| » | DSA-2076 gnupg2 - use-after-free
It was discovered that GnuPG 2 uses a freed pointer when verifying a
signature or importing a certificate with many Subject Alternate Names,
potentially leading to arbitrary code execution.
|
| » | DSA-2075 xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
|
| » | DSA-2074 ncompress - integer underflow
Aki Helin discovered an integer underflow in ncompress, the original
Lempel-Ziv compress/uncompress programs.
This could lead to the execution of arbitrary code when trying to decompress
a crafted LZW compressed gzip archive.
|
| » | DSA-2073 mlmmj - insufficient input sanitising
Florian Streibelt reported a directory traversal flaw in the way the
Mailing List Managing Made Joyful mailing list manager processed
users' requests originating from the administrator web interface
without enough input validation. A remote, authenticated attacker could
use these flaws to write and/or delete arbitrary files.
|
| » | DSA-2072 libpng - several vulnerabilities
Several vulnerabilities have been discovered in libpng, a library for
reading and writing PNG files. The Common Vulnerabilities and
Exposures project identifies the following problems:
|
| » | DSA-2071 libmikmod - buffer overflows
Dyon Balding discovered buffer overflows in the MikMod sound library,
which could lead to the execution of arbitrary code if a user is
tricked into opening malformed Impulse Tracker or Ultratracker sound
files.
|
| » | DSA-2070 freetype - several vulnerabilities
Robert Swiecki discovered several vulnerabilities in the FreeType font
library, which could lead to the execution of arbitrary code if a
malformed font file is processed.
|
| » | DSA-2069 znc - denial of service
It was discovered that znc, an IRC bouncer, is vulnerable to denial
of service attacks via a NULL pointer dereference when traffic
statistics are requested while there is an unauthenticated connection.
|
| » | DSA-2068 python-cjson - buffer overflow
Matt Giuca discovered a buffer overflow in python-cjson, a fast JSON
encoder/decoder for Python.
This allows a remote attacker to cause a denial of service (application crash)
through a specially-crafted Python script.
|
| » | DSA-2066 wireshark - several vulnerabilities
Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer. It was discovered that null pointer
dereferences, buffer overflows and infinite loops in the SMB, SMB
PIPE, ASN1.1 and SigComp dissectors could lead to denial of service
or the execution of arbitrary code.
|
| » | DSA-2064 xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
|
| » | DSA-2065 kvirc - several vulnerabilities
Two security issues have been discovered in the DCC protocol support
code of kvirc, a KDE-based next generation IRC client, which allow
the overwriting of local files through directory traversal and the
execution of arbitrary code through a format string attack.
|
| » | DSA-2063 pmount - insecure temporary file
Dan Rosenberg discovered that pmount, a wrapper around the standard mount
program which permits normal users to mount removable devices without a
matching /etc/fstab entry, creates files in /var/lock insecurely.
A local attacker could overwrite arbitrary files utilising a symlink attack.
|
| » | DSA-2062 sudo - missing input sanitization
Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a
program designed to allow a sysadmin to give limited root privileges to
users, that allows a user with sudo permissions on certain programs to
use those programs with an untrusted value of PATH.
This could possibly lead to certain intended restrictions being bypassed,
such as the secure_path setting.
|
| » | DSA-2061 samba - memory corruption
Jun Mao discovered that Samba, an implementation of the SMB/CIFS protocol
for Unix systems, is not properly handling certain offset values when
processing chained SMB1 packets. This enables an unauthenticated attacker
to write to an arbitrary memory location resulting in the possibility to
execute arbitrary code with root privileges or to perform denial of service
attacks by crashing the samba daemon.
|
| » | DSA-2060 cacti - insufficient input sanitization
Stefan Esser discovered that cacti, a front-end to rrdtool for monitoring
systems and services, is not properly validating input passed to the rra_id
parameter of the graph.php script. Due to checking the input of $_REQUEST
but using $_GET input in a query an unauthenticated attacker is able to
perform SQL injections via a crafted rra_id $_GET value and an additional
valid rra_id $_POST or $_COOKIE value.
|
| » | DSA-2059 pcsc-lite - buffer overflow
It was discovered that PCSCD, a daemon to access smart cards, was vulnerable
to a buffer overflow allowing a local attacker to elevate his privileges
to root.
|
| » | DSA-2058 glibc, eglibc - multiple vulnerabilities
Several vulnerabilities have been discovered in the GNU C Library (aka
glibc) and its derivatives. The Common Vulnerabilities and Exposures
project identifies the following problems:
|
| » | DSA-2057 mysql-dfsg-5.0 - several vulnerabilities
Several vulnerabilities have been discovered in the MySQL
database server.
The Common Vulnerabilities and Exposures project identifies the
following problems:
|
| » | DSA-2056 zonecheck - missing input sanitizing
It was discovered that in zonecheck, a tool to check DNS configurations,
the CGI does not perform sufficient sanitation of user input; an
attacker can take advantage of this and pass script code in order to
perform cross-site scripting attacks.
|