USN-611-3: GStreamer Good Plugins vulnerability

USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins. Original advisory details: It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into openi...

Fedora 7 : nagios-plugins-1.4.11-2.fc7 (2008-3146)

Upstream released a new version. This also fixes CVE-2007-5198 315101. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

Fedora 8 : nagios-plugins-1.4.11-2.fc8 (2008-3061)

Upstream released a new version. This also fixes CVE-2007-5198 315101. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...

[SECURITY] Fedora 7 Update: nagios-plugins-1.4.11-2.fc7

Nagios is a program that will monitor hosts and services on your network, and to email or page you when a problem arises or is resolved. Nagios runs on a Unix server as a background or daemon process, intermittently running checks on various services that you specify. The actual service checks ar...

[SECURITY] Fedora 8 Update: nagios-plugins-1.4.11-2.fc8

Nagios is a program that will monitor hosts and services on your network, and to email or page you when a problem arises or is resolved. Nagios runs on a Unix server as a background or daemon process, intermittently running checks on various services that you specify. The actual service checks ar...

[oCERT-2008-004] multiple speex implementations insufficient boundary checks

2008/04/17 2008-004 multiple speex implementations insufficient boundary checks Description: The reference speex decoder from the Speex library performs insufficient boundary checks on a header structure read from user input, this has been reported in oCERT-2008-002 advisory. Further investigatio...

Speex / VLC / gstreamer-plugins-good / sweep / SDL_sound / vorbis-tools / Xine buffer overflow

Buffer overflow in speexpackettoheader...

Fedora 8 : xine-lib-1.1.11.1-1.fc8 (2008-2849)

1.1.11.1 security update, 438663, CVE-2008-1482. Provide versioned xine- libplugin-abi so 3rd party packages installing plugins can use it instead of requiring a version of xine-lib. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security...

[SECURITY] Fedora 8 Update: wireshark-1.0.0-1.fc8

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...

CVE-2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...

Null pointer dereference

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...

CVE-2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...

CVE-2008-1686

Array index vulnerability in Speex 1.1.12 and earlier, as used in libfishsound 0.9.0 and earlier, including Illiminable DirectShow Filters and Annodex Plugins for Firefox, xine-lib before 1.1.12, and many other products, allows remote attackers to execute arbitrary code via a header structure...

[SECURITY] Fedora 7 Update: Perlbal-1.70-1.fc7

Perlbal is a single-threaded event-based server supporting HTTP load balancing, web serving, and a mix of the two. Perlbal can act as either a w eb server or a reverse proxy. One of the defining things about Perlbal is that almost everything can be configured or reconfigured on the fly without...

[SECURITY] Fedora 8 Update: Perlbal-1.70-1.fc8

Perlbal is a single-threaded event-based server supporting HTTP load balancing, web serving, and a mix of the two. Perlbal can act as either a w eb server or a reverse proxy. One of the defining things about Perlbal is that almost everything can be configured or reconfigured on the fly without...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via 1 ftp/index.php, 2 viewer.php, 3 functions/other.php, 4 include/leftmenu.class.php, and 5 plugins/stats/statsview.php...

CVE-2008-1487

Multiple cross-site scripting XSS vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via 1 ftp/index.php, 2 viewer.php, 3 functions/other.php, 4 include/leftmenu.class.php, and 5 plugins/stats/statsview.php...

symfony 1.0.12 is (finally) out !

After two months and more than 30 tickets closed, the 1.0.12 comes with spring. As it fixes an important security issue and windows plugins problems, we do strongly advise you to update your projects. Here is the changelog : r8019: sfWebRequest handles multi-dimensional file input fields backport...

[SECURITY] Fedora 8 Update: dovecot-1.0.13-6.fc8

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plugins are in their subpackages...

Solaris 10 (sparc) : 137000-08 (deprecated)

SunOS 5.10: PostgreSQL 8.2 documentation patch. Date this patch was last updated by Sun : Jun/09/11 This plugin has been deprecated and either replaced with individual 137000 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. @DEPRECATED@...