28766] Red Hat update for seamonkey
9. [SA28853] Symantec Ghost Solution Suite Client Command Execution
Vulnerability
10. [SA28820] VPN-1 SecuRemote/SecureClient NGX R60 and NGAI R56
Information Disclosure
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA28909] Microsoft Office Object Parsing Memory Corruption
Vulnerability
[SA28906] Microsoft Office Publisher File Parsing Vulnerabilities
[SA28904] Microsoft Works File Converter File Parsing Vulnerabilities
[SA28903] Microsoft Internet Explorer Multiple Vulnerabilities
[SA28902] Microsoft Windows OLE Automation Memory Corruption
[SA28901] Microsoft Word File Information Block Memory Corruption
[SA28894] Microsoft WebDAV Mini-Redirector Pathname Buffer Overflow
[SA28893] Microsoft Internet Information Services Code Execution
Vulnerability
[SA28855] jetAudio ASX Parsing Buffer Overflow Vulnerability
[SA28854] Sony ImageStation AxRUploadControl ActiveX Control
"SetLogging()" Buffer Overflow
[SA28863] SafeNet Sentinel Protection Server/Key Server Directory
Traversal Vulnerability
[SA28842] Husrev BlackBoard "forumid" SQL Injection Vulnerability
[SA28905] RPM Remote Print Manager Service "Receive data file" Buffer
Overflow
[SA28895] Novell Client NWSPOOL.DLL "EnumPrinters()" Buffer Overflow
[SA28890] Larson Network Print Server Format String and Buffer Overflow
Vulnerabilities
[SA28870] cyan soft Products Format String and Denial of Service
Vulnerabilities
[SA28945] Adobe RoboHelp Cross-Site Scripting Vulnerability
[SA28908] Beyond! Job Board "FKeywords" Cross-Site Scripting
Vulnerability
[SA28882] Tendenci CMS search.asp Cross-Site Scripting Vulnerabilities
[SA28934] Intermate WinIPDS Directory Traversal and Denial of Service
Vulnerabilities
[SA28862] ExtremeZ-IP File and Print Server Multiple Vulnerabilities
[SA28853] Symantec Ghost Solution Suite Client Command Execution
Vulnerability
[SA28975] Fortinet FortiClient Privilege Escalation Vulnerability
[SA28849] Microsoft Internet Information Services Privilege Escalation
UNIX/Linux:
[SA28956] Debian update for mplayer
[SA28948] Gentoo update for gnumeric
[SA28939] Fedora update for firefox, seamonkey, and gtkmozembedmm
[SA28924] Fedora update for firefox, seamonkey, gtkmozembedmm, and
Miro
[SA28918] Fedora update for xine-lib
[SA28913] Fedora update for clamav
[SA28907] ClamAV Multiple Vulnerabilities
[SA28898] Gentoo update for gallery
[SA28891] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities
[SA28888] Red Hat update for java-1.5.0-sun
[SA28879] Debian update for xulrunner
[SA28877] rPath update for firefox
[SA28865] Debian update for icedove
[SA28864] Debian update for iceweasel
[SA28845] Mandriva update for gd
[SA28839] Ubuntu update for firefox
[SA28979] FreeBSD update for ipsec
[SA28960] Fedora update for glib2
[SA28959] Graphviz GD GIF Handling Buffer Overflow Vulnerability
[SA28954] rPath update for tk
[SA28930] Debian update for nagios-plugins
[SA28915] Fedora update for tomcat5
[SA28911] ikiwiki Two Script Insertion Vulnerabilities
[SA28897] Gentoo update for horde-imp
[SA28869] rPath update for SDL_image
[SA28867] Debian update for tk8.4
[SA28866] Fedora update for graphviz
[SA28857] Debian update for tk8.3
[SA28850] Mandriva update for SDL_image
[SA28848] Mandriva update for tk
[SA28838] SUSE Update for Multiple Packages
[SA28837] Debian update for sdl-image1.2
[SA28971] Ubuntu update for kernel
[SA28965] HP-UX update for Apache
[SA28951] OpenCA Cross-Site Request Forgery Vulnerability
[SA28920] Fedora update for wordpress
[SA28916] Fedora update for mailman
[SA28871] Debian update for phpbb2
[SA28860] rPath update for boost
[SA28953] rPath update for openldap
[SA28926] OpenLDAP modrdn Denial of Service Vulnerability
[SA28914] Fedora update for openldap
[SA28952] Gentoo update for pulseaudio
[SA28944] Gentoo update for scponly
[SA28941] Avaya CMS Sun Solaris X Window System and X Server
Vulnerabilities
[SA28937] Red Hat update for kernel
[SA28933] Ubuntu update for kernel
[SA28931] Sun Solaris 10 Language Input Methods Security Issue
[SA28925] rPath update for kernel
[SA28917] Fedora update for duplicity
[SA28912] Fedora update for kernel-xen
[SA28896] Fedora update for kernel
[SA28889] SUSE update for kernel
[SA28885] NX Server X11 Multiple Vulnerabilities
[SA28875] Debian update for linux-2.6
[SA28858] Mandriva update for kernel
[SA28856] Website META Language Insecure Temporary Files
[SA28843] OpenBSD update for X.Org
[SA28835] Linux Kernel "vmsplice()" System Call Vulnerabilities
[SA28928] FreeBSD "sendfile" Information Disclosure Security Issue
[SA28921] Sun Solaris USB Mouse STREAMS Module Local Denial of Service
Other:
[SA28935] Cisco Unified IP Phone Multiple Vulnerabilities
[SA28932] Cisco Unified Communications Manager "key" SQL Injection
Cross Platform:
[SA28946] Adobe Flash Media Server Edge Server Multiple
Vulnerabilities
[SA28886] SAPID CMF "last_module" PHP Code Execution
[SA28874] Open-Realty "last_module" PHP Code Execution
[SA28859] PacerCMS "last_module" PHP Code Execution
[SA28851] Adobe Reader/Acrobat 7 Multiple Vulnerabilities
[SA28836] PowerNews Multiple Vulnerabilities
[SA28969] JSPWiki Multiple Vulnerabilities
[SA28950] AuraCMS "albums" SQL Injection Vulnerability
[SA28929] iTheora "url" Disclosure of Sensitive Information
[SA28927] artmedic weblog Multiple Vulnerabilities
[SA28923] PCRE Character Class Buffer Overflow
[SA28892] Ajax Simple Chat Script Insertion Vulnerability
[SA28887] ITechBids "item_id" SQL Injection Vulnerability
[SA28883] Joomla! Rapid Recipe Component Two SQL Injection
Vulnerabilities
[SA28878] Apache Tomcat Multiple Vulnerabilities
[SA28873] Journalness "last_module" PHP Code Execution
[SA28872] Cacti Multiple Vulnerabilities
[SA28861] Joomla! XML-RPC / Blogger API Vulnerability
[SA28847] PHParanoid Cross-Site Request Forgery and Security Bypass
[SA28846] IEA Products Management Web Server Memory Corruption
Vulnerability
[SA28947] Adobe Connect Enterprise Server Flash Media Server
Vulnerabilities
[SA28919] F-Secure Products CAB and RAR Archives Security Bypass
[SA28900] Simple Machines Forum SMF Shoutbox Mod Script Insertion
[SA28899] MercuryBoard "message" Cross-Site Scripting
[SA28884] Apache Tomcat Cookie Handling Session ID Disclosure
[SA28881] Loris Hotel Reservation System "hotel_name" Cross-Site
Scripting
[SA28876] Drupal Header Image Module Security Bypass Vulnerability
[SA28852] Serendipity Freetag Plugin Tag Name Cross-Site Scripting
[SA28844] HP Select Identity Multiple Unspecified Vulnerabilities
[SA28841] Sift Unity "qt" Cross-Site Scripting
[SA28840] MODx Cross-Site Scripting and Cross-Site Request Forgery
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA28909] Microsoft Office Object Parsing Memory Corruption
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-12
A vulnerability has been reported in Microsoft Office, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28909/
--
[SA28906] Microsoft Office Publisher File Parsing Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-12
Some vulnerabilities have been reported in Microsoft Office Publisher,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/28906/
--
[SA28904] Microsoft Works File Converter File Parsing Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-12
Some vulnerabilities have been reported in Microsoft Office and
Microsoft Works, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28904/
--
[SA28903] Microsoft Internet Explorer Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-12
Some vulnerabilities have been reported in Internet Explorer, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28903/
--
[SA28902] Microsoft Windows OLE Automation Memory Corruption
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-12
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28902/
--
[SA28901] Microsoft Word File Information Block Memory Corruption
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-12
A vulnerability has been reported in Microsoft Word, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28901/
--
[SA28894] Microsoft WebDAV Mini-Redirector Pathname Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-12
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/28894/
--
[SA28893] Microsoft Internet Information Services Code Execution
Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-12
A vulnerability has been reported in Microsoft Internet Information
Services (IIS), which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/28893/
--
[SA28855] jetAudio ASX Parsing Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-11
Laurent Gaffie has discovered a vulnerability in jetAudio, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28855/
--
[SA28854] Sony ImageStation AxRUploadControl ActiveX Control
"SetLogging()" Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-11
david130490 has discovered a vulnerability in Sony ImageStation
AxRUploadControl Object ActiveX control, which can be exploited by
malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28854/
--
[SA28863] SafeNet Sentinel Protection Server/Key Server Directory
Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-02-12
Luigi Auriemma has discovered a vulnerability in SafeNet Sentinel
Protection Server and Key Server, which can be exploited by malicious
people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/28863/
--
[SA28842] Husrev BlackBoard "forumid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-02-11
Cr@zy_King has discovered a vulnerability in Husrev BlackBoard, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/28842/
--
[SA28905] RPM Remote Print Manager Service "Receive data file" Buffer
Overflow
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-02-12
Luigi Auriemma has discovered a vulnerability in RPM Remote Print
Manager, which potentially can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/28905/
--
[SA28895] Novell Client NWSPOOL.DLL "EnumPrinters()" Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-02-12
A vulnerability has been reported in Novell Client, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/28895/
--
[SA28890] Larson Network Print Server Format String and Buffer Overflow
Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-02-12
Luigi Auriemma has discovered two vulnerabilities in Larson Network
Print Server, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/28890/
--
[SA28870] cyan soft Products Format String and Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-02-11
Luigi Auriemma has discovered some vulnerabilities in cyan soft
products, which can be exploited by malicious people to cause a DoS
(Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/28870/
--
[SA28945] Adobe RoboHelp Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-02-13
A vulnerability has been reported in RoboHelp, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/28945/
--
[SA28908] Beyond! Job Board "FKeywords" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-02-12
Ivan Sanchez and Maximiliano Soler have reported a vulnerability in
Beyond! Job Board, which can be exploited by malicious people to
conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/28908/
--
[SA28882] Tendenci CMS search.asp Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-02-13
Russ McRee has reported some vulnerabilities in Tendenci CMS, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/28882/
--
[SA28934] Intermate WinIPDS Directory Traversal and Denial of Service
Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Released: 2008-02-13
Luigi Auriemma has reported some vulnerabilities in Intermate WinIPDS,
which can be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/28934/
--
