Section: .. / 0612-advisories /
| /// File Name: |
dsa-1231-1.txt |
Description:
|
Debian Security Advisory 1231-1 - Several remote vulnerabilities have been discovered in the GNU privacy, a free PGP replacement, which may lead to the execution of arbitrary code. Werner Koch discovered that a buffer overflow in a sanitizing function may lead to execution of arbitrary code when running gnupg interactively. Tavis Ormandy discovered that parsing a carefully crafted OpenPGP packet may lead to the execution of arbitrary code, as a function pointer of an internal structure may be controlled through the decryption routines.
| | Homepage: | http://www.debian.org/security | | File Size: | 5438 | | Related CVE(s): | CVE-2006-6169, CVE-2006-6235 | | Last Modified: | Dec 11 16:58:36 2006 |
| MD5 Checksum: | c1b599ab141f00a49f626f8ccaf65998 |
|
| /// File Name: |
sa23188.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for links. This fixes a vulnerability, which can be exploited by malicious people to expose sensitive information and manipulate data.
| | Homepage: | http://secunia.com/advisories/23188/ | | File Size: | 5407 | | Last Modified: | Dec 6 03:07:49 2006 |
| MD5 Checksum: | 6eb7ee1f0eb3c71f4d05bf10589b5d20 |
|
| /// File Name: |
12.12.06-1.txt |
Description:
|
iDefense Security Advisory 12.12.06 - Local exploitation of a buffer overflow vulnerability in ld.so could potentially allow a non root user to execute arbitrary code as root. iDefense has confirmed that Solaris 10 for both x86 and SPARC is vulnerable. Older versions of Solaris are likely to be vulnerable as well.
| | Author: | Sean Larsson | | Homepage: | http://www.idefense.com/ | | File Size: | 5388 | | Last Modified: | Dec 15 09:59:41 2006 |
| MD5 Checksum: | ac1761d2572b44e616c2ffe2f2101f37 |
|
| /// File Name: |
FreeBSD-SA-06-25.kmem.txt |
Description:
|
FreeBSD Security Advisory - The firewire(4) driver suffers from a kernel memory disclosure flaw.
| | Author: | Rodrigo Rubira Branco | | Homepage: | http://security.freebsd.org/ | | File Size: | 5306 | | Related CVE(s): | CVE-2006-6013 | | Last Modified: | Dec 7 09:41:19 2006 |
| MD5 Checksum: | dc80f14315b4927aa1b8a7cb36eac7a3 |
|
| /// File Name: |
dsa-1226-1.txt |
Description:
|
Debian Security Advisory 1226-1 - Teemu Salmela discovered that the links character mode web browser performs insufficient sanitizing of smb:// URIs, which might lead to the execution of arbitrary shell commands.
| | Homepage: | http://www.debian.org/security | | File Size: | 5291 | | Related CVE(s): | CVE-2006-5925 | | Last Modified: | Dec 6 06:30:56 2006 |
| MD5 Checksum: | d2a066ec0e4097a655ba7a441467513f |
|
| /// File Name: |
CAID-34876.txt |
Description:
|
CAID 34876 - CA CleverPath Portal and other CA solutions that embed Portal technology contain a session verification vulnerability.
| | Author: | Ken Williams | | Homepage: | http://www3.ca.com/ | | File Size: | 5236 | | Last Modified: | Dec 22 01:27:02 2006 |
| MD5 Checksum: | c9aa7f4a6d99dd533dcedb00dfb05c4a |
|
| /// File Name: |
dsa-1243-1.txt |
Description:
|
Debian Security Advisory 1243-1 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow. Evince embeds a copy of gv and needs an update as well.
| | Homepage: | http://www.debian.org/security | | File Size: | 5220 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Dec 28 02:26:50 2006 |
| MD5 Checksum: | e30292c1a015ebc42f2895df553de727 |
|
| /// File Name: |
dsa-1214-2.txt |
Description:
|
Debian Security Advisory 1214-2 - Renaud Lifchitz discovered that gv, the PostScript and PDF viewer for X, performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow. The original update provided in DSA 1214-1 was insufficient; this update corrects this.
| | Homepage: | http://www.debian.org/security | | File Size: | 5207 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Dec 28 02:25:54 2006 |
| MD5 Checksum: | d8ad768ef0c6bfe80de9c960a4c86534 |
|
| /// File Name: |
FreeBSD-SA-06-26.gtar.txt |
Description:
|
FreeBSD Security Advisory - Symlinks created using the "GNUTYPE_NAMES" tar extension can be absolute due to lack of proper sanity checks.
| | Author: | Teemu Salmela | | Homepage: | http://security.freebsd.org/ | | File Size: | 5180 | | Related CVE(s): | CVE-2006-6097 | | Last Modified: | Dec 7 09:42:56 2006 |
| MD5 Checksum: | c6a9e97182b0d31fffafd4d1857a0a56 |
|
| /// File Name: |
SYM06-023.txt |
Description:
|
Symantec has released an update to address a security concern in PHP,? commonly used HTML-embedded scripting language, for Symantec's Veritas NetBackup 6.0 PureDisk Remote Office Edition.
| | Homepage: | http://www.symantec.com/security/ | | File Size: | 5162 | | Related CVE(s): | CVE-2006-5465 | | Last Modified: | Dec 6 03:46:11 2006 |
| MD5 Checksum: | 29c4e0850585d593690dabb207e7c859 |
|
| /// File Name: |
sa23161.txt |
Description:
|
Secunia Security Advisory - Mandriva has issued an update for GnuPG. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23161/ | | File Size: | 5159 | | Last Modified: | Dec 6 03:07:49 2006 |
| MD5 Checksum: | bbf37b1c218a328f7549cb8439e2dc91 |
|
| /// File Name: |
sa23580.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for elog. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service), and malicious users to conduct script insertion attacks, cause a DoS, and potentially compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23580/ | | File Size: | 5116 | | Last Modified: | Dec 29 16:04:15 2006 |
| MD5 Checksum: | 8595b681f0352670dc703729926f28c4 |
|
| /// File Name: |
USN-390-2.txt |
Description:
|
Ubuntu Security Notice 390-2 - USN-390-1 fixed a vulnerability in evince. The original fix did not fully solve the problem, allowing for a denial of service in certain situations. A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 5108 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Dec 7 09:31:02 2006 |
| MD5 Checksum: | 2217715e45ac597eb21f9d4fe2be457b |
|
| /// File Name: |
MDKSA-2006-228.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006:228: A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
| | Homepage: | http://www.mandriva.com/security/ | | File Size: | 5080 | | Last Modified: | Dec 14 21:58:53 2006 |
| MD5 Checksum: | 327ac222d8158b2294025280ee3359c8 |
|
| /// File Name: |
sa23337.txt |
Description:
|
Secunia Security Advisory - SUSE has issued an update for libgsf. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library.
| | Homepage: | http://secunia.com/advisories/23337/ | | File Size: | 5042 | | Last Modified: | Dec 14 21:28:17 2006 |
| MD5 Checksum: | 30a62195af2c87be3e9fc69648b4c9aa |
|
| /// File Name: |
sa23299.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for gnupg. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23299/ | | File Size: | 5026 | | Last Modified: | Dec 11 16:29:46 2006 |
| MD5 Checksum: | 6988ebf2eebda9bd96f9fc96e3f0c826 |
|
| /// File Name: |
MDKSA-2006-221.txt |
Description:
|
Mandriva Linux Security Advisory - Buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages that cause the make_printable_string function to return a longer string than expected while constructing a prompt.
| | Homepage: | http://www.mandriva.com/security | | File Size: | 4975 | | Related CVE(s): | CVE-2006-6169 | | Last Modified: | Dec 6 04:48:26 2006 |
| MD5 Checksum: | ae1488db9d998d40ccbb92cba27c8e5d |
|
| /// File Name: |
sa23163.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for tar. This fixes a security issue, which can be exploited by malicious people to overwrite arbitrary files.
| | Homepage: | http://secunia.com/advisories/23163/ | | File Size: | 4938 | | Last Modified: | Dec 6 03:07:49 2006 |
| MD5 Checksum: | 0c6c897774eaf55634707db49bb5d9d9 |
|
| /// File Name: |
USN-390-1.txt |
Description:
|
Ubuntu Security Notice 390-1 - A buffer overflow was discovered in the PostScript processor included in evince. By tricking a user into opening a specially crafted PS file, an attacker could crash evince or execute arbitrary code with the user's privileges.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 4919 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Dec 6 04:44:35 2006 |
| MD5 Checksum: | d86db994f4af3cf20556dd98c3ae83b4 |
|
| /// File Name: |
dsa-1230-1.txt |
Description:
|
Debian Security Advisory 1230-1 - Rhys Kidd discovered a vulnerability in l2tpns, a layer 2 tunneling protocol network server, which could be triggered by a remote user to execute arbitrary code.
| | Homepage: | http://www.debian.org/security | | File Size: | 4918 | | Related CVE(s): | CVE-2006-5873 | | Last Modified: | Dec 8 23:51:32 2006 |
| MD5 Checksum: | 1c21f599702654e863c4ec9e4f951527 |
|
| /// File Name: |
EEYE-Intel.txt |
Description:
|
eEye Digital Security has discovered a vulnerability in all Intel network adapter drivers ("NDIS miniport drivers") that could allow unprivileged code executing on an affected system to gain unfettered, kernel-level access. For instance, a malicious user, malware, or exploit payload taking advantage of an unrelated vulnerability could additionally exploit this vulnerability in order to completely compromise a system at the kernel level.
| | Author: | Derek Soeder | | Homepage: | http://www.eeye.com | | File Size: | 4911 | | Last Modified: | Dec 8 23:03:05 2006 |
| MD5 Checksum: | 8f5fd83e20858675b49c76f16aaa3256 |
|
| /// File Name: |
sa23333.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for l2tpns. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/23333/ | | File Size: | 4910 | | Last Modified: | Dec 11 16:29:46 2006 |
| MD5 Checksum: | a8d0bdb0a0ad0ff92c486abe2cba211a |
|
| /// File Name: |
dsa-1223-1.txt |
Description:
|
Debian Security Advisory 1223-1 - Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link.
| | Homepage: | http://www.debian.org/security | | File Size: | 4862 | | Related CVE(s): | CVE-2006-6097 | | Last Modified: | Dec 6 05:06:14 2006 |
| MD5 Checksum: | 56fd74f2486c5eb66fff24adf279eb9c |
|
| /// File Name: |
gnupg-6235.txt |
Description:
|
Tavis Ormandy of the Gentoo security team identified a severe and exploitable bug in the processing of encrypted packets in GnuPG. Versions below 1.4.6 are susceptible as well as versions below GnuPG-2 2.0.2.
| | Homepage: | http://www.gnupg.org/ | | File Size: | 4781 | | Last Modified: | Dec 7 10:42:49 2006 |
| MD5 Checksum: | 41385d5f237ffa7e3cb5244672178f7c |
|
| /// File Name: |
sa23579.txt |
Description:
|
Secunia Security Advisory - Debian has issued an update for evince. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
| | Homepage: | http://secunia.com/advisories/23579/ | | File Size: | 4766 | | Last Modified: | Dec 29 16:04:15 2006 |
| MD5 Checksum: | 508d81778ba021ec69adf18d6a8f51dd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
