«
Expand/Collapse
41 items tagged "lts"
Related tags:
security notice [+],
root privileges [+],
notice [+],
gain privileges [+],
denial of service [+],
usn [+],
x.org [+],
verify host [+],
venema [+],
unix sockets [+],
symlink attack [+],
source ports [+],
server [+],
postfix [+],
option [+],
memory exhaustion [+],
mateusz kocielski [+],
marek kroemeke [+],
man in the middle attack [+],
mail directories [+],
lynx [+],
libvirt [+],
krzysztof kotowicz [+],
kerberos [+],
kdc [+],
jeremy nickurak [+],
jar files [+],
issue [+],
filip palian [+],
exim [+],
elliptic curve [+],
digital signature algorithm [+],
default compiler [+],
dan rosenberg [+],
curve cryptography [+],
curve [+],
configuration option [+],
based buffer overflow [+],
backing store [+],
arm architecture [+],
arbitrary data [+],
adam langley [+],
ubuntu [+],
user [+],
txt [+],
truetype font files [+],
marc schoenefeld [+],
internet printing protocol [+],
host [+],
freetype [+],
emmanuel bouillon [+],
cups [+],
chris evans [+],
buffer overflow vulnerability [+],
arbitrary code [+],
security [+],
mdns [+],
ftp client [+],
ftp [+],
default configuration [+],
client v0 [+],
build [+],
avahi [+],
arbitrary files [+]
-
-
23:44
»
Packet Storm Security Advisories
Ubuntu Security Notice 1357-1 - It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
-
23:44
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1357-1 - It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
-
23:44
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1357-1 - It was discovered that the elliptic curve cryptography (ECC) subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm (ECDSA) for the ECDHE_ECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timing attack. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Adam Langley discovered that the ephemeral Elliptic Curve Diffie-Hellman (ECDH) functionality in OpenSSL did not ensure thread safety while processing handshake messages from clients. This could allow a remote attacker to cause a denial of service via out-of-order messages that violate the TLS protocol. This issue only affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
-
-
15:38
»
Packet Storm Security Advisories
Ubuntu Security Notice 1283-1 - It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. USN-1215-1 fixed a vulnerability in APT by disabling the apt-key net-update option. This update re-enables the option with corrected verification. It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
-
15:38
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1283-1 - It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. USN-1215-1 fixed a vulnerability in APT by disabling the apt-key net-update option. This update re-enables the option with corrected verification. It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
-
15:38
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1283-1 - It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. USN-1215-1 fixed a vulnerability in APT by disabling the apt-key net-update option. This update re-enables the option with corrected verification. It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
-
-
15:50
»
Packet Storm Security Advisories
Ubuntu Security Notice 1232-2 - USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support. This update temporarily disables the fix for CVE-2010-4818 that introduced the regression.
-
15:50
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1232-2 - USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support. This update temporarily disables the fix for CVE-2010-4818 that introduced the regression.
-
15:50
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1232-2 - USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support. This update temporarily disables the fix for CVE-2010-4818 that introduced the regression.
-
-
12:41
»
Packet Storm Security Advisories
Ubuntu Security Notice 1232-1 - It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
-
12:41
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1232-1 - It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
-
12:41
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1232-1 - It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly execute arbitrary code with root privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that the X server incorrectly handled certain malformed input. An authorized attacker could exploit this to cause the X server to crash, leading to a denial or service, or possibly read arbitrary data from the X server process. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
-
7:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 1231-1 - Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function's handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Krzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests. This may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
-
7:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1231-1 - Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function's handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Krzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests. This may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
-
7:00
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1231-1 - Mateusz Kocielski, Marek Kroemeke and Filip Palian discovered that a stack-based buffer overflow existed in the socket_connect function's handling of long pathnames for AF_UNIX sockets. A remote attacker might be able to exploit this to execute arbitrary code; however, the default compiler options for affected releases should reduce the vulnerability to a denial of service. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Krzysztof Kotowicz discovered that the PHP post handler function does not properly restrict filenames in multipart/form-data POST requests. This may allow remote attackers to conduct absolute path traversal attacks and possibly create or overwrite arbitrary files. This issue affected Ubuntu 8.04 LTS, Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04. Various other issues were also addressed.
