sblim: libraries built with insecure RPATH

Untrusted search path vulnerability in a certain Red Hat build script for Standards Based Linux Instrumentation for Manageability sblim libraries before 1-13a.el46.1 in Red Hat Enterprise Linux RHEL 4, and before 1-31.el52.1 in RHEL 5, allows local users to gain privileges via a malicious library...

PT-2008-1074 · Sblim +3 · Sblim-Cmpi-Nfsv3-Test +22

Name of the Vulnerable Software and Affected Versions: sblim-cmpi-base-test versions 1.5.4 through 1.5.5 sblim-cmpi-base-devel versions 1.5.4 through 1.5.5 sblim-cmpi-fsvol-test version 1.4.4 sblim-cmpi-fsvol-devel version 1.4.4 sblim-cmpi-network-test version 1.3.8 sblim-cmpi-network-devel versi...

sblim security update

1.31.0.1.el52.1 - Add oracle-enterprise-release.patch 1.31.el52.1 - Remove RPATH from shared libraries in sblim-cmpi-dns,fsvol,network, nfsv3,nfsv4,samba,syslog and create appropriate record in /etc/ld.so.conf.d CVE-2008-1951 Resolves: 446859...

phpmyadmin -- Cross Site Scripting Vulnerabilities

Secunia report: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be...

Low: Red Hat Security Advisory: nss_ldap security and bug fix update

An updated nssldap package that fixes a security issue and several bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The nssldap package contains the nssldap and pamldap modules. The nssldap module is a plug-in which allows...

libvorbis security update

CentOS Errata and Security Advisory CESA-2008:0271-01 Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. The libvorbis packages contai...

Fedora 9 : tkimg-1.3-0.10.20080505svn.fc9 (2008-3621)

Mon May 5 2008 Sergio Pascual - 1.3-0.10.20080505svn - New upstream source - Including fooConfig.sh files in -devel - Making symlinks of shared libraries in libdir - Removing file in ld.so.conf.d - Fixing bug 444872 Note that Tenable Network Security has extracted the preceding description block...

cdf3 -- Buffer overflow vulnerability

NASA Goddard Space Flight Center reports: The libraries for the scientific data file format, Common Data Format CDF version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially-crafted invalid CDF files. If successful, this could trigger execution of...

[SECURITY] Fedora 9 Update: libvorbis-1.2.0-4.fc9

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis...

[SECURITY] Fedora 7 Update: libvorbis-1.1.2-4.fc7

Ogg Vorbis is a fully open, non-proprietary, patent-and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The libvorbis package contains runtime libraries for use in programs that support Ogg Voribs...

[SECURITY] Fedora 8 Update: libvorbis-1.2.0-2.fc8

Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed and variable bitrates from 16 to 128 kbps/channel. The libvorbis package contains runtime libraries for use in programs that support Ogg Vorbis...

libvorbis security update

CentOS Errata and Security Advisory CESA-2008:0270 Updated libvorbis packages that fix various security issues are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The libvorbis packages...

[SECURITY] Fedora 8 Update: kdepimlibs-4.0.3-3.fc8

Personal Information Management PIM libraries for the K Desktop Environment 4...

[SECURITY] Fedora 7 Update: kdelibs4-4.0.3-7.fc7

Libraries for the K Desktop Environment 4...

[SECURITY] Fedora 8 Update: ruby-gnome2-0.16.0-22.fc8

This is a set of bindings for the GNOME-2.x libraries for use from Ruby...

Improper access control

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate 1 TRXID values and 2 UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to a algorithmic deficiencies in rand and random functions in external libraries, b use of a 32-bit seed...

[SECURITY] Fedora 8 Update: ruby-gnome2-0.16.0-21.fc8

This is a set of bindings for the GNOME-2.x libraries for use from Ruby...

[SECURITY] Fedora 7 Update: ruby-gnome2-0.16.0-22.fc7

This is a set of bindings for the GNOME-2.x libraries for use from Ruby...

libtremor -- multiple vulnerabilities

The RedHat Project reports: Will Drewry of the Google Security Team reported multiple issues in OGG Vorbis and Tremor libraries, that could cause application using those libraries to crash NULL pointer dereference or divide by zero, enter an infinite loop or cause heap overflow caused by integer...

[ MDVSA-2008:064 ] - Updated tomboy packages fix improper LD_LIBRARY_PATH handling

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:064 http://www.mandriva.com/security/ Package : tomboy Date : March 7, 2008 Affected: 2007.1, 2008.0 Problem Description: A flaw in how tomboy handles LDLIBRARYPATH was discovered where by appending paths to...