Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64

SL 3 and SL 4 only A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash. CVE-2008-0597 A memory management flaw w...

Scientific Linux Security Update : gstreamer-plugins on SL3.x, SL4.x i386/x86_64

An array indexing error was found in the GStreamer's QuickTime media file format decoding plug-in. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim...

Scientific Linux Security Update : tzdata on SL3.x, SL4.x, SL5.x i386/x86_64

This updated package addresses the following changes to Daylight Savings Time DST observations : - as of June 24, 2008, for Brazil, all of Acre and parts of Amazonas that used UTC+5, now use UTC+4. Previously, only parts of Para used UTC+3. Now, all of Para use UTC+3. - Mauritius is introducing D...

Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. CVE-2009-1303, CVE-2009-1305 Several flaws were found in the way malformed web content...

Scientific Linux Security Update : cups on SL3.x i386/x86_64

The previous CUPS security advisor, stated that it fixed CVE-2008-3640 for Scientific Linux 3, 4, and 5. It was discovered this flaw was not properly fixed on Scientific Linux 3, however. CVE-2009-0577 These new packages contain a proper fix for CVE-2008-3640 on Scientific Linux 3. Scientific Lin...

Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64

A race condition flaw was found in the way SeaMonkey handled Document Object Model DOM element properties. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. CVE-2010-3765 After installi...

Scientific Linux Security Update : httpd on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the modproxy Apache module. An attacker in control of a Web server to which requests were being proxied could have caused a limited denial of service due to CPU consumption and stack exhaustion. CVE-2008-2364 A flaw was found in the modproxyftp Apache module. If Apache was...

Scientific Linux Security Update : tzdata on SL3.x, SL4.x, SL5.x i386/x86_64

This updated package addresses the following change to Daylight Saving Time DST observations : - during Ramadan, that is, during the period between 2010-08-11 and 2010-09-08, Egypt will suspend DST. The DST period will be officially restored on 2010-09-09. BZ618593, BZ618597, BZ618599 %NASLMINLEV...

Scientific Linux Security Update : caching-nameserver on SL3.x i386/x86_64

the IPv4 address of L.ROOT-SERVERS.NET one of the DNS root servers changed. It was 198.32.64.12. It is now 199.7.83.42 This update includes an edited named.ca file that reflects this change. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64

CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2654 firefox: URL bar spoofing vulnerability CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine...

Scientific Linux Security Update : net-snmp on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code HMAC. An attacker could use this flaw to spoof an authenticated SNMPv3 packet. CVE-2008-0960 A buffer overflow was found in the Perl bindings for Net-SNMP. This could be exploited if an attacker...

Scientific Linux Security Update : evolution on SL4.x, SL3.x i386/x86_64

A flaw was found in the way Evolution processed certain APOP authentication requests. A remote attacker could potentially acquire certain portions of a user's authentication credentials by sending certain responses when evolution-data-server attempted to authenticate against an APOP server...

Scientific Linux Security Update : ed on SL3.x, SL4.x, SL5.x i386/x86_64

A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially crafted name that could possibly execute an arbitrary code when opened in the ed editor. CVE-2008-3916 %NASLMINLEVEL 70300 C Tenable Network...

Scientific Linux Security Update : newt on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2009-2905 newt: heap-overflow in textbox when text reflowing A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially crafted text dialog box display request direct or via a custom...

Scientific Linux Security Update : vnc on SL3.x, SL4.x, SL5.x i386/x86_64

An insufficient input validation flaw was discovered in the VNC client application, vncviewer. If an attacker could convince a victim to connect to a malicious VNC server, or when an attacker was able to connect to vncviewer running in the 'listen' mode, the attacker could cause the victim's...

Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64

A flaw was found in the processing of malformed JavaScript content. A web page containing such malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. CVE-2008-1380 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Scientific Linux Security Update : ghostscript on SL3.x, SL4.x, SL5.x i386/x86_64

Multiple integer overflow flaws which could lead to heap-based buffer overflows, as well as multiple insufficient input validation flaws, were found in Ghostscript's International Color Consortium Format library icclib. Using specially crafted ICC profiles, an attacker could create a malicious...

Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. CVE-2008-0016, CVE-2008-4058, CVE-2008-4059, CVE-2008-4060, CVE-2008-4061, CVE-2008-40...

Scientific Linux Security Update : ipsec-tools on SL3.x, SL4.x, SL5.x i386/x86_64

Two denial of service flaws were found in the ipsec-tools racoon daemon. It was possible for a remote attacker to cause the racoon daemon to consume all available memory. CVE-2008-3651, CVE-2008-3652 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

Scientific Linux Security Update : curl on SL3.x i386/x86_64

Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue...