«
Expand/Collapse
536 items tagged "security notice"
Related tags:
hfs filesystem [+],
clement lecigne [+],
automated system [+],
tomas hoger [+],
denial of service [+],
security fixes [+],
ryan lortie [+],
regression [+],
puppet [+],
nick bowler [+],
mitm [+],
message digest algorithm [+],
lortie [+],
juri [+],
incompatible changes [+],
error conditions [+],
diginotar [+],
certificate authority [+],
certificate [+],
attacker [+],
x.org [+],
juri aedla [+],
gain root privileges [+],
mysql [+],
wilfried weissmann [+],
wilfried [+],
wen nienhuys [+],
user [+],
usb devices [+],
timo warns [+],
temporary files [+],
system [+],
snmp server [+],
simon ruderich [+],
server request [+],
server certificate [+],
security groups [+],
sauli [+],
ricky zhou [+],
resource exhaustion [+],
repositories [+],
recursion [+],
quagga [+],
qemu [+],
proxy settings [+],
proxy [+],
process [+],
polina genova [+],
plaintext attack [+],
php server [+],
phil oester [+],
paolo bonzini [+],
option [+],
number capability [+],
nova [+],
markus vervier [+],
manifests [+],
lts [+],
login screen [+],
log entries [+],
libxml [+],
legacy mode [+],
kernels [+],
kernel module [+],
jpeg files [+],
jonathan foote [+],
ioctl [+],
installation script [+],
httpserver [+],
hostnames [+],
host list [+],
hash values [+],
hash table [+],
gsettings [+],
group conversations [+],
glx [+],
firefox [+],
felix geyer [+],
digest authentication [+],
dhcp server [+],
default installation [+],
data directory [+],
dan prince [+],
dan fandrich [+],
cve [+],
confidential data [+],
child processes [+],
certificate name [+],
austin [+],
attackers [+],
architectures [+],
arbitrary locations [+],
arbitrary data [+],
arbitrary commands [+],
application crash [+],
usn [+],
arbitrary code [+],
unprivileged users [+],
robert swiecki [+],
mtab [+],
locale data [+],
jan lieskovsky [+],
j. aedla [+],
host [+],
file [+],
correct password [+],
vasiliy kulikov [+],
ubuntu [+],
security [+],
siteminder [+],
proxy servers [+],
ca arcserve [+],
arcserve backup [+],
arcserve [+],
kulikov [+],
notice [+],
dan rosenberg [+],
man in the middle attack [+],
linux kernel [+],
arbitrary files [+],
ryan sweat [+],
zone data,
xosoft,
william grant,
webscan,
weatherford,
war,
vulnerability,
vulnerabilities,
volker lendecke,
vnc sessions,
vnc,
update,
unix extensions,
udp packets,
txt,
thunderbird,
tgt,
taint,
subversion,
stefan schurtz,
stefan hajnoczi,
sql injection,
single quote,
service desk,
service,
server,
security flaws,
sebastian krahmer,
schwenk,
safe,
rosenberg,
root privileges,
ronald volgers,
remote,
remi,
psp image,
psformx,
provider account,
private keys,
postgresql,
philip martin,
petr matousek,
perl,
performance manager,
pdf,
password reset requests,
parser,
pam motd,
pam,
opie,
open,
null pointer dereference,
nils philippsen,
networkmanager,
nelson elhage,
neil wilson,
natty,
motd,
moinmoin,
module,
mike roszkowski,
memory operations,
memory exhaustion,
memory access,
memory,
matt weatherford,
martin barbella,
malicious server,
mailboxes,
lou,
lintian,
libvpx,
libopie,
libbz,
kononenko,
kevin chen,
kdc service,
kdc,
julius plenz,
jorg schwenk,
jon larimer,
java software,
issue,
integer overflow,
input validation,
ian beer,
https certificates,
hashes,
guest,
google,
gnome,
glob,
gabble,
fuse,
freetype,
font files,
font,
filenames,
file names,
felipe ortega,
fallback,
evince,
evan broder,
eugene,
escalation,
emmanuel bouillon,
ehealth,
edubuntu,
dovecot,
dominik george,
disk operations,
directory traversal,
dhcp client,
despam,
denis excoffier,
denis courmont,
dbus glib,
david zych,
daniel holbert,
dan carpenter,
d2d,
content disposition,
code,
clamav,
circumstances,
christoph diehl,
chris evans,
ca xosoft,
bzip,
bujak,
broder,
bogofilter,
bind,
basedir,
barbella,
andrew griffiths,
admin privileges,
adam zabrocki,
activex,
acl,
access
-
-
14:02
»
Packet Storm Security Advisories
Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.
-
14:02
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.
-
14:02
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1454-1 - A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service.
-
-
19:21
»
Packet Storm Security Advisories
Ubuntu Security Notice 1450-1 - It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service.
-
19:21
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1450-1 - It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service.
-
19:21
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1450-1 - It was discovered that Net-SNMP incorrectly performed entry lookups in the extension table. A remote attacker could send a specially crafted request and cause the SNMP server to crash, leading to a denial of service.
-
-
17:25
»
Packet Storm Security Advisories
Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
17:25
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
17:25
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1447-1 - Juri Aedla discovered that libxml2 contained an off by one error in its XPointer functionality. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program.
