foomatic-filters: User-assisted execution of arbitrary code

Background The foomatic-filters package contains wrapper scripts which are designed to be used with Foomatic. Description The foomatic-rip filter improperly handles command-line arguments, including those issued by FoomaticRIPCommandLine fields in PPD files. Impact A remote attacker could entice ...

usbmuxd: User-assisted execution of arbitrary code

Background usbmuxd is a USB multiplex daemon for use with Apple iPhone and iPod Touch devices. Description The "receivepacket" function in libusbmuxd.c contains a boundary error when parsing the "SerialNumber" field of a USB device, which could cause a heap-based buffer overflow. Impact An attack...

ImageMagick: User-assisted execution of arbitrary code

Background ImageMagick is a collection of tools and libraries for manipulating various image formats. Description Two vulnerabilities have been found in ImageMagick: Incorrect offset and count values in the ResolutionUnit tag in EXIF IFD could cause memory corruption CVE-2012-0247. IOP tag offset...

libmikmod: User-assisted execution of arbitrary code

Background libmikmod is a library to play a wide range of module formats. Description Multiple boundary errors have been found in loadit.c in libmikmod, which may cause a buffer overflow. Impact A remote attacker could entice a user to open specially crafted files in an application linked against...

libxslt: Denial of service

Background libxslt is the XSLT C library developed for the GNOME project. XSLT is an XML language to define transformations for XML. Description An out of bounds read error has been found in libxslt/pattern.c in libxslt. Impact A remote attacker could entice a user to process an XML file using a...

sudo: Privilege escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Two vulnerabilities have been discovered in sudo: When the sudoers file is configured with a Runas group, sudo does not prompt for a password when changing to the new group...

libxml2: Denial of service

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description libxml2 does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could entice a user or automated system to open a specially crafted XML document...

OpenSSL: Multiple vulnerabilities

Background OpenSSL is an Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 as well as a general purpose cryptography library. Description Multiple vulnerabilities have been found in OpenSSL: Timing differences for decryption are exposed by CBC...

spamdyke: Arbitrary code execution

Background spamdyke is a drop-in connection-time spam filter for qmail. Description Boundary errors related to the "snprintf" and "vsnprintf" functions in spamdyke could cause a buffer overflow. Impact A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Workaroun...

libxml2: User-assisted execution of arbitrary code

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description The "xmlStringLenDecodeEntities" function in parser.c contains a boundary error which could possibly cause a heap-based buffer overflow. Impact A remote attacker could entice a user to open a specially...

stunnel: Arbitrary code execution

Background The stunnel program is designed to work as an SSL encryption wrapper between a client and a local or remote server. Description An unspecified heap vulnerability was discovered in stunnel. Impact The vulnerability may possibly be leveraged to perform remote code execution or a Denial o...

libvirt: Multiple vulnerabilities

Background libvirt is a C toolkit to manipulate virtual machines. Description Multiple vulnerabilities have been discovered in libvirt. Please review the CVE identifiers referenced below for details. Impact These vulnerabilities allow a remote attacker to cause a Denial of Service condition on th...

Heimdal: Arbitrary code execution

Background Heimdal is a free implementation of Kerberos 5. Description A boundary error in the "encryptkeyid" function in appl/telnet/libtelnet/encrypt.c of the telnet daemon and client could cause a buffer overflow. Impact An unauthenticated remote attacker may be able to execute arbitrary code...

MaraDNS: Denial of service

Background MaraDNS is a proxy DNS server with permanent caching. Description MaraDNS does not properly randomize hash functions to protect against hash collision attacks. Impact A remote attacker could send many specially crafted DNS recursive queries, possibly resulting in a Denial of Service...

PowerDNS: Denial of service

Background The PowerDNS nameserver is an authoritative-only nameserver which uses a flexible backend architecture. Description A vulnerability has been found in PowerDNS which could cause a packet loop of DNS responses. Impact A remote attacker could send specially crafted DNS response packets,...

Asterisk: Denial of service

Background Asterisk is an open source telephony engine and toolkit. Description A vulnerability has been found in Asterisk's handling of certain encrypted streams where the ressrtp module has been loaded but video support has not been enabled. Impact A remote attacker could send a specially craft...