[SA28862] ExtremeZ-IP File and Print Server Multiple Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Released: 2008-02-11
Luigi Auriemma has discovered some vulnerabilities in ExtremeZ-IP File
and Print Server, which can be exploited by malicious people to
disclose potentially sensitive information or cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/28862/
--
[SA28853] Symantec Ghost Solution Suite Client Command Execution
Vulnerability
Critical: Less critical
Where: From local network
Impact: System access
Released: 2008-02-08
A vulnerability has been reported in Symantec Ghost Solution Suite,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/28853/
--
[SA28975] Fortinet FortiClient Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-02-14
Ruben Santamarta has reported a vulnerability in Fortinet FortiClient,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/28975/
--
[SA28849] Microsoft Internet Information Services Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-02-12
A vulnerability has been reported in Microsoft Internet Information
Services (IIS), which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/28849/
UNIX/Linux:--
[SA28956] Debian update for mplayer
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-13
Debian has issued an update for mplayer. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28956/
--
[SA28948] Gentoo update for gnumeric
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-13
Gentoo has issued an update for gnumeric. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/28948/
--
[SA28939] Fedora update for firefox, seamonkey, and gtkmozembedmm
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released: 2008-02-13
Fedora has issued an update for firefox, seamonkey, and gtkmozembedmm.
This fixes some vulnerabilities, which can be exploited by malicious
people to disclose sensitive information, bypass certain security
restrictions, conduct spoofing attacks, or potentially to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/28939/
--
[SA28924] Fedora update for firefox, seamonkey, gtkmozembedmm, and
Miro
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released: 2008-02-13
Fedora has issued an update for firefox, seamonkey, gtkmozembedmm, and
Miro. This fixes some vulnerabilities and weaknesses, which can be
exploited by malicious people to disclose sensitive information, bypass
certain security restrictions, conduct spoofing attacks, or to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28924/
--
[SA28918] Fedora update for xine-lib
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-13
Fedora has issued an update for xine-lib. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/28918/
--
[SA28913] Fedora update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-13
Fedora has issued an update for clamav. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/28913/
--
[SA28907] ClamAV Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-12
Some vulnerabilities have been reported in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/28907/
--
[SA28898] Gentoo update for gallery
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-02-12
Gentoo has issued an update for gallery. This fixes a weakness and some
vulnerabilities, where some have unspecified impacts and others can be
exploited by malicious users or malicious people to disclose sensitive
information, conduct cross-site scripting attacks, bypass certain
security restrictions, and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/28898/
--
[SA28891] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Privilege
escalation, DoS, System access
Released: 2008-02-12
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities and weaknesses.
Full Advisory:
http://secunia.com/advisories/28891/
--
[SA28888] Red Hat update for java-1.5.0-sun
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-12
Red Hat has issued an update for java-1.5.0-sun. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28888/
--
[SA28879] Debian update for xulrunner
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released: 2008-02-11
Debian has issued an update for xulrunner. This fixes some weaknesses
and vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
conduct spoofing attacks, or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28879/
--
[SA28877] rPath update for firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released: 2008-02-11
rPath has issued an update for firefox. This fixes some vulnerabilities
and weaknesses, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, conduct
spoofing attacks, or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28877/
--
[SA28865] Debian update for icedove
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information, DoS,
System access
Released: 2008-02-11
Debian has issued an update for icedove. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, or
potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/28865/
--
[SA28864] Debian update for iceweasel
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released: 2008-02-11
Debian has issued an update for iceweasel. This fixes some weaknesses
and vulnerabilities, which can be exploited by malicious people to
...
Add this link to...
Bury
Best of Security is a consolidated resource for all kinds of security news and stories. Learn more...
Please update the link. I need mod dosevasive...I also need an updated link please...I also need an updated link if possible....Advisory of Workaround (by Xerox):
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
Hello - I am Jeff Hardy from SmarterTools.
The vulnerability...give me a new link for downloding this lib / .dll, please....
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
The vulnerability...give me a new link for downloding this lib / .dll, please....
Comments