-
-
7:07
»
Packet Storm Security Advisories
Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
-
7:07
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
-
7:07
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1444-1 - It was discovered that BackupPC did not properly sanitize its input when processing RestoreFile error messages, resulting in a cross-site scripting (XSS) vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.
-
-
15:46
»
Packet Storm Security Advisories
Ubuntu Security Notice 1442-1 - It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.
-
15:46
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1442-1 - It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.
-
15:46
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1442-1 - It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.
-
-
14:57
»
Packet Storm Security Advisories
Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.
-
14:57
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.
-
14:57
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1441-1 - It was discovered that Quagga incorrectly handled Link State Update messages with invalid lengths. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. It was discovered that Quagga incorrectly handled messages with a malformed Four-octet AS Number Capability. A remote attacker could use this flaw to cause Quagga to crash, resulting in a denial of service. Various other issues were also addressed.
-
-
16:19
»
Packet Storm Security Advisories
Ubuntu Security Notice 1438-1 - Dan Prince discovered that Nova did not enforce quotas for security groups and rules added to security groups. An authenticated user could exploit this to cause a denial of service.
-
16:19
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1438-1 - Dan Prince discovered that Nova did not enforce quotas for security groups and rules added to security groups. An authenticated user could exploit this to cause a denial of service.
-
16:19
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1438-1 - Dan Prince discovered that Nova did not enforce quotas for security groups and rules added to security groups. An authenticated user could exploit this to cause a denial of service.
-
-
19:07
»
Packet Storm Security Advisories
Ubuntu Security Notice 1427-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.62 in Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.96. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
-
19:07
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1427-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.62 in Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.96. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
-
19:07
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1427-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.62 in Ubuntu 10.04 LTS, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.96. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
-
-
12:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1400-5 - USN-1400-1 fixed vulnerabilities in Firefox. Firefox 11 started using GSettings to access the system proxy settings. If there is a GSettings proxy settings schema, Firefox will consume it. The GSettings proxy settings schema that was shipped by default was unused by other applications and broke Firefox's ability to use system proxy settings. This update removes the unused schema. Various other issues were also addressed.
-
12:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1400-5 - USN-1400-1 fixed vulnerabilities in Firefox. Firefox 11 started using GSettings to access the system proxy settings. If there is a GSettings proxy settings schema, Firefox will consume it. The GSettings proxy settings schema that was shipped by default was unused by other applications and broke Firefox's ability to use system proxy settings. This update removes the unused schema. Various other issues were also addressed.
-
12:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1400-5 - USN-1400-1 fixed vulnerabilities in Firefox. Firefox 11 started using GSettings to access the system proxy settings. If there is a GSettings proxy settings schema, Firefox will consume it. The GSettings proxy settings schema that was shipped by default was unused by other applications and broke Firefox's ability to use system proxy settings. This update removes the unused schema. Various other issues were also addressed.
-
-
18:26
»
Packet Storm Security Advisories
Ubuntu Security Notice 1414-1 - It was discovered that Aptdaemon incorrectly handled installing packages without performing a transaction simulation. An attacker could possibly use this flaw to install altered packages.
-
18:26
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1414-1 - It was discovered that Aptdaemon incorrectly handled installing packages without performing a transaction simulation. An attacker could possibly use this flaw to install altered packages.
-
18:26
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1414-1 - It was discovered that Aptdaemon incorrectly handled installing packages without performing a transaction simulation. An attacker could possibly use this flaw to install altered packages.
-
-
20:14
»
Packet Storm Security Advisories
Ubuntu Security Notice 1402-1 - It was discovered that libpng did not properly process compressed chunks. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.
-
20:14
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1402-1 - It was discovered that libpng did not properly process compressed chunks. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.
-
20:14
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1402-1 - It was discovered that libpng did not properly process compressed chunks. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program.
-
-
18:44
»
Packet Storm Security Advisories
Ubuntu Security Notice 1399-2 - Ryan Lortie discovered that a guest session script bundled in the Light Display Manager package improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files.
-
18:44
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1399-2 - Ryan Lortie discovered that a guest session script bundled in the Light Display Manager package improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files.
-
18:44
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1399-2 - Ryan Lortie discovered that a guest session script bundled in the Light Display Manager package improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files.
-
18:43
»
Packet Storm Security Advisories
Ubuntu Security Notice 1399-1 - Ryan Lortie discovered that gdm-guest-session improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files.
-
18:43
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1399-1 - Ryan Lortie discovered that gdm-guest-session improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files.
-
18:43
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1399-1 - Ryan Lortie discovered that gdm-guest-session improperly cleaned out certain guest session files. A local attacker could use this issue to delete arbitrary files.
-
-
18:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1398-1 - Tenho Tuhkala discovered that the LTSP Display Manager (ldm) incorrectly filtered keybindings. An attacker could use the default keybindings to execute arbitrary commands as root at the login screen.
-
18:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1398-1 - Tenho Tuhkala discovered that the LTSP Display Manager (ldm) incorrectly filtered keybindings. An attacker could use the default keybindings to execute arbitrary commands as root at the login screen.
-
18:01
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1398-1 - Tenho Tuhkala discovered that the LTSP Display Manager (ldm) incorrectly filtered keybindings. An attacker could use the default keybindings to execute arbitrary commands as root at the login screen.