-
-
15:40
»
Packet Storm Security Advisories
Ubuntu Security Notice 1113-1 - It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords.
-
15:40
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1113-1 - It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords.
-
15:40
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1113-1 - It was discovered that the Postfix package incorrectly granted write access on the PID directory to the postfix user. A local attacker could use this flaw to possibly conduct a symlink attack and overwrite arbitrary files. This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. Wietse Venema discovered that Postfix incorrectly handled cleartext commands after TLS is in place. A remote attacker could exploit this to inject cleartext commands into TLS sessions, and possibly obtain confidential information such as passwords.
-
-
7:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1060-1 - It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. It was discovered that Exim incorrectly handled certain return values when handling logging. A local attacker could use this flaw to obtain root privileges. Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit mail directories. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS.
-
7:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1060-1 - It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. It was discovered that Exim incorrectly handled certain return values when handling logging. A local attacker could use this flaw to obtain root privileges. Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit mail directories. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS.
-
7:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1060-1 - It was discovered that Exim contained a design flaw in the way it processed alternate configuration files. An attacker that obtained privileges of the "Debian-exim" user could use an alternate configuration file to obtain root privileges. It was discovered that Exim incorrectly handled certain return values when handling logging. A local attacker could use this flaw to obtain root privileges. Dan Rosenberg discovered that Exim incorrectly handled writable sticky-bit mail directories. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS. Dan Rosenberg discovered that Exim incorrectly handled MBX locking. If Exim were configured in this manner, a local user could use this flaw to cause a denial of service or possibly gain privileges. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, 9.10, and 10.04 LTS.
-
-
15:17
»
Packet Storm Security Advisories
Ubuntu Security Notice 1055-1 - It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu 10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures except for the armel (ARM) architecture. This update provides the corresponding update for Ubuntu 10.10 on the armel (ARM) architecture. It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended security policy in its checkPermission method. This could allow an attacker to execute code with privileges that should have been prevented.
-
15:17
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1055-1 - It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu 10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures except for the armel (ARM) architecture. This update provides the corresponding update for Ubuntu 10.10 on the armel (ARM) architecture. It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended security policy in its checkPermission method. This could allow an attacker to execute code with privileges that should have been prevented.
-
15:17
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1055-1 - It was discovered that IcedTea for Java did not properly verify signatures when handling multiply signed or partially signed JAR files, allowing an attacker to cause code to execute that appeared to come from a verified source. USN 1052-1 fixed a vulnerability in OpenJDK for Ubuntu 9.10 and Ubuntu 10.04 LTS on all architectures, and Ubuntu 10.10 for all architectures except for the armel (ARM) architecture. This update provides the corresponding update for Ubuntu 10.10 on the armel (ARM) architecture. It was discovered that the JNLP SecurityManager in IcedTea for Java OpenJDK in some instances failed to properly apply the intended security policy in its checkPermission method. This could allow an attacker to execute code with privileges that should have been prevented.
-
-
19:12
»
Packet Storm Security Advisories
Ubuntu Security Notice 1030-1 - It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message. It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to forge GSS tokens or gain privileges. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that Kerberos did not reject RC4 key-derivation checksums. An authenticated remote user could use this issue to forge AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that Kerberos did not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user could use this flaw to impersonate a client. This issue only affected Ubuntu 9.10.
-
19:12
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1030-1 - It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message. It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to forge GSS tokens or gain privileges. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that Kerberos did not reject RC4 key-derivation checksums. An authenticated remote user could use this issue to forge AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that Kerberos did not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user could use this flaw to impersonate a client. This issue only affected Ubuntu 9.10.
-
19:12
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1030-1 - It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to alter the prompt message, modify a response to a Key Distribution Center (KDC) or forge a KRB-SAFE message. It was discovered that Kerberos did not properly determine the acceptability of certain checksums. A remote attacker could use certain checksums to forge GSS tokens or gain privileges. This issue only affected Ubuntu 9.10, 10.04 LTS and 10.10. It was discovered that Kerberos did not reject RC4 key-derivation checksums. An authenticated remote user could use this issue to forge AD-SIGNEDPATH or AD-KDC-ISSUED signatures and possibly gain privileges. This issue only affected Ubuntu 10.04 LTS and 10.10. It was discovered that Kerberos did not properly restrict the use of TGT credentials for armoring TGS requests. A remote authenticated user could use this flaw to impersonate a client. This issue only affected Ubuntu 9.10.
