Slackware 10.1 / 10.2 / 11.0 / 12.0 / current : php (SSA:2007-314-01)

New PHP5 packages are available for Slackware 10.1, 10.2, 11.0, 12.0, and -current to fix security and other bugs. Note that PHP5 was not officially supported in Slackware 10.1 or 10.2 being in the /testing directory, and was not the default version of PHP for Slackware 11.0 being in the /extra...

konquerer -- address bar spoofing

The KDE development team reports: The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL...

Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists while...

Cross site scripting

Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window...

CVE-2007-2409

Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and 10.4.10 allows remote attackers to obtain sensitive information via a popup window, which is able to read the current URL of the parent window...

[slackware-security] libexif

New libexif packages are available for Slackware 10.2, 11.0, and -current to fix a crash and potential security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2007-4168 Here are the details from the Slackware...

[slackware-security] ktorrent

New ktorrent packages are available for Slackware 11.0 and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2007-1384 https://vulners.com/cve/CVE-2007-1385 Here are the details from th...

[slackware-security] libwpd

New libwpd packages are available for Slackware 10.2, 11.0, and -current to fix security issues. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2007-002 Here are the details from the Slackware 11.0 ChangeLog:...

Integer overflow

Integer overflow in the ktruser function in NetBSD-current before 20061022, NetBSD 3 and 3-0 before 20061024, and NetBSD 2 before 20070209, when the kernel is built with the COMPATFREEBSD or COMPATDARWIN option, allows local users to cause a denial of service and possibly gain privileges...

[slackware-security] x11

New x11 X.Org packages are available for Slackware 10.2, and -current to fix security issues due to overflows in font parsing. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database: https://vulners.com/cve/CVE-2006-3739...

Slackware 10.2 / current : firefox/thunderbird/seamonkey (SSA:2006-257-03)

New Firefox and Thunderbird packages are available for Slackware 10.2 and -current to fix security issues. In addition, a new SeaMonkey package is available for Slackware -current to fix similar issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

[slackware-security] x11

New x11 packages are available for Slackware 10.2 and -current to fix security issues. In addition, fontconfig and freetype have been split out from the x11 packages in -current, so if you run -current you'll also need to install those new packages. More details about the issues may be found here...

pinball privilege escalation

Shared library is loaded from current directory...

Slackware 10.2 / current : firefox/thunderbird/seamonkey (SSA:2006-155-02)

New Firefox and Thunderbird packages are available for Slackware 10.2 and -current to fix security issues. In addition, a new SeaMonkey package is available for Slackware -current to fix similar issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

[slackware-security] mysql

New mysql packages are available for Slackware 10.2 and -current to fix security issues. The MySQL package shipped with Slackware 10.2 may possibly leak sensitive information found in uninitialized memory to authenticated users. The MySQL package previously in Slackware -current also suffered fro...

[slackware-security] firefox

New Firefox packages are available for Slackware 10.2 and -current to fix a security issue. More details about the issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlfirefox1.5.0.3 Here are the details from the Slackware 10.2 ChangeLog:...

[slackware-security] thunderbird

New Thunderbird packages are available for Slackware 10.2 and -current to fix security issues. More details about the issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlthunderbird Here are the details from the Slackware 10.2 ChangeLog:...

[slackware-security] mozilla security/EOL

New Mozilla packages are available for Slackware 10.0, 10.1, 10.2 and -current to fix multiple security issues. More details about the issues may be found here: http://www.mozilla.org/projects/security/known-vulnerabilities.htmlmozilla Also note that this release marks the EOL End Of Life for the...

CVE-2006-1797

The CVE-2006-1797 entry describes a local denial-of-service in NetBSD-current kernels released before 28 September 2005. A local attacker can trigger a NULL pointer dereference by issuing the SIOCGIFALIAS ioctl to query information about a non-existent network alias, causing a system crash. The a...

CVE-2006-1775

Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...