-
16:55
»
Packet Storm Security Advisories
Ubuntu Security Notice 1397-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
-
16:55
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1397-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
-
16:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1397-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
-
-
19:45
»
Packet Storm Security Advisories
Ubuntu Security Notice 1395-1 - Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code.
-
19:45
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1395-1 - Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code.
-
19:45
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1395-1 - Markus Vervier discovered that PyPAM incorrectly handled passwords containing NULL bytes. An attacker could exploit this to cause applications using PyPAM to crash, or possibly execute arbitrary code.
-
-
8:40
»
Packet Storm Security Advisories
Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
-
8:40
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
-
8:40
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1391-1 - A flaw was discovered in the XFS filesystem. If a local user mounts a specially crafted XFS image it could potential execute arbitrary code on the system.
-
-
15:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1384-1 - A bug was discovered in the Linux kernel's calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. Various other issues were also addressed.
-
15:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1384-1 - A bug was discovered in the Linux kernel's calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. Various other issues were also addressed.
-
15:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1384-1 - A bug was discovered in the Linux kernel's calculation of OOM (Out of memory) scores, that would result in the wrong process being killed. A user could use this to kill the process with the highest OOM score, even if that process belongs to another user or the system. Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. Various other issues were also addressed.
-
15:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1385-1 - Simon Ruderich discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
-
15:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1385-1 - Simon Ruderich discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
-
15:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1385-1 - Simon Ruderich discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
-
-
8:39
»
Packet Storm Security Advisories
Ubuntu Security Notice 1382-1 - Austin Clements discovered that Light Display Manager incorrectly leaked file descriptors to child processes. A local attacker can use this to bypass intended permissions and write to the log file, cause a denial of service, or possibly have another unknown impact.
-
8:39
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1382-1 - Austin Clements discovered that Light Display Manager incorrectly leaked file descriptors to child processes. A local attacker can use this to bypass intended permissions and write to the log file, cause a denial of service, or possibly have another unknown impact.
-
8:39
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1382-1 - Austin Clements discovered that Light Display Manager incorrectly leaked file descriptors to child processes. A local attacker can use this to bypass intended permissions and write to the log file, cause a denial of service, or possibly have another unknown impact.
-
-
19:55
»
Packet Storm Security Advisories
Ubuntu Security Notice 1373-2 - USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
-
19:55
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1373-2 - USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
-
19:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1373-2 - USN 1373-1 fixed vulnerabilities in OpenJDK 6 in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04 for all architectures except for ARM (armel). This provides the corresponding OpenJDK 6 update for use with the ARM (armel) architecture in Ubuntu 10.04 LTS, Ubuntu 10.10 and Ubuntu 11.04.
-
19:54
»
Packet Storm Security Advisories
Ubuntu Security Notice 1381-1 - It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
-
19:54
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1381-1 - It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
-
19:54
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1381-1 - It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
-
-
8:05
»
Packet Storm Security Advisories
Ubuntu Security Notice 1378-1 - It was discovered that PostgreSQL incorrectly checked permissions on functions called by a trigger. An attacker could attach a trigger to a table they owned and possibly escalate privileges. It was discovered that PostgreSQL incorrectly truncated SSL certificate name checks to 32 characters. If a host name was exactly 32 characters, this issue could be exploited by an attacker to spoof the SSL certificate. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Various other issues were also addressed.
-
8:05
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1378-1 - It was discovered that PostgreSQL incorrectly checked permissions on functions called by a trigger. An attacker could attach a trigger to a table they owned and possibly escalate privileges. It was discovered that PostgreSQL incorrectly truncated SSL certificate name checks to 32 characters. If a host name was exactly 32 characters, this issue could be exploited by an attacker to spoof the SSL certificate. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Various other issues were also addressed.
-
8:05
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1378-1 - It was discovered that PostgreSQL incorrectly checked permissions on functions called by a trigger. An attacker could attach a trigger to a table they owned and possibly escalate privileges. It was discovered that PostgreSQL incorrectly truncated SSL certificate name checks to 32 characters. If a host name was exactly 32 characters, this issue could be exploited by an attacker to spoof the SSL certificate. This issue affected Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Various other issues were also addressed.
-
-
16:36
»
Packet Storm Security Advisories
Ubuntu Security Notice 1376-1 - Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause a denial of service.
-
16:36
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1376-1 - Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause a denial of service.
-
16:36
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1376-1 - Juraj Somorovsky discovered that libxml2 was vulnerable to hash table collisions. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause a denial of service.
-
-
14:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1373-1 - It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. Various other issues were also addressed.
-
14:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1373-1 - It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. Various other issues were also addressed.
-
14:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1373-1 - It was discovered that the Java HttpServer class did not limit the number of headers read from a HTTP request. A remote attacker could cause a denial of service by sending special requests that trigger hash collisions predictably. Various other issues were also addressed.
-
-
19:51
»
Packet Storm Security Advisories
Ubuntu Security Notice 1372-1 - It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root). It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files and escalate privileges. Various other issues were also addressed.
-
19:51
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1372-1 - It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root). It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files and escalate privileges. Various other issues were also addressed.
