Scientific Linux Security Update : curl on SL4.x i386/x86_64

CVE-2009-2417 curl: incorrect verification of SSL certificate with NUL in name Scott Cantor reported that cURL is affected by the previously published 'null prefix attack', caused by incorrect handling of NULL characters in X.509 certificates. If an attacker is able to get a carefully-crafted...

Scientific Linux Security Update : bluez-utils on SL4.x i386/x86_64

A flaw was found in the Bluetooth HID daemon hidd. A remote attacker would have been able to inject keyboard and mouse events via a Bluetooth connection without any authorization. CVE-2006-6899 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux...

Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64

This update fixes several vulnerabilities in the Sun Java 6 Software Development Kit. Further information about these flaws can be found on the 'Oracle Java SE and Java for Business Critical Patch Update Advisory' page. CVE-2010-4422, CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4451,...

Scientific Linux Security Update : ed on SL3.x, SL4.x, SL5.x i386/x86_64

A heap-based buffer overflow was discovered in the way ed, the GNU line editor, processed long file names. An attacker could create a file with a specially crafted name that could possibly execute an arbitrary code when opened in the ed editor. CVE-2008-3916 %NASLMINLEVEL 70300 C Tenable Network...

Scientific Linux Security Update : kdebase on SL4.x, SL5.x i386/x86_64

A privilege escalation flaw was found in the KDE Display Manager KDM. A local user with console access could trigger a race condition, possibly resulting in the permissions of an arbitrary file being set to world-writable, allowing privilege escalation. CVE-2010-0436 The system should be rebooted...

Scientific Linux Security Update : newt on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2009-2905 newt: heap-overflow in textbox when text reflowing A heap-based buffer overflow flaw was found in the way newt processes content that is to be displayed in a text dialog box. A local attacker could issue a specially crafted text dialog box display request direct or via a custom...

Scientific Linux Security Update : 4Suite on SL3.x, SL4.x i386/x86_64

CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences A buffer over-read flaw was found in the way 4Suite's XML parser handles malformed UTF-8 sequences when processing XML files. A specially crafted XML file could cause applications using the 4Suite library to cra...

Scientific Linux Security Update : openafs on SL3.x, SL4.x, SL5.x i386/x86_64

An attacker with control of a fileserver, or the ability to forge RX packets, can crash the cache manager, and hence the kernel, of affected Linux AFS clients. CVE-2009-1250 An attacker with control of a fileserver, or the ability to forge RX packets, can crash the cache manager, and hence the...

Scientific Linux Security Update : ntp on SL4.x i386/x86_64

A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially crafted request packet that could crash ntpd or, potentially, execut...

Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. CVE-2010-3767, CVE-2010-3772, CVE-2010-3776 A flaw was found in th...

Scientific Linux Security Update : seamonkey on SL4.x i386/x86_64

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code with the privileges of the user running SeaMonkey. CVE-2010-3176, CVE-2010-3180 A flaw was found in the way the Gophe...

Scientific Linux Security Update : tetex on SL5.x, SL4.x, SL3.x i386/x86_64

Maurycy Prodeus discovered an integer overflow flaw in the processing of PDF files. An attacker could create a malicious PDF file that would cause TeTeX to crash or potentially execute arbitrary code when opened. CVE-2007-3387 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Scientific Linux Security Update : thunderbird on SL4.x, SL5.x, SL6.x i386/x86_64

This erratum blacklists a small number of HTTPS certificates. BZ689430 This update also fixes the following bug : - Previous security updates introduced a regression, preventing some Java content and plug-ins written in Java from loading. With this update, the Java content and plug-ins work as...

Scientific Linux Security Update : mikmod on SL3.x, SL4.x, SL5.x i386/x86_64

Multiple input validation flaws, resulting in buffer overflows, were discovered in MikMod. Specially crafted music files in various formats could, when played, cause an application using the MikMod library to crash or, potentially, execute arbitrary code. CVE-2009-3995, CVE-2009-3996, CVE-2007-67...

Scientific Linux Security Update : firefox on SL5.x, SL4.x i386/x86_64

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. CVE-2007-5947 Several flaws were found in the way Firefox processed certain...

Scientific Linux Security Update : fence on SL4.x i386/x86_64

Insecure temporary file use flaws were found in fenceegenera, fenceapc, and fenceapcsnmp. A local attacker could use these flaws to overwrite an arbitrary file writable by the victim running those utilities via a symbolic link attack. CVE-2008-4192, CVE-2008-4579 This update also fixes the...

Scientific Linux Security Update : squid on SL3.x, SL4.x, SL5.x i386/x86_64

A flaw was found in the way squid manipulated HTTP headers for cached objects stored in system memory. An attacker could use this flaw to cause a squid child process to exit. This interrupted existing connections and made proxy services unavailable. Note: the parent squid process started a new...

Scientific Linux Security Update : shadow-utils on SL4.x i386/x86_64

A flaw was found in the useradd tool in shadow-utils. A new user's mailbox, when created, could have random permissions for a short period. This could allow a local attacker to read or modify the mailbox. CVE-2006-1174 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text is C...

Scientific Linux Security Update : gd on SL4.x, SL5.x i386/x86_64

Multiple issues were discovered in the gd GIF image-handling code. A carefully-crafted GIF file could cause a crash or possibly execute code with the privileges of the application using the gd library. CVE-2006-4484, CVE-2007-3475, CVE-2007-3476 An integer overflow was discovered in the...

Scientific Linux Security Update : tzdata on SL3.x, SL4.x, SL5.x i386/x86_64

This updated package addresses the following change to Daylight Saving Time DST observations : - Egypt resumes Daylight Saving Time at midnight between September 9 and 10. - The Gaza Strip returns to Standard Time at midnight between August 10 and 11. %NASLMINLEVEL 70300 C Tenable Network Securit...