Fedora Essential and Critical Security Patch Updates - Page 866
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
This release fixes a buffer overflow vulnerability in the Fedora Core 2 dhcp-3.0.1rc12-*.
An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code when opened by a victim.
An attacker could carefully craft a PNG file in such a way that it would cause an application linked to libpng to crash or potentially execute arbitrary code.
These new packages fix a bug in the last errata where the actual security patch didn't get applied.
This update includes a fix for the local denial of service as described inlinuxreviews.org.
If using the svnserve daemon, an unauthenticated client may be able execute arbitrary code as the daemon's user.
Many vulnerabilities, discovered in a recent audit of cvs, are fixed.
This upgrade is not specifically secuity; it fixes many kernel bugs and adds support for stack non-execution on some systems, which is important in guarding against buffer overflows.
A remotely-exploitable buffer overflow allows the execution of arbitrary code.
Patch fixes a SQL injection and cross-site scripting flaw.
Exploitation could lead to denial of service or arbitrary code execution.
netlink_listen & netlink_receive_dump should both check the source of the packets by looking at nl_pid and ensuring that it is 0 before performing any reconfiguration of network interfaces.
This patch fixes three DoS vulns and a buffer overflow.
Among other bugs, this fixes a failure to use encryption when required.
Fixes an exploitable memory leak and escapable error-log output.
An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands.
A crafted ISAKMP header can cause racoon to crash.
An attacker could send malicious requests to a Subversion server and perform arbitrary execution of code.
An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client, such as cadaver.
Stefan Esser discovered a flaw in cvs where malformed "Entry" linescould cause a heap overflow.