-
19:51
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1372-1 - It was discovered that Puppet did not drop privileges when executing commands as different users. If an attacker had control of the execution manifests or the executed command, this could be used to execute code with elevated group permissions (typically root). It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files and escalate privileges. Various other issues were also addressed.
-
-
20:44
»
Packet Storm Security Advisories
Ubuntu Security Notice 1371-1 - It was discovered that cvs incorrectly handled certain responses from proxy servers. If a user were tricked into connecting to a malicious proxy server, a remote attacker could cause cvs to crash, or possibly execute arbitrary code.
-
-
15:59
»
Packet Storm Security Advisories
Ubuntu Security Notice 1365-1 - It was discovered that Puppet would allow remote ralsh under certain circumstances. An attacker on an authenticated puppet node could exploit this to view or manipulate resources on other Puppet nodes.
-
15:59
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1365-1 - It was discovered that Puppet would allow remote ralsh under certain circumstances. An attacker on an authenticated puppet node could exploit this to view or manipulate resources on other Puppet nodes.
-
15:59
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1365-1 - It was discovered that Puppet would allow remote ralsh under certain circumstances. An attacker on an authenticated puppet node could exploit this to view or manipulate resources on other Puppet nodes.
-
-
13:10
»
Packet Storm Security Advisories
Ubuntu Security Notice 1359-1 - It was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10. It was discovered that Tomcat computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by sending many crafted parameters. Various other issues were also addressed.
-
13:10
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1359-1 - It was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10. It was discovered that Tomcat computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by sending many crafted parameters. Various other issues were also addressed.
-
13:10
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1359-1 - It was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10. It was discovered that Tomcat computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by sending many crafted parameters. Various other issues were also addressed.
-
13:08
»
Packet Storm Security Advisories
Ubuntu Security Notice 1358-2 - USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. Various other issues were also addressed.
-
13:08
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1358-2 - USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. Various other issues were also addressed.
-
13:08
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1358-2 - USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for CVE-2012-0831 introduced a regression where the state of the magic_quotes_gpc setting was not correctly reflected when calling the ini_get() function. Various other issues were also addressed.
-
-
17:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1354-1 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
-
17:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1354-1 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
-
17:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1354-1 - It was discovered that usbmuxd did not correctly perform bounds checking when processing the SerialNumber field of USB devices. An attacker with physical access could use this to crash usbmuxd or potentially execute arbitrary code as the 'usbmux' user.
-
-
13:17
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1349-1 - It was discovered that the X wrapper incorrectly checked certain console permissions when launched by unprivileged users. An attacker connected remotely could use this flaw to start X, bypassing the console permissions check.
-
13:17
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1349-1 - It was discovered that the X wrapper incorrectly checked certain console permissions when launched by unprivileged users. An attacker connected remotely could use this flaw to start X, bypassing the console permissions check.
-
7:35
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1348-1 - It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
-
7:35
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1348-1 - It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program.
-
-
22:28
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1342-1 - J. Aedla discovered that the kernel incorrectly handled /proc//mem permissions. A local attacker could exploit this and gain root privileges.
-
22:28
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1342-1 - J. Aedla discovered that the kernel incorrectly handled /proc//mem permissions. A local attacker could exploit this and gain root privileges.
-
-
16:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 1263-2 - USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm to fail when using certain algorithms. This update fixes the problem. Various other issues were also addressed.
-
16:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1263-2 - USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm to fail when using certain algorithms. This update fixes the problem. Various other issues were also addressed.
-
16:00
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1263-2 - USN-1263-1 fixed vulnerabilities in OpenJDK 6. The upstream patch for the chosen plaintext attack on the block-wise AES encryption algorithm to fail when using certain algorithms. This update fixes the problem. Various other issues were also addressed.
-
13:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1346-1 - Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected.
-
13:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1346-1 - Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected.
-
13:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1346-1 - Dan Fandrich discovered that curl incorrectly handled URLs containing embedded or percent-encoded control characters. If a user or automated system were tricked into processing a specially crafted URL, arbitrary data could be injected.
-
10:03
»
Packet Storm Security Advisories
Ubuntu Security Notice 1344-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
-
10:03
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1344-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
-
10:03
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1344-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
-
-
20:18
»
Packet Storm Security Advisories
Ubuntu Security Notice 1339-1 - Nicolae Mogoreanu discovered that QEMU did not properly verify legacy mode packets in the e1000 network driver. A remote attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. When using QEMU with libvirt or virtualization management software based on libvirt such as Eucalyptus and OpenStack, QEMU guests are individually isolated by an AppArmor profile by default in Ubuntu. Various other issues were also addressed.
-
20:18
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1339-1 - Nicolae Mogoreanu discovered that QEMU did not properly verify legacy mode packets in the e1000 network driver. A remote attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. When using QEMU with libvirt or virtualization management software based on libvirt such as Eucalyptus and OpenStack, QEMU guests are individually isolated by an AppArmor profile by default in Ubuntu. Various other issues were also addressed.
-
20:18
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1339-1 - Nicolae Mogoreanu discovered that QEMU did not properly verify legacy mode packets in the e1000 network driver. A remote attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. When using QEMU with libvirt or virtualization management software based on libvirt such as Eucalyptus and OpenStack, QEMU guests are individually isolated by an AppArmor profile by default in Ubuntu. Various other issues were also addressed.
