SuSE 10 Security Update : vim and gvim (ZYPP Patch Number 4095)

This update of Vim addresses a format-string bug in 'helptags'. This bug can be exploited to execute code with the privileges of the user running Vim. CVE-2007-2953 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

openSUSE 10 Security Update : claws-mail (claws-mail-4495)

This update fixes a format string bug in the incputerror function. This bug is triggered when error messages from the POP3 server are displayed and can be exploited remotely to execute arbitrary code. CVE-2007-2958 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

openSUSE 10 Security Update : dia (dia-1421)

A format string bug in dia could potentially be exploited to execute arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update dia-1421. The text description of this plugin is C SUSE LLC...

openSUSE 10 Security Update : gvim (gvim-4092)

This update of Vim addresses a format-string bug in 'helptags'. This bug can be exploited to execute code with the privileges of the user running Vim. CVE-2007-2953 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

openSUSE 10 Security Update : gdm (gdm-2387)

A format string bug in the program 'gdmchooser' could potentially be exploited to execute code under a different user id. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update gdm-2387. The text...

openSUSE 10 Security Update : sylpheed-claws (sylpheed-claws-4511)

This update fixes a format string bug in the incputerror function. This bug is triggered when error messages from the POP3 server are displayed and can be exploited remotely to execute arbitrary code. CVE-2007-2958 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

RHEL 5 : evolution (RHSA-2007:0158)

Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management PIM tools. A format...

Moderate: Red Hat Security Advisory: evolution security update

Updated evolution packages that fix a format string bug are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Evolution is the GNOME collection of personal information management PIM tools. A format...

[SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Format string bug in afsacl.so VFS plugin. == CVE ID: CVE-2007-0454 == == Versions: The AFS ACL mapping VFS plugin distributed == in Samba 3.0.6 - 3.0.23d inclusive == == Summar...

Format string bug in afsacl.so VFS plugin.

Description NOTE: This security advisory only impacts Samba servers that share AFS file systems to CIFS clients and which have been explicitly instructed in smb.conf to load the afsacl.so VFS module. The source defect results in the name of a file stored on disk being used as the format string in...

samba -- format string bug in afsacl.so VFS plugin

The Samba Team reports: NOTE: This security advisory only impacts Samba servers that share AFS file systems to CIFS clients and which have been explicitly instructed in smb.conf to load the afsacl.so VFS module. The source defect results in the name of a file stored on disk being used as the form...

CentOS 4 : Helix / Player (CESA-2005:788)

An updated HelixPlayer package that fixes a string format issue is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. HelixPlayer is a media player. A format string bug was discovered in the way HelixPlayer processes RealPix .rp...

[Full-disclosure] Remote Xine Format String Vulnerability

/ $ An open security advisory 16 - Xine Media Player Format String Bug 1: Bug Researcher: c0ntex - c0ntexbatgmail.com -+- www.open-security.org 2: Bug Released: April 18th 2006 3: Bug Impact Rate: Undefined 4: Bug Scope Rate: Local / Remote $ This advisory and/or proof of concept code must not be...

Collaboration Suite format string bug

Format string bug in multiple SMTP commands...

OpenVPN: Multiple vulnerabilities

Background OpenVPN is a multi-platform, full-featured SSL VPN solution. Description The OpenVPN client contains a format string bug in the handling of the foreignoption in options.c. Furthermore, when the OpenVPN server runs in TCP mode, it may dereference a NULL pointer under specific error...

SUSE-SA:2005:059: RealPlayer

The remote host is missing the patch for the advisory SUSE-SA:2005:059 RealPlayer. The following security issue in RealPlayer was fixed: - A format string bug in the RealPix .rp file format parser CVE-2005-2710. This bug allowed remote attackers to execute arbitrary code by supplying a specially...

GLSA-200510-09 : Weex: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200510-09 Weex: Format string vulnerability Ulf Harnhammar discovered a format string bug in Weex that can be triggered when it is first run or when its cache files are rebuilt, using the -r option. Impact : An attacker could setu...

Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : xine-lib (SSA:2005-283-01)

New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A format string bug may allow the execution of arbitrary code as the user running a xine-lib linked application. The attacker must provide by uploading or running a server specially...

xine-lib media player library format string bug

Format string bug on CDDB server reponse parsing...

Weex: Format string vulnerability

Background Weex is a non-interactive FTP client typically used to update web pages. Description Ulf Harnhammar discovered a format string bug in Weex that can be triggered when it is first run or when its cache files are rebuilt, using the -r option. Impact An attacker could setup a malicious FTP...