[USN-1129-1] Perl vulnerabilities

========================================================================== Ubuntu Security Notice USN-1129-1 May 03, 2011 perl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

kdenetwork security update

7:4.3.4-11.1 - CVE-2010-1000, improper sanitization of metalink attribute for downloading files...

CVE-2011-1487

The 1 lc, 2 lcfirst, 3 uc, and 4 ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection...

Design/Logic Flaw

The 1 lc, 2 lcfirst, 3 uc, and 4 ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection...

CVE-2011-1487

CVE-2011-1487 affects Perl 5.10.x–5.13.11 where the functions lc, lcfirst, uc, and ucfirst fail to apply taint to the return value during processing tainted input, potentially allowing context-dependent attackers to bypass taint protection. Public advisories (e.g., MiracleLinux AXSA-2011-570:01 a...

CVE-2011-1487

The 1 lc, 2 lcfirst, 3 uc, and 4 ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection...

CVE-2011-1487

The 1 lc, 2 lcfirst, 3 uc, and 4 ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection...

SuSE 11.1 Security Update : quagga (SAT Patch Number 4023)

This security update of quagga fixes : - Direct BGP peers can send malformed extended communities which lead to a NULL pointer dereference. CVE-2010-1674 - A malformed ASPATHLIMIT path attribute will cause a session reset in Quagga. This malformed package is forwarded by other routers and can be...

quagga: DoS (crash) by processing malformed extended community attribute in a route

The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a malformed Extended Communities attribute...

quagga: BGP session reset by processing BGP Update message with malformed AS-path attributes

bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service session reset via a malformed ASPATHLIMIT path attribute...

CVE-2010-1674

The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a malformed Extended Communities attribute...

CVE-2010-1674

The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a malformed Extended Communities attribute...

CVE-2010-1674

Removed by vendor...

CVE-2010-1674

The extended-community parser in bgpd in Quagga before 0.99.18 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a malformed Extended Communities attribute...

CVE-2011-1204

Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service DOM tree corruption or possibly have unspecified other impact via a crafted document...

CVE-2011-1204

Google Chrome before 10.0.648.127 does not properly handle attributes, which allows remote attackers to cause a denial of service DOM tree corruption or possibly have unspecified other impact via a crafted document...

mailman: XSS triggerable by list administrator

Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...

PYSEC-2011-6

Cross-site scripting XSS vulnerability in the reStructuredText rst parser in parser/textrst.py in MoinMoin before 1.9.3, when docutils is installed or when "format rst" is set, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the refuri attribute. NOTE: some...

Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)

Check for the Version of tomcat5 OpenVAS Vulnerability Test Mandriva Update for tomcat5 MDVSA-2011:030 tomcat5 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

Mandriva Update for tomcat5 MDVSA-2011:030 (tomcat5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...