This security update upgrades the Clamav virus scan engine to This security update upgrades the Clamav virus scan engine to the version 0.68.1. the version 0.68.1. Among other bugfixes and improvements, this update fixes a bug in the Quantum decompressor routines that can be used for a remote denial of service attack against clamd.
Various security problems were found in RealPlayer that allow a remote Various security problems were found in RealPlayer that allow a remote attacker to execute code in the local player by providing handcrafted attacker to execute code in the local player by providing handcrafted files. See https://www.real.com/ too. The following security bugs are listed:
Sudo(8) allows the execution of commands as another user and gives the Sudo(8) allows the execution of commands as another user and gives the administrator more flexibility than su(1). administrator more flexibility than su(1). A race condition in the pathname handling of sudo may allow a local user to execute arbitrary commands. To exploit this bug some conditions need to be fulfilled. The attack [More...]
Several bugs were fixed in Vipuls Razor spam detection framework. Several bugs were fixed in Vipuls Razor spam detection framework. These bugs could lead to remote denial-of-service conditions due to processing malformed messages and possible stepping into infinite loops. 2) Solution or Work-Around
The web browser Opera has been updated to version 8.01 to fix various The web browser Opera has been updated to version 8.01 to fix various security-related bugs. security-related bugs. * Fixed XMLHttpRequest redirect vulnerability reported in Secunia Advisory 15008. * Fixed cross-site scripting vulnerability reported in Secunia Advisory 15411.
The anti spam tool SpamAssassin was prone to a denial-of-service The anti spam tool SpamAssassin was prone to a denial-of-service attack. A remote attacker could craft a MIME E-Mail message that attack. A remote attacker could craft a MIME E-Mail message that would waste a lot of CPU cycles parsing the Content-Type header. This is tracked by the Mitre CVE ID CAN-2005-1266. Only SUSE Linux 9.2 an [More...]
Two security bugs in the SUN Java implementation have been fixed. Two security bugs in the SUN Java implementation have been fixed. Java Web Start can be exploited remotely due to an error in input validation of tags in JNLP files, so an attacker can pass arbitrary command-line options to the virtual machine to disable the sandbox and get access to files. This is tracked by the Mitre CVE ID CAN- [More...]
The commercial web browser Opera has been updated to the 8.0 version, The commercial web browser Opera has been updated to the 8.0 version, fixing all currently known security problems, including: fixing all currently known security problems, including: - CAN-2005-0235: IDN cloaking / homograph attack allows easy spoofing of domain names. - CAN-2005-0456: Opera did not validate base64 encoded bi [More...]
This update upgrades Mozilla Firefox to version 1.0.4, fixing the This update upgrades Mozilla Firefox to version 1.0.4, fixing the following security problems: following security problems: MFSA 2005-42: A problem in the install confirmation dialog together with a bad fix for MFSA 2005-41 allowed a remote attacker to execute arbitrary code with the help of a cross site scripting problem on the Mo [More...]
The Linux kernel is the core component of the Linux system. The Linux kernel is the core component of the Linux system. This update fixes various security as well as non-security problems discovered since the last round of kernel updates. Not all kernels are affected by all the problems, each of the problems has an affected note attached to it.
Several problems have been fixed with the security update releases Several problems have been fixed with the security update releases of the Mozilla Firefox 1.0.3 web browser and the Mozilla Suite 1.7.7. of the Mozilla Firefox 1.0.3 web browser and the Mozilla Suite 1.7.7. This security update contains those security fixes. The Firefox packages have been directly upgraded to the version 1.0 [More...]
Several problems were identified and fixed in the PostgreSQL Several problems were identified and fixed in the PostgreSQL database server. database server. Multiple buffer overflows in the low level parsing routines may allow attackers to execute arbitrary code via:(1) a large number of variables in a SQL statement being handled by
This update fixes a security issue within the RealPlayer media player. This update fixes a security issue within the RealPlayer media player. A remote attacker could craft a special .RAM (Real Audio Media) file which would cause a buffer overflow when played within RealPlayer.This is the Real Player Update as referenced on this page:https://www.real.com/
This security update fixes a buffer overflow in OpenOffice_org This security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the document in OpenOffice.This is tracked by the Mitre CVE ID CAN [More...]
The Concurrent Versions System (CVS) offers tools which allow developers The Concurrent Versions System (CVS) offers tools which allow developers to share and maintain large software projects. to share and maintain large software projects. The current maintainer of CVS reported various problems within CVS such as a buffer overflow and memory access problems which have been fixed within the a [More...]
This update fixes the following security issues in the PHP scripting This update fixes the following security issues in the PHP scripting language: language: - A bug in getimagesize() EXIF handling which could lead to a denial of service attack. This is tracked by the Mitre CVE IDs CAN-2005-0524 and CAN-2005-0525.
Several vulnerabilities have been identified and fixed in the KDE Several vulnerabilities have been identified and fixed in the KDE desktop environment. desktop environment. - A buffer overflow via specially crafted PCX pictures was fixed. This could lead to a remote attacker being able to execute code as the user opening or viewing a PCX images. This PCX image could
This Linux kernel security update fixes a problem within the Bluetooth This Linux kernel security update fixes a problem within the Bluetooth kernel stack which can be used by a local attacker to gain root access or kernel stack which can be used by a local attacker to gain root access or crash the machine.To exploit this problem, the Bluetooth modules do not need to be loaded since they are [More...]
Racoon is a ISAKMP key management daemon used in IPsec setups. Racoon is a ISAKMP key management daemon used in IPsec setups. Sebastian Krahmer of the SUSE Security Team audited the daemon and found that it handles certain ISAKMP messages in a slightly wrong way, so that remote attackers can crash it via malformed ISAKMP packages.This update fixes this problem.
MySQL is an Open Source database server, commonly used together with MySQL is an Open Source database server, commonly used together with web services provided by PHP scripts or similar. web services provided by PHP scripts or similar. This security update fixes a broken mysqlhotcopy script as well as several security related bugs:- CAN-2005-0709: MySQL allowed remote authenticated users wi [More...]
