Slackware 12.2 / 13.0 / 13.1 / current : seamonkey (SSA:2011-068-01)

New seamonkey packages are available for Slackware 12.2, 13.0, 13.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2011-068-01. The text itself is...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 13.0, 13.1, and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/mozilla-firefox-3.6.14-i686-1.txz: Upgraded. Firefox 3.6.14 is a regular security and stability update to Firefox 3.6....

[slackware-security] samba

New samba packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a denial of service security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/samba-3.5.7-i486-1slack13.1.txz: Upgraded. Fix memory corruption...

rgmanager: insecure library loading vulnerability

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

[slackware-security] openssl

New openssl packages are available for 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/openssl-0.9.8r-i486-1slack13.1.txz: Upgraded. This OpenSSL update fixes an "OCSP stapling vulnerability". For...

Design/Logic Flaw

Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588...

PT-2011-2035 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 8 Description: The issue allows local users to gain privileges via a Trojan horse IEShims.dll in the current working directory. A remote code execution vulnerability exists in the way that Internet Explorer...

(0Day) IBM Lotus Notes cai URI Handler Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Notes. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of malformed strings within cai:// URIs. The '--launcher.library' switch ca...

OpenOffice.org: soffice insecure LD_LIBRARY_PATH setting

soffice in OpenOffice.org OOo 3.x before 3.3 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

python: untrusted python modules search path

Untrusted search path vulnerability in the PySysSetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv0 argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse...

Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : pidgin (SSA:2010-361-01)

New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a denial of service security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory...

PT-2010-5200 · Microsoft · Windows Server 2003 +4

Name of the Vulnerable Software and Affected Versions: Windows Media Encoder 9 versions on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 Description: The issue allows local users to gain privileges via a Trojan horse DLL...

PT-2010-5202 · Microsoft · Windows Movie Maker

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Movie Maker version 2.6 Description: The issue is related to an untrusted search path vulnerability, which allows local users to gain privileges. This can be achieved by placing a Trojan horse DLL in the current working...

DEBIAN-CVE-2010-4167

Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCOREINSTALLEDSUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory...

DEBIAN-CVE-2010-4159

Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory...

DEBIAN-CVE-2010-4000

gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

UBUNTU-CVE-2010-4001

DISPUTED GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to th...

DEBIAN-CVE-2010-3999

gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

UBUNTU-CVE-2010-3996

festivalserver in Centre for Speech Technology Research CSTR Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

PT-2010-5231 · Gromacs Development Team · Gromacs

Name of the Vulnerable Software and Affected Versions: Gromacs versions 4.5.1 and earlier Description: The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to GMXRC.bash placing a zero-length directory name in the LD LIBRA...