-
8:32
»
Packet Storm Security Advisories
Ubuntu Security Notice 1336-1 - Juri Aedla discovered that the kernel incorrectly handled /proc/pid/mem permissions. A local attacker could exploit this and gain root privileges.
-
8:32
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1336-1 - Juri Aedla discovered that the kernel incorrectly handled /proc/pid/mem permissions. A local attacker could exploit this and gain root privileges.
-
8:32
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1336-1 - Juri Aedla discovered that the kernel incorrectly handled /proc/pid/mem permissions. A local attacker could exploit this and gain root privileges.
-
-
15:51
»
Packet Storm Security Advisories
Ubuntu Security Notice 1334-1 - It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
-
15:51
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1334-1 - It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
-
15:51
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1334-1 - It was discovered that libxml2 contained an off by one error. If a user or application linked against libxml2 were tricked into opening a specially crafted XML file, an attacker could cause the application to crash or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libxml2 is vulnerable to double-free conditions when parsing certain XML documents. This could allow a remote attacker to cause a denial of service. Various other issues were also addressed.
-
-
16:28
»
Packet Storm Security Advisories
Ubuntu Security Notice 1329-1 - Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.
-
16:28
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1329-1 - Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.
-
16:28
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1329-1 - Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local user who can mount a FUSE file system could cause a denial of service.
-
16:27
»
Packet Storm Security Advisories
Ubuntu Security Notice 1328-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
-
16:27
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1328-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
-
16:27
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1328-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
-
-
8:14
»
Packet Storm Security Advisories
Ubuntu Security Notice 1324-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
-
8:14
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1324-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
-
8:14
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1324-1 - Clement Lecigne discovered a bug in the HFS filesystem. A local attacker could exploit this to cause a kernel oops. A flaw was found in how the Linux kernel handles user-defined key types. An unprivileged local user could exploit this to crash the system.
-
-
11:38
»
Packet Storm Security Advisories
Ubuntu Security Notice 1315-1 - Jonathan Foote discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
-
11:38
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1315-1 - Jonathan Foote discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
-
11:38
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1315-1 - Jonathan Foote discovered that JasPer incorrectly handled certain malformed JPEG-2000 image files. If a user were tricked into opening a specially crafted JPEG-2000 image file, a remote attacker could cause JasPer to crash or possibly execute arbitrary code with user privileges.
-
-
15:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 1313-1 - Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.
-
15:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1313-1 - Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.
-
15:00
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1313-1 - Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.
-
-
15:48
»
Packet Storm Security Advisories
Ubuntu Security Notice 1309-1 - It was discovered that the DHCP server incorrectly handled certain malformed packets when configured to evaluate regular expressions. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.
-
15:48
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1309-1 - It was discovered that the DHCP server incorrectly handled certain malformed packets when configured to evaluate regular expressions. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.
-
15:48
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1309-1 - It was discovered that the DHCP server incorrectly handled certain malformed packets when configured to evaluate regular expressions. A remote attacker could use this issue to cause DHCP to crash, resulting in a denial of service.
-
-
16:59
»
Packet Storm Security Advisories
Ubuntu Security Notice 1308-1 - vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable.
-
16:59
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1308-1 - vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable.
-
16:59
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1308-1 - vladz discovered that executables compressed by bzexe insecurely create temporary files when they are ran. A local attacker could exploit this issue to execute arbitrary code as the user running a compressed executable.
-
16:41
»
Packet Storm Security Advisories
Ubuntu Security Notice 1307-1 - Florent Hochwelker discovered that PHP incorrectly handled certain EXIF headers in JPEG files. A remote attacker could exploit this issue to view sensitive information or cause the PHP server to crash.
-
16:41
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1307-1 - Florent Hochwelker discovered that PHP incorrectly handled certain EXIF headers in JPEG files. A remote attacker could exploit this issue to view sensitive information or cause the PHP server to crash.
-
16:41
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1307-1 - Florent Hochwelker discovered that PHP incorrectly handled certain EXIF headers in JPEG files. A remote attacker could exploit this issue to view sensitive information or cause the PHP server to crash.
-
-
18:23
»
Packet Storm Security Advisories
Ubuntu Security Notice 1298-1 - Wilfried Weissmann discovered that Apache Commons Daemon incorrectly dropped capabilities after starting. A remote attacker could possibly use this flaw to read certain files, bypassing the intended permissions.
-
18:23
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1298-1 - Wilfried Weissmann discovered that Apache Commons Daemon incorrectly dropped capabilities after starting. A remote attacker could possibly use this flaw to read certain files, bypassing the intended permissions.
-
18:23
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1298-1 - Wilfried Weissmann discovered that Apache Commons Daemon incorrectly dropped capabilities after starting. A remote attacker could possibly use this flaw to read certain files, bypassing the intended permissions.
-
-
16:37
»
Packet Storm Security Advisories
Ubuntu Security Notice 1295-1 - It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
-
16:37
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1295-1 - It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
-
16:37
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1295-1 - It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
-
-
19:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1289-1 - It was discovered that colord incorrectly handled certain SQL queries. A local attacker could exploit this to modify arbitrary sqlite databases. On Ubuntu, colord runs as its own user by default, so standard file permissions would limit which databases could be altered.