-
-
10:54
»
Packet Storm Security Advisories
Ubuntu Security Notice 1021-1 - It was discovered that Apache's mod_cache and mod_dav modules incorrectly handled requests that lacked a path. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that Apache did not properly handle memory when destroying APR buckets. A remote attacker could exploit this with crafted requests and cause a denial of service via memory exhaustion. This issue affected Ubuntu 6.06 LTS and 10.10.
-
10:54
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1021-1 - It was discovered that Apache's mod_cache and mod_dav modules incorrectly handled requests that lacked a path. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that Apache did not properly handle memory when destroying APR buckets. A remote attacker could exploit this with crafted requests and cause a denial of service via memory exhaustion. This issue affected Ubuntu 6.06 LTS and 10.10.
-
10:54
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1021-1 - It was discovered that Apache's mod_cache and mod_dav modules incorrectly handled requests that lacked a path. A remote attacker could exploit this with a crafted request and cause a denial of service. This issue affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. It was discovered that Apache did not properly handle memory when destroying APR buckets. A remote attacker could exploit this with crafted requests and cause a denial of service via memory exhaustion. This issue affected Ubuntu 6.06 LTS and 10.10.
-
-
22:28
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1012-1 - Emmanuel Bouillon discovered that CUPS did not properly handle certain Internet Printing Protocol (IPP) packets. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code. In the default installation in Ubuntu 8.04 LTS and later, attackers would be isolated by the CUPS AppArmor profile.
-
22:25
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1013-1 - Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. Chris Evans discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
-
22:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1012-1 - Emmanuel Bouillon discovered that CUPS did not properly handle certain Internet Printing Protocol (IPP) packets. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code. In the default installation in Ubuntu 8.04 LTS and later, attackers would be isolated by the CUPS AppArmor profile.
-
22:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1013-1 - Marc Schoenefeld discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 6.06 LTS, 8.04 LTS, 9.10 and 10.04 LTS. Chris Evans discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges. This issue only affected Ubuntu 8.04 LTS, 9.10, 10.04 LTS and 10.10. It was discovered that FreeType did not correctly handle certain malformed TrueType font files. If a user were tricked into using a specially crafted TrueType file, a remote attacker could cause FreeType to crash or possibly execute arbitrary code with user privileges.
-
-
20:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1008-3 - USN-1008-1 fixed vulnerabilities in libvirt. The update for Ubuntu 10.04 LTS reverted a recent bug fix update. This update fixes the problem. It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.
-
-
23:02
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1008-1 - It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.
-
23:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 1008-1 - It was discovered that libvirt would probe disk backing stores without consulting the defined format for the disk. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue only affected Ubuntu 10.04 LTS. By default, guests are confined by an AppArmor profile which provided partial protection against this flaw. It was discovered that libvirt would create new VMs without setting a backing store format. A privileged attacker in the guest could exploit this to read arbitrary files on the host. This issue did not affect Ubuntu 8.04 LTS. In Ubuntu 9.10 and later guests are confined by an AppArmor profile which provided partial protection against this flaw. Jeremy Nickurak discovered that libvirt created iptables rules with too lenient mappings of source ports. A privileged attacker in the guest could bypass intended restrictions to access privileged resources on the host.
-
-
14:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 992-1 - It was discovered that Avahi incorrectly handled certain mDNS query packets when the reflector feature is enabled, which is not the default configuration on Ubuntu. A remote attacker could send crafted mDNS queries and perform a denial of service on the server and on the network. This issue only affected Ubuntu 8.04 LTS and 9.04. It was discovered that Avahi incorrectly handled mDNS packets with corrupted checksums. A remote attacker could send crafted mDNS packets and cause Avahi to crash, resulting in a denial of service.
-
18:33
»
Packet Storm Security Exploits
Ubuntu 10.04 LTS - Lucid Lynx FTP Client version 0.17-19build1 suffers from a buffer overflow vulnerability related to the ACCT command.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution