[SECURITY] Fedora 12 Update: sudo-1.7.4p4-2.fc12

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) privilege escalation

Application executes all executables with predefined names found in system...

subversion security update

1.4.2-4.0.1.el53.1 - Add oracle-enterprise.patch 1.4.2-4.el53.1 - add security fix for CVE-2009-2411 515817...

OpenJDK Buffer Overflow in GIF image processing (6766136)

Java Runtime Environment JRE for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll...

[SECURITY] Fedora 9 Update: rkhunter-1.3.2-5.fc9

Rootkit Hunter RKH is an easy-to-use tool which checks computers running UNIX clones for the presence of rootkits and other unwanted tools...

ipsec-tools security update

0.6.5-9.3 - fix for DoS through various memory leaks CVE-2008-3651 456660, CVE-2008-3652 458846...

Important: ghostscript security update

7.05-32.1.13 - Applied patch to fix CVE-2008-0411 bug 433366...

CVE-2007-4572

Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, when configured as a Primary or Backup Domain controller, allows remote attackers to have an unknown impact via crafted GETDC mailslot requests, related to handling of GETDC logon server requests...

CVE-2007-1444

netserver in netperf 2.4.3 allows local users to overwrite arbitrary files via a symlink attack on /tmp/netperf.debug...

CVE-2006-6965

CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks...

CVE-2007-0014

ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM...

CVE-2007-0254

Format string vulnerability in the errorscreatewindow function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors...

[SECURITY] [DSA 915-1] New helix-player packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 915-1 [email protected] http://www.debian.org/security/ Martin Schulze December 2nd, 2005 http://www.debian.org/security/faq -...

libgadu -- multiple vulnerabilities

Wojtek Kaniewski reports: Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure...

CVE-2005-1705

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb...

CVE-2005-0638

xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command...

CVE-2004-1031

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user,...

CVE-2005-0107

bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands...

CVE-2005-0176

The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released...

USN-72-1: Perl vulnerabilities

Two exploitable vulnerabilities involving setuid-enabled perl scripts have been discovered. The package "perl-suid" provides a wrapper around perl which allows to use setuid-root perl scripts, i.e. user-callable Perl scripts which have full root privileges. Previous versions allowed users to...