(Jul 30) Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation. [More…]
(Jul 8) Ulf Härnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution. [More…]
(Jul 4) Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform. CVE-2012-1711 CVE-2012-1719 [More…]
(Jul 12) Several security issues were fixed in OpenJDK 6.
(Jul 16) Several security issues were fixed in the kernel.
(Jul 11) Updated openjpeg packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]
(Jul 16) An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Jul 12) Marcus Meissner discovered that the web server included in Mono performed insufficient sanitising of requests, resulting in cross-site scripting. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Dec 7) CVE-2009-1298 null ptr deref in ipv4 ip_frag_reasm.
(Dec 7) CVE-2009-1298 null ptr deref in ipv4 ip_frag_reasm.
(Jul 16) The system could be made to crash under certain conditions.
(Jul 25) Mono could be made to expose sensitive information over the network.
(Jul 17) Updated kernel packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux 5.6 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More…]
(Jul 17) Updated nss and nspr packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. [More…]
(Jul 12) Several security vulnerabilities have been found in Puppet, a centralized configuration management: CVE-2012-3864 [More…]
The following bugs have been fixed:
[-] Panel users failed to send e-mail through qmail if the IPv6 support was turned off on the Panel server and turned on on the receiving server. The mail log /usr/local/psa/var/log/maillog contained the error "System_resources_temporarily_unavailable".
[-] Panel always used the /tmp directory for storing backup temporary files during the backup download regardless of the DUMP_TMP_D value in /etc/psa/psa.conf. Panel users got the error "No space left on device" when downloading their backups if there was not enough space on the disk used by /tmp.
[-] Panel users saw wrongly encoded messages on the password retrieval page if the Panel language was set to Russian.
[-] Administarators were unable to simultaneously run multiple restoration processes of the same backup file using the pleskrestore utility.
PHP 5.3 upgraded to version 5.3.15 in Parallels Plesk 11.0.9 for Windows
(Dec 9) Two security issues are found on activepack shipped on Fedora 10. One bug is
that there is a weakness in the strip_tags function in ruby on rails (bug
542786, CVE-2009-4214). Another one is a possibility to circumvent protection
against cross-site request forgery (CSRF) attacks (bug 544329). This new rpm
will fix these issues.
PHP 5.3 upgraded to version 5.3.15 in Parallels Plesk 11.0.9 for Windows
(Dec 9) Update to 3.12.5 This update fixes the following security flaw:
CVE-2009-3555 TLS: MITM attacks via session renegotiation
(Jul 26) Two security vulnerabilities affecting ISC dhcpd, a server for automatic IP address assignment, in Debian have been discovered. CVE-2012-3571 [More…]
(Jul 26) Bind could be made to crash if it received specially crafted networktraffic.
(Jul 26) DHCP could be made to crash if it received specially crafted networktraffic.
(Jul 17) Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. [More…]
(Jul 18) Updated glibc packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Jul 12) John Leitch has discovered a vulnerability in eXtplorer, a very feature rich web server file manager, which can be exploited by malicious people to conduct cross-site request forgery attacks. [More…]
(Jul 17) Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian. [More…]
(Jul 17) Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2012-1948 [More…]
(Dec 9) This update contains the latest stable release of Apache httpd. Three security
fixes are included, along with several minor bug fixes. A flaw was found in
the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols
handle session renegotiation. A man-in-the-middle attacker could use this flaw
to prefix arbitrary plain text to a client’s session (for example, an HTTPS
connection to a website). This could force the server to process an attacker’s
request as if authenticated using the victim’s credentials. This update
partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by
rejecting client-requested renegotiation. (CVE-2009-3555) Note: This update
does not fully resolve the issue for HTTPS servers. An attack is still possible
in configurations that require a server-initiated renegotiation A NULL
pointer dereference flaw was found in the Apache mod_proxy_ftp module. A
malicious FTP server to which requests are being proxied could use this flaw to
crash an httpd child process via a malformed reply to the EPSV or PASV commands,
resulting in a limited denial of service. (CVE-2009-3094) A second flaw was
found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a
remote attacker could use this flaw to bypass intended access restrictions by
creating a carefully-crafted HTTP Authorization header, allowing the attacker to
send arbitrary commands to the FTP server. (CVE-2009-3095) See the upstream
changes file for further information:
http://www.apache.org/dist/httpd/CHANGES_2.2.14
(Dec 10) CVE-2009-4131: EXT4 – fix insufficient permission checking which could result
in arbitrary data corruption by a local unprivileged user.
58 queries. 8.75 mb Memory usage. 1.547 seconds.