Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu Essential and Critical Security Patch Updates - Page 492

Find the information you need for your favorite open source distribution .

Ubuntu 6.06 LTS USN-352-1 Critical: Thunderbirds Malicious Email Exploit

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Various flaws have been reported that allow an attacker to execute arbitrary code with user privileges by tricking the user into opening a malicious email containing JavaScript. Please note that JavaScript is disabled by default for emails, and it is not recommended to enable it. The following CVEIDs have been addressed: CVE-2006-4253, CVE-2006-4565, CVE-2006-4566, CVE-2006-4571, CVE-2006-4340, CVE-2006-4567, CVE-2006-4570

Ubuntu: USN-359-1 High: ffmpeg and xine-lib Arbitrary Code Execution

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

XFOCUS Security Team discovered that the AVI decoder used in xine-lib did not correctly validate certain headers. By tricking a user into playing an AVI with malicious headers, an attacker could execute arbitrary code with the target user's privileges. (CVE-2006-4799) Multiple integer overflows were discovered in ffmpeg and tools that contain a copy of ffmpeg (like xine-lib and kino), for several types of video formats. By tricking a user into running a video player that uses ffmpeg on a stream with malicious content, an attacker could execute arbitrary code with the target user's privileges. (CVE-2006-4800)