Important: kernel security update

2.6.9-55.0.12.0.1 - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix for nfs open call taking longer issue Chuck Lever orabug 5580407 bz 219412 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with rds Zach...

gFTP: Multiple vulnerabilities

Background gFTP is an FTP client for the GNOME desktop environment. Description Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names. Impact A remote attacker could trigger these vulnerabilities by enticing a user...

CVE-2007-5339

Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service crash via crafted HTML that triggers memory corruption or assert errors...

CVE-2007-5339

Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service crash via crafted HTML that triggers memory corruption or assert errors...

CVE-2007-5339

Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service crash via crafted HTML that triggers memory corruption or assert errors...

CVE-2007-5339

CVE-2007-5339 is in Mozilla Firefox (pre-2.0.0.8), Mozilla Thunderbird (pre-2.0.0.8) and SeaMonkey (pre-1.1.5). The flaws arise from crafted HTML triggering memory corruption or assert errors, leading to remote denial of service (crash); some entries also indicate potential arbitrary code executi...

security flaw

Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allow remote attackers to cause a denial of service crash via crafted HTML that triggers memory corruption or assert errors...

PT-2007-6408 · Mozilla +1 · Firefox +3

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions prior to 2.0.0.8 Thunderbird versions prior to 2.0.0.8 SeaMonkey versions prior to 1.1.5 Description: The issue allows remote attackers to cause a denial of service, resulting in a crash, via crafted HTML that trigger...

Default credentials

Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message...

CVE-2007-5172

Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message...

[slackware-security] java (jre, jdk)

Sun has released security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. One such advisory may be found here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 Updated versions of both the jre and jdk packages are provided whic...

CVE-2007-4091

CVE-2007-4091 concerns rsync 2.6.9 where multiple off-by-one errors in sender.c (in the f_name handling) could allow remote attackers to execute arbitrary code. The description is consistently stated across multiple sources tied to rsync, highlighting the vulnerable component as sender.c and the ...

CVE-2007-4091

Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the fname function...

Slackware 10.2 / 11.0 / 12.0 : qt (SSA:2007-222-03)

New qt packages are available for Slackware 10.2, 11.0, and 12.0 to fix format string errors. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2007-222-03. The text itself is copyright C...

Design/Logic Flaw

Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via 1 a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected; 2 a corrupted NTFS filesystem, which causes the application to report "memory allocation...

CVE-2007-4036

The CVE-2007-4036 entry concerns Guidance Software EnCase. Affected component: EnCase (Desktop/forensics software). The vulnerability involves three user-assisted remote vectors: (1) corrupted Microsoft Exchange database causing an application crash when many options are selected; (2) corrupted N...

CVE-2006-7221

Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the 1 name and 2 dname entry attributes...

CVE-2006-7221

Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the 1 name and 2 dname entry attributes...

CVE-2006-7221

Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the 1 name and 2 dname entry attributes...

CVE-2006-7221

Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the 1 name and 2 dname entry attributes...