-
19:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1289-1 - It was discovered that colord incorrectly handled certain SQL queries. A local attacker could exploit this to modify arbitrary sqlite databases. On Ubuntu, colord runs as its own user by default, so standard file permissions would limit which databases could be altered.
-
19:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1289-1 - It was discovered that colord incorrectly handled certain SQL queries. A local attacker could exploit this to modify arbitrary sqlite databases. On Ubuntu, colord runs as its own user by default, so standard file permissions would limit which databases could be altered.
-
-
17:47
»
Packet Storm Security Advisories
Ubuntu Security Notice 1287-1 - Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.
-
17:47
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1287-1 - Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.
-
17:47
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1287-1 - Nick Bowler discovered the kernel GHASH message digest algorithm incorrectly handled error conditions. A local attacker could exploit this to cause a kernel oops.
-
-
3:11
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1280-1 - It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service.
-
3:11
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1280-1 - It was discovered that CIFS incorrectly handled authentication. When a user had a CIFS share mounted that required authentication, a local user could mount the same share without knowing the correct password. Robert Swiecki discovered that mapping extensions were incorrectly handled. A local attacker could exploit this to crash the system, leading to a denial of service.
-
-
17:13
»
Packet Storm Security Advisories
Ubuntu Security Notice 1275-1 - Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.
-
17:13
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1275-1 - Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.
-
17:13
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1275-1 - Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.
-
-
15:30
»
Packet Storm Security Advisories
Ubuntu Security Notice 1266-1 - It was discovered that slapd contained an off-by-one error. An authenticated attacker could potentially exploit this by sending a crafted LDIF entry containing an empty postalAddress.
-
15:30
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1266-1 - It was discovered that slapd contained an off-by-one error. An authenticated attacker could potentially exploit this by sending a crafted LDIF entry containing an empty postalAddress.
-
15:30
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1266-1 - It was discovered that slapd contained an off-by-one error. An authenticated attacker could potentially exploit this by sending a crafted LDIF entry containing an empty postalAddress.
-
-
18:44
»
Packet Storm Security Advisories
Ubuntu Security Notice 1264-1 - It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
18:44
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1264-1 - It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
18:44
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1264-1 - It was discovered that Bind incorrectly handled certain specially crafted packets. A remote attacker could use this flaw to cause Bind to crash, resulting in a denial of service.
-
-
21:38
»
Packet Storm Security Advisories
Ubuntu Security Notice 1260-1 - Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.
-
21:38
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1260-1 - Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.
-
21:38
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1260-1 - Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy.
-
-
19:09
»
Packet Storm Security Advisories
Ubuntu Security Notice 1258-1 - Stephane Chazelas discovered the bytecode engine of ClamAV improperly handled recursion under certain circumstances. This could allow a remote attacker to craft a file that could cause ClamAV to crash, resulting in a denial of service.
-
19:09
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1258-1 - Stephane Chazelas discovered the bytecode engine of ClamAV improperly handled recursion under certain circumstances. This could allow a remote attacker to craft a file that could cause ClamAV to crash, resulting in a denial of service.
-
19:09
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1258-1 - Stephane Chazelas discovered the bytecode engine of ClamAV improperly handled recursion under certain circumstances. This could allow a remote attacker to craft a file that could cause ClamAV to crash, resulting in a denial of service.
-
-
8:05
»
Packet Storm Security Advisories
Ubuntu Security Notice 1253-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
8:05
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1253-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
8:05
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1253-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
-
7:23
»
Packet Storm Security Advisories
Ubuntu Security Notice 1252-1 - It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX user creation. A local attacker could possibly use this flaw to obtain sensitive information. This issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. Various other issues were also addressed.
-
7:23
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1252-1 - It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX user creation. A local attacker could possibly use this flaw to obtain sensitive information. This issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. Various other issues were also addressed.
-
7:23
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1252-1 - It was discovered that Tomcat incorrectly implemented HTTP DIGEST authentication. An attacker could use this flaw to perform a variety of authentication attacks. Polina Genova discovered that Tomcat incorrectly created log entries with passwords when encountering errors during JMX user creation. A local attacker could possibly use this flaw to obtain sensitive information. This issue only affected Ubuntu 10.04 LTS, 10.10 and 11.04. Various other issues were also addressed.
-
-
14:48
»
Packet Storm Security Advisories
Ubuntu Security Notice 1250-1 - It was discovered that a cross-site scripting (XSS) vulnerability in the Adium theme allows remote attackers to inject arbitrary javascript or HTML via a crafted nickname in XMPP group conversations.
-
14:48
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1250-1 - It was discovered that a cross-site scripting (XSS) vulnerability in the Adium theme allows remote attackers to inject arbitrary javascript or HTML via a crafted nickname in XMPP group conversations.
-
14:48
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1250-1 - It was discovered that a cross-site scripting (XSS) vulnerability in the Adium theme allows remote attackers to inject arbitrary javascript or HTML via a crafted nickname in XMPP group conversations.
