Critical: Red Hat Security Advisory: HelixPlayer security update

An updated HelixPlayer package that fixes two buffer overflow issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. A stack based buffer overflow bug was found in HelixPlayer's Synchronized...

Low: Red Hat Security Advisory: vim security update

Updated vim packages that fix a security vulnerability are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. VIM Vi IMproved is an updated and improved version of the vi screen-based editor. The Debian Security Audit Project discovered ...

Low: Red Hat Security Advisory: imap security update

Updated imap packages that fix a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team. The imap package provides server daemons for both the IMAP Internet Message Access Protocol and POP...

RHEL 2.1 / 3 : vim (RHSA-2005:122)

Updated vim packages that fix a security vulnerability are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. VIM Vi IMproved is an updated and improved version of the vi screen-based editor. The Debian Security Audit Project discovered ...

Important: Red Hat Security Advisory: libtiff security update

Updated libtiff packages that fix various integer overflows are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team The libtiff package contains a library of functions for manipulating TIFF Tagged Image...

Important: Red Hat Security Advisory: xemacs security update

Updated XEmacs packages that fix a string format issue are now available. XEmacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of XEmacs. If a user connects to a malicious POP server, an...

RHEL 2.1 / 3 : emacs (RHSA-2005:112)

Updated Emacs packages that fix a string format issue are now available. Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an...

Important: Red Hat Security Advisory: samba security update

Updated samba packages that fix an integer overflow vulnerability are now available for Red Hat Enterprise Linux 2.1 Samba provides file and printer sharing services to SMB/CIFS clients. Greg MacManus of iDEFENSE Labs has discovered an integer overflow bug in Samba versions prior to 3.0.10. An...

RHEL 2.1 / 3 : ruby (RHSA-2004:635)

An updated ruby package that fixes a denial of service issue for the CGI instance is now available. Updated 17 Jan 2005 Errata has been updated to include 32-bit libraries on 64-bit architectures. Ruby is an interpreted scripting language for object-oriented programming. A flaw was dicovered in t...

imlib: Buffer overflows in image decoding

Background imlib is an advanced replacement library for image manipulation libraries like libXpm. It is called by numerous programs, including gkrellm and several window managers, to help in displaying images. Description Pavel Kankovsky discovered that several overflows found in the libXpm libra...

Important: Red Hat Security Advisory: openmotif security update

Updated openmotif packages that fix flaws in the Xpm image library are now available. OpenMotif provides libraries which implement the Motif industry standard graphical user interface. During a source code audit, Chris Evans and others discovered several stack overflow flaws and an integer overfl...

Moderate: Red Hat Security Advisory: libxml2 security update

An updated libxml2 package that fixes multiple buffer overflows is now available. libxml2 is a library for manipulating XML files. Multiple buffer overflow bugs have been found in libxml2 versions prior to 2.6.14. If an attacker can trick a user into passing a specially crafted FTP URL or FTP pro...

Linux kernel USB drivers do not initialize kernel memory properly

Overview Various Linux USB drivers contain an information disclosure vulnerability that may expose sensitive segments of kernel memory to users. Description USB drivers for several versions the Linux kernel do not properly initialize kernel memory before using it. When an affected USB driver copi...

Moderate: Red Hat Security Advisory: XFree86 security update

Updated XFree86 packages that fix several security issues in libXpm, as well as other bug fixes, are now available for Red Hat Enterprise Linux 2.1. XFree86 is an open source implementation of the X Window System. It provides the basic low level functionality which full fledged graphical user...

[SA12708] Mozilla Firefox Download Directory File Deletion Vulnerability

TITLE: Mozilla Firefox Download Directory File Deletion Vulnerability SECUNIA ADVISORY ID: SA12708 VERIFY ADVISORY: http://secunia.com/advisories/12708/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: Mozilla Firefox 0.x http://secunia.com/product/3256/...

Low: Red Hat Security Advisory: ruby security update

An updated ruby package that fixes insecure file permissions for CGI session files is now available. Ruby is an interpreted scripting language for object-oriented programming. Andres Salomon reported an insecure file permissions flaw in the CGI session management of Ruby. FileStore created world...

Debian DSA-280-1 : samba - buffer overflow

Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use...

RHEL 3 : redhat-config-nfs (RHSA-2004:434)

An updated redhat-config-nfs package that fixes bugs and potential security issues is now available for Red Hat Enterprise Linux 3. The redhat-config-nfs package includes a graphical user interface for creating, modifying, and deleting nfs shares. John Buswell discovered a flaw in redhat-config-n...

Important: Red Hat Security Advisory: gdk-pixbuf security update

Updated gdk-pixbuf packages that fix several security flaws are now available. The gdk-pixbuf package contains an image loading library used with the GNOME GUI desktop environment. Updated 15th September 2004 Packages have been updated to correct a bug which caused the xpm loader to fail. During...

Fedora Core 1 : kdebase-3.1.4-7 (2004-292)

Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities...