Moderate: Red Hat Security Advisory: openldap security update

Updated openldap packages that fix two security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Red Hat Linux Kernel路由实现多个远程拒绝服务漏洞

BUGTRAQ ID: 37875 CVE ID: CVE-2009-4272 Linux Kernel是开放源码操作系统Linux所使用的内核。 Red Hat版本的Linux Kernel的路由实现中存在两个拒绝服务漏洞。如果攻击者能够通过特制报文导致在路由哈希表中出现大量冲突以触发紧急路由flush，就会触发死锁；其次，如果禁用了内核路由缓存，在路由查询后会留下未初始化的指针，导致内核忙碌。 RedHat Linux 5.x 厂商补丁： RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2010:0046-01）以及相应补丁:...

CentOS 5 : krb5 (CESA-2007:0858)

Updated krb5 packages that fix two security flaws are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Kerberos is a network authentication system which allows clients and servers to authenticate to...

Mandriva Linux Security Advisory : OpenEXR (MDVSA-2009:190)

Multiple vulnerabilities has been found and corrected in OpenEXR : Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via unspecified vectors that trigger heap-based buffer...

CVE-2009-1721

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer...

CVE-2009-1721

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer...

DEBIAN-CVE-2009-1721

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer...

Design/Logic Flaw

The decompression implementation in the Imf::hufUncompress function in OpenEXR 1.2.2 and 1.6.1 allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors that trigger a free of an uninitialized pointer...

OpenEXR multiple security vulnerabilities

Integer overflow, buffer overflow, uninitialized pointer...

openSUSE Security Update : krb5 (krb5-740)

Clients sending negotiation requests with invalid flags could crash the kerberos server CVE-2009-0845. GSS-API clients could crash when reading from an invalid address space CVE-2009-0844. Invalid length checks could crash applications using the kerberos ASN.1 parser CVE-2009-0847. Under certain...

Microsoft Office Publisher uninitialized pointer dereference

Uninitialized pointer dereference on older Publisher format conversion...

Microsoft Windows RPC privilege escalation

Uninitialized porinter dereference in RPC Marshalling Engine...

MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference (CVE-2009-0846)

MIT Kerberos V5 is an implementation of the Kerberos protocol that allows for the negotiation of an authenticated, and optionally encrypted, communication channel between two points on a network. The MIT Kerberos V5 server utilizes the encrypted SUN-RPC protocol to communicate with its remote...

CVE-2009-0846

The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...

Null pointer dereference

The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...

CVE-2009-0846

The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...

DEBIAN-CVE-2009-0846

The asn1decodegeneraltime function in lib/krb5/asn.1/asn1decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 aka krb5 before 1.6.4 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors involving an invalid DER encoding that...

Mandriva Update for krb5 MDKSA-2007:137 (krb5)

Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDKSA-2007:137 krb5 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Update for krb5 MDKSA-2007:174-1 (krb5)

Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDKSA-2007:174-1 krb5 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Mandriva Update for krb5 MDKSA-2007:174-1 (krb5)

Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDKSA-2007:174-1 krb5 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...