-
-
12:55
»
Packet Storm Security Advisories
Ubuntu Security Notice 1245-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
12:55
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1245-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
12:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1245-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
12:54
»
Packet Storm Security Advisories
Ubuntu Security Notice 1243-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
-
12:54
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1243-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
-
12:54
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1243-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
-
12:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1242-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
-
12:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1242-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
-
12:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1242-1 - It was discovered that the security fix for CVE-2010-4250 introduced a regression. A remote attacker could exploit this to crash the system, leading to a denial of service. Vasiliy Kulikov discovered that taskstats did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Vasiliy Kulikov discovered that /proc/PID/io did not enforce access restrictions. A local attacker could exploit this to read certain information, leading to a loss of privacy. Various other issues were also addressed.
-
12:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1240-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
12:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1240-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
12:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1240-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
12:52
»
Packet Storm Security Advisories
Ubuntu Security Notice 1239-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
12:52
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1239-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
12:52
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1239-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
-
-
15:18
»
Packet Storm Security Advisories
Ubuntu Security Notice 1232-3 - USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was released to temporarily disable the problematic security fix. This update includes a revised fix for CVE-2010-4818.
-
15:18
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1232-3 - USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was released to temporarily disable the problematic security fix. This update includes a revised fix for CVE-2010-4818.
-
15:18
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1232-3 - USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support, and USN-1232-2 was released to temporarily disable the problematic security fix. This update includes a revised fix for CVE-2010-4818.
-
-
16:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1234-1 - Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service.
-
16:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1234-1 - Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service.
-
16:01
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1234-1 - Vasiliy Kulikov discovered that acpid did not properly handle connections from poorly behaving clients. A local attacker could potentially exploit this to cause a denial of service.
-
-
15:52
»
Packet Storm Security Advisories
Ubuntu Security Notice 1192-3 - USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this caused a regression in libvoikko which caused Firefox to crash while spell checking words with hyphens. This update corrects the issue.
-
15:52
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1192-3 - USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this caused a regression in libvoikko which caused Firefox to crash while spell checking words with hyphens. This update corrects the issue.
-
15:52
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1192-3 - USN-1192-1 provided Firefox 6 as a security upgrade. Unfortunately, this caused a regression in libvoikko which caused Firefox to crash while spell checking words with hyphens. This update corrects the issue.
-
15:50
»
Packet Storm Security Advisories
Ubuntu Security Notice 1232-2 - USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support. This update temporarily disables the fix for CVE-2010-4818 that introduced the regression.
-
15:50
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1232-2 - USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support. This update temporarily disables the fix for CVE-2010-4818 that introduced the regression.
-
15:50
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1232-2 - USN-1232-1 fixed vulnerabilities in the X.Org X server. A regression was found on Ubuntu 10.04 LTS that affected GLX support. This update temporarily disables the fix for CVE-2010-4818 that introduced the regression.
-
-
7:37
»
Packet Storm Security Advisories
Ubuntu Security Notice 1230-1 - Felix Geyer discovered that the quassel-core post installation script created data and logging directories which were readable by all users. The post installation script also generated a certificate, in the data directory, which was readable by all users.
-
7:37
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1230-1 - Felix Geyer discovered that the quassel-core post installation script created data and logging directories which were readable by all users. The post installation script also generated a certificate, in the data directory, which was readable by all users.
-
7:37
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1230-1 - Felix Geyer discovered that the quassel-core post installation script created data and logging directories which were readable by all users. The post installation script also generated a certificate, in the data directory, which was readable by all users.
-
-
14:34
»
Packet Storm Security Advisories
Ubuntu Security Notice 1226-2 - Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Various other issues were also addressed.
-
14:34
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1226-2 - Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Various other issues were also addressed.
-
14:34
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1226-2 - Dan Rosenberg discovered that cifs-utils incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that cifs-utils incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Various other issues were also addressed.
-
14:33
»
Packet Storm Security Advisories
Ubuntu Security Notice 1226-1 - Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that Samba incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
-
14:33
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1226-1 - Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that Samba incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
-
14:33
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1226-1 - Dan Rosenberg discovered that Samba incorrectly handled changes to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. Jan Lieskovsky discovered that Samba incorrectly filtered certain strings being added to the mtab file. A local attacker could use this issue to corrupt the mtab file, possibly leading to a denial of service. This issue only affected Ubuntu 10.04 LTS. Various other issues were also addressed.
-
-
8:55
»
Packet Storm Security Advisories
Ubuntu Security Notice 1224-1 - It was discovered that rsyslog had an off-by-two error when parsing legacy syslog messages. An attacker could potentially exploit this to cause a denial of service via application crash.
-
8:55
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1224-1 - It was discovered that rsyslog had an off-by-two error when parsing legacy syslog messages. An attacker could potentially exploit this to cause a denial of service via application crash.
-
8:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1224-1 - It was discovered that rsyslog had an off-by-two error when parsing legacy syslog messages. An attacker could potentially exploit this to cause a denial of service via application crash.
-
-
11:18
»
Packet Storm Security Advisories
Ubuntu Security Notice 1223-1 - It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.
-
11:18
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1223-1 - It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.
-
11:18
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1223-1 - It was discovered that Puppet unsafely opened files when the k5login type is used to manage files. A local attacker could exploit this to overwrite arbitrary files which could be used to escalate privileges. Ricky Zhou discovered that Puppet did not drop privileges when creating SSH authorized_keys files. A local attacker could exploit this to overwrite arbitrary files as root. It was discovered that Puppet used a predictable filename when using the --edit resource. A local attacker could exploit this to edit arbitrary files or run arbitrary code as the user invoking the program, typically root. Various other issues were also addressed.