Quagga: Multiple vulnerabilities

Background Quagga is a free routing daemon replacing Zebra supporting RIP, OSPF and BGP. Description Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact A BGP peer could send a Route-Refresh message with specially-crafted...

Chromium: Multiple vulnerabilities

Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...

bip: Multiple vulnerabilities

Background bip is a multi-user IRC proxy with SSL support. Description Multiple vulnerabilities have been discovered in bip: Uli Schlachter reported that bip does not properly handle invalid data during authentication, resulting in a daemon crash CVE-2010-3071. Julien Tinnes reported that bip doe...

Adobe Reader: Multiple vulnerabilities

Background Adobe Reader is a closed-source PDF reader. Description Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted PDF file using Adobe Reader,...

Chromium: Multiple vulnerabilities

Background Chromium is an open source web browser project. Description Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers and release notes referenced below for details. Impact A remote attacker could entice a user to open a specially crafted web site usi...

ktsuss: Privilege escalation

Background ktsuss is a simple, graphical version of su written in C and GTK+. Description Two vulnerabilities have been found in ktuss: Under specific circumstances, ktsuss skips authentication and fails to change the effective UID back to the real UID CVE-2011-2921. The GTK interface spawned by...

X.Org X Server/X Keyboard Configuration Database: Screen lock bypass

Background The X Keyboard Configuration Database provides keyboard configuration for various X server implementations. Description Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server again provides debugging functionality that can be used terminate an application that...

iSCSI Enterprise Target: Arbitrary code execution

Background iSCSI Enterprise Target is an open source iSCSI target with professional features. Description Multiple functions in usr/iscsi/isns.c of iSCSI Enterprise Target contain format string errors. Impact A remote attacker could send a specially-crafted Internet Storage Name Service iSNS...

FreeType: Multiple vulnerabilities

Background FreeType is a high-quality and portable font engine. Description Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to open a specially crafted font, possibly resulting ...

FontForge: User-assisted execution of arbitrary code

Background FontForge is a PostScript font editor and converter. Description FontForge is vulnerable to an error when processing the "CHARSETREGISTRY" header in font files, which could cause a stack-based buffer overflow. Impact A remote attacker could entice a user to open a specially crafted BDF...

MIT Kerberos 5 Applications: Multiple vulnerabilities

Background A suite of applications that implement the Kerberos 5 network protocol from MIT. Description Multiple vulnerabilities have been discovered in MIT Kerberos 5 Applications: An error in the FTP daemon prevents it from dropping its initial effective group identifier CVE-2011-1526. A bounda...

JasPer: User-assisted execution of arbitrary code

Background The JasPer Project is an open-source initiative to provide a free software-based reference implementation of the codec specified in the JPEG-2000 Part-1 jpeg2k standard. Description Two vulnerabilities have been found in JasPer: The jpccoxgetcompparms function in libjasper/jpc/jpccs.c...

NX Server Free Edition, NX Node: Privilege escalation

Background NX Server Free Edition is a remote display technology by No Machine. NX Node provides the shared components for NX Server. Description NX Server Free Edition and NX Node use nxconfigure.sh, a setuid script containing an unspecified vulnerability. Impact A local attacker could gain...

Tor: Multiple vulnerabilities

Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Multiple vulnerabilities have been discovered in Tor: When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing...

Firewall Builder: Privilege escalation

Background Firewall Builder is a GUI for easy management of multiple firewall platforms. Description Two vulnerabilities in Firewall Builder allow the iptables and fwbinstall scripts to use temporary files insecurely. Impact A local attacker could possibly overwrite arbitrary files with the...

MIT Kerberos 5: Multiple vulnerabilities

Background MIT Kerberos 5 is a suite of applications that implement the Kerberos network protocol. Description Multiple vulnerabilities have been discovered in MIT Kerberos 5. Please review the CVE identifiers referenced below for details. Impact A remote attacker may be able to execute arbitrary...

mDNSResponder: Multiple vulnerabilities

Background mDNSResponder is a component of Apple's Bonjour, an initiative for zero-configuration networking. Description Multiple vulnerabilities have been discovered in mDNSResponder. Please review the CVE identifiers referenced below for details. Impact A local or remote attacker may be able to...

Logsurfer: Arbitrary code execution

Background Logsurfer is a real time log monitoring and analysis tool. Description Logsurfer log files may contain substrings used for executing external commands. The prepareexec function in