[Backports-security-announce] Security update for openoffice.org

Rene Engelhard uploaded new packages for openoffice.org which fixed the following security problems: Debian BTS 496361 left-over debugging echos writing into an insecure temp file can allow attackers to overwrite files on the system with the prvilieges of the user executing senddoc File - Send...

security update

CentOS Errata and Security Advisory CESA-2008:0965-01 An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-base...

RHEL 2.1 / 3 / 4 / 5 : lynx (RHSA-2008:0965)

An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was...

CentOS 3 / 4 / 5 : lynx (CESA-2008:0965)

An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was...

lynx security update

CentOS Errata and Security Advisory CESA-2008:0965 An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based W...

Important: Red Hat Security Advisory: lynx security update

An updated lynx package that corrects two security issues is now available for Red Hat Enterprise Linux 2.1, 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Lynx is a text-based Web browser. An arbitrary command execution flaw was...

Snoopy '_httpsrequest()'任意命令执行漏洞

BUGTRAQ ID: 31887 CNCAN ID：CNCAN-2008102405 Snoopy是一款模拟WEB浏览器的PHP类。 Snoopy 'httpsrequest'存在输入验证问题，远程攻击者可以利用漏洞以应用程序权限执行任意命令。 目前没有详细漏洞细节提供。 Snoopy Snoopy 1.2.3 Snoopy Snoopy 1.2.1 Snoopy Snoopy 1.2 Snoopy Snoopy 1.0 1 Snoopy Snoopy 0.94 Snoopy Snoopy 0.93 Snoopy Snoopy 0.92 Snoopy Snoopy 0.91 升级程序：...

CVE-2008-4690

lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have define...

CVE-2008-4641

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input...

Gentoo Security Advisory GLSA 200507-06 (Tikiwiki)

The remote host is missing updates announced in advisory GLSA 200507-06. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200508-09 (bluez-utils)

The remote host is missing updates announced in advisory GLSA 200508-09. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200501-02 (a2ps)

The remote host is missing updates announced in advisory GLSA 200501-02. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200512-10 (opera)

The remote host is missing updates announced in advisory GLSA 200512-10. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200507-06 (Tikiwiki)

The remote host is missing updates announced in advisory GLSA 200507-06. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200409-24 (foomatic)

The remote host is missing updates announced in advisory GLSA 200409-24. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-4101

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

CVE-2008-3904

CVE-2008-3904 affects GPicView 0.1.9 within LXDE. The flaw is in src/main-win.c where shell metacharacters in a filename can allow context-dependent attackers to execute arbitrary commands. Documented impact is arbitrary command execution with the filename as the trigger; exploitation details are...

FreeBSD Ports: vim, vim-lite, vim-ruby, vim6, vim6-ruby

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Friendly Technologies 'fwRemoteCfg.dll' ActiveX控件任意命令执行漏洞

BUGTRAQ ID:30889 CNCAN ID：CNCAN-2008082903 Friendly Technologies是一款提供类似L2TP和PPPoE客户端的解决方案。 Friendly Technologies fwRemoteCfg.dll不正确调用方法，远程攻击者可以利用漏洞以应用程序权限执行任意命令。 fwRemoteCfg.dll用于提供拨号相关功能，由于对"RunApp"方法缺少充分检查，构建恶意WEB页，诱使用户访问，可导致以应用程序权限执行任意命令。 Friendly Technologies fwRemoteCfg.dll 目前没有解决方案提供：...

Acoustica Mixcraft '.mx4'映像文件名缓冲区溢出漏洞

BUGTRAQ ID:30879 CNCAN ID：CNCAN-2008082901 Acoustica Mixcraft是一款多音轨音效混合器音频处理软件。 Acoustica Mixcraft处理恶意'.mx4'文件存在缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 问题是由于不正确检查项目文件.mx4的缓冲区，构建超长文件名，诱使用户装载，可导致触发缓冲区溢出而以应用程序权限执行任意指令。 Acoustica Mixcraft 4.2 Build 98 Acoustica Mixcraft 4.1 Build 96 目前没有解决方案提供：...