-
-
9:42
»
Packet Storm Security Advisories
Ubuntu Security Notice 1197-6 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides an update for Qt that blacklists the known fraudulent certificates. USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.
-
9:42
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1197-6 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides an update for Qt that blacklists the known fraudulent certificates. USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.
-
9:42
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1197-6 - USN-1197-1 and USN-1197-3 addressed an issue in Firefox and Xulrunner pertaining to the Dutch Certificate Authority DigiNotar mis-issuing fraudulent certificates. This update provides an update for Qt that blacklists the known fraudulent certificates. USN-1197-1 It was discovered that Dutch Certificate Authority DigiNotar had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor.
-
9:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
-
9:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
-
9:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
-
-
8:56
»
Packet Storm Security Advisories
Ubuntu Security Notice 1214-1 - Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
8:56
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1214-1 - Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
8:56
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1214-1 - Tomas Hoger discovered that GIMP incorrectly handled malformed LZW streams. If a user were tricked into opening a specially crafted GIF image file, an attacker could cause GIMP to crash, or possibly execute arbitrary code with the user's privileges.
-
-
15:51
»
Packet Storm Security Advisories
Ubuntu Security Notice 1207-1 - Tomas Hoger discovered that the CUPS image library incorrectly handled LZW streams. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code.
-
15:51
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1207-1 - Tomas Hoger discovered that the CUPS image library incorrectly handled LZW streams. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code.
-
15:51
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1207-1 - Tomas Hoger discovered that the CUPS image library incorrectly handled LZW streams. A remote attacker could use this flaw to cause a denial of service or possibly execute arbitrary code.
-
-
22:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1206-1 - Sauli Pahlman discovered that librsvg did not correctly handle malformed filter names. If a user or automated system were tricked into processing a specially crafted SVG image, a remote attacker could gain user privileges.
-
22:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1206-1 - Sauli Pahlman discovered that librsvg did not correctly handle malformed filter names. If a user or automated system were tricked into processing a specially crafted SVG image, a remote attacker could gain user privileges.
-
22:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1206-1 - Sauli Pahlman discovered that librsvg did not correctly handle malformed filter names. If a user or automated system were tricked into processing a specially crafted SVG image, a remote attacker could gain user privileges.
-
-
17:03
»
Packet Storm Security Advisories
Ubuntu Security Notice 1199-1 - A flaw was discovered in the byterange filter in Apache. A remote attacker could exploit this to cause a denial of service via resource exhaustion.
-
17:03
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1199-1 - A flaw was discovered in the byterange filter in Apache. A remote attacker could exploit this to cause a denial of service via resource exhaustion.
-
17:03
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1199-1 - A flaw was discovered in the byterange filter in Apache. A remote attacker could exploit this to cause a denial of service via resource exhaustion.
-
-
19:07
»
Packet Storm Security Advisories
Ubuntu Security Notice 1197-1 - It was discovered that Dutch Certificate Authority DigiNotar, had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor. Various other issues were also addressed.
-
19:07
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1197-1 - It was discovered that Dutch Certificate Authority DigiNotar, had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor. Various other issues were also addressed.
-
19:07
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1197-1 - It was discovered that Dutch Certificate Authority DigiNotar, had mis-issued multiple fraudulent certificates. These certificates could allow an attacker to perform a "man in the middle" (MITM) attack which would make the user believe their connection is secure, but is actually being monitored. For the protection of its users, Mozilla has removed the DigiNotar certificate. Sites using certificates issued by DigiNotar will need to seek another certificate vendor. Various other issues were also addressed.
-
-
7:34
»
Packet Storm Security Advisories
Ubuntu Security Notice 1196-1 - It was discovered that eCryptfs incorrectly handled permissions when modifying the mtab file. A local attacker could use this flaw to manipulate the mtab file, and possibly unmount arbitrary locations, leading to a denial of service.
-
7:34
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1196-1 - It was discovered that eCryptfs incorrectly handled permissions when modifying the mtab file. A local attacker could use this flaw to manipulate the mtab file, and possibly unmount arbitrary locations, leading to a denial of service.
-
7:34
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1196-1 - It was discovered that eCryptfs incorrectly handled permissions when modifying the mtab file. A local attacker could use this flaw to manipulate the mtab file, and possibly unmount arbitrary locations, leading to a denial of service.
-
-
17:04
»
Packet Storm Security Advisories
Ubuntu Security Notice 1193-1 - Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Various other issues were also addressed.
-
17:04
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1193-1 - Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Various other issues were also addressed.
-
17:04
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1193-1 - Timo Warns discovered that the GUID partition parsing routines did not correctly validate certain structures. A local attacker with physical access could plug in a specially crafted block device to crash the system, leading to a denial of service. Phil Oester discovered that the network bonding system did not correctly handle large queues. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Various other issues were also addressed.
-
-
8:32
»
Packet Storm Security Advisories
Ubuntu Security Notice 1191-1 - Tomas Hoger discovered that libXfont incorrectly handled certain malformed compressed fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.
-
8:32
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1191-1 - Tomas Hoger discovered that libXfont incorrectly handled certain malformed compressed fonts. An attacker could use a specially crafted font file to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Hack a Day
Wirevolution