(Jan 9) Updated acroread packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More…]
Archive for Other
(Jan 8) An updated openshift-origin-node-util package that fixes two security issues is now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Jan 8) Yury Dyachenko discovered that Zend Framework uses the PHP XML parser in an insecure way, allowing attackers to open files and trigger HTTP requests, potentially accessing restricted information. [More…]
(Jan 4) joernchen of Phenoelit discovered that rails, an MVC ruby based framework geared for web application development, is not properly treating user-supplied input to “find_by_*” methods. Depending on how the ruby on rails application is using these methods, this allows an attacker [More…]
(Jan 9) An updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More…]
(Jan 8) Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical [More…]
(Jan 8) Several security issues were fixed in Thunderbird.
(Jan 8) Several security issues were fixed in Firefox.
(Jan 6) Google, Inc. discovered that the TurkTrust certification authority included in the Network Security Service libraries (nss) mis-issued two intermediate CA’s which could be used to generate rogue end-entity certificates. This update explicitly distrusts those two intermediate [More…]
(Jan 5) Two security issues have been discovered in Weechat a, fast, light and extensible chat client: CVE-2011-1428 [More…]
(Jan 8) Updated gnome-vfs2 packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More…]
(Jan 8) Updated gtk2 packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low [More…]
(Jan 6) Jann Horn discovered that users of the CUPS printing system who are part of the lpadmin group could modify several configuration parameters with security impact. Specifically, this allows an attacker to read or write arbitrary files as root which can be used to elevate privileges. [More…]
(Jan 6) KB Sriram discovered that GnuPG, the GNU Privacy Guard did not sufficiently sanitise public keys on import, which could lead to memory and keyring corruption. [More…]
(Dec 29) It was discovered that missing input validation in the twikidraw and anywikidraw actions can result in the execution of arbitrary code. This security issue in being actively exploited. [More…]
(Dec 30) “halfdog” discovered that incorrect interrupt handling in Virtualbox, a x86 virtualization solution – can lead to denial of service. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Dec 30) Marc Schoenefeld discovered that an integer overflow in the ICC parsing code of Ghostscript can lead to the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Dec 30) Thorsten Glaser discovered that the RSSReader extension for mediawiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the mediawiki pages. [More…]
(Dec 29) MoinMoin could be made to run programs and overwrite files.
(Dec 26) Bjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2 dissectors, which could potentially result in the execution of arbitrary code. [More…]
(Dec 27) Marko Myllynen discovered that elinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Dec 27) Multiple security issues have been found in Mahara – an electronic portfolio, weblog, and resume builder -, which can result in cross-site scripting, clickjacking or arbitrary file execution. [More…]
(Dec 18) The system could be made to crash under certain conditions.
(Dec 18) The system could be made to crash under certain conditions.
(Dec 18) The system could be made to crash under certain conditions.
(Dec 18) The system could be made to crash under certain conditions.
(Dec 19) A weakness was discovered in the example AppArmor profile forchromium-browser.
(Dec 20) The system could be made to crash under certain conditions.
(Dec 20) The system could be made to crash under certain conditions.
(Dec 18) Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having low [More…]