Clam AntiVirus vulnerable to memory corruption via specially crafted UPX packed file

Overview A vulnerability in the ClamAV antivirus toolkit may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Clam AntiVirus is an antivirus toolkit for Unix-like systems that is commonly integrated with mail servers for email attachment scanning. It supports ...

Ubuntu 4.10 : postgresql contributed script vulnerability (USN-6-1)

Recently, Trustix Secure Linux discovered a vulnerability in the postgresql-contrib package. The script 'makeoidjoinscheck' created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the script. Note...

Ubuntu 4.10 : lvm10 vulnerability (USN-15-1)

Recently, Trustix Secure Linux discovered a vulnerability in a supplemental script of the lvm10 package. The program 'lvmcreateinitrd' created a temporary directory in an insecure way, which could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user invoki...

Ubuntu 4.10 : groff utility vulnerability (USN-13-1)

Recently, Trustix Secure Linux discovered a vulnerability in the groff package. The utility 'groffer' created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program. Note that Tenab...

Ubuntu 4.10 : gettext vulnerabilities (USN-5-1)

Recently, Trustix Secure Linux discovered some vulnerabilities in the gettext package. The programs 'autopoint' and 'gettextize' created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program...

Ubuntu 4.10 : GhostScript utility script vulnerabilities (USN-3-1)

Recently, Trustix Secure Linux discovered some vulnerabilities in the gs-common package. The utilities 'pv.sh' and 'ps2epsi' created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Note...

Ubuntu 4.10 : perl vulnerabilities (USN-16-1)

Recently, Trustix Secure Linux discovered some vulnerabilities in the perl package. The utility 'instmodsh', the Perl package 'PPPort.pm', and several test scripts which are not shipped and only used during build created temporary files in an insecure way, which could allow a symlink attack to...

Ubuntu 4.10 : Standard C library script vulnerabilities (USN-4-1)

Recently, Trustix Secure Linux discovered some vulnerabilities in the libc6 package. The utilities 'catchsegv' and 'glibcbug' created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program. Not...

temporary file vulnerabilities in various ghostscript scripts.

The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...

security flaw

The derchop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0966

The 1 autopoint and 2 gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0967

The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0976

Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0969

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0974

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0972

The lvmcreateinitrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

DEBIAN-CVE-2004-0971

The krb5-send-pr script in the kerberos5 krb5 package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0966

The 1 autopoint and 2 gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0974

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files...

CVE-2004-0967

The 1 pj-gs.sh, 2 ps2epsi, 3 pv.sh, and 4 sysvlp.sh scripts in the ESP Ghostscript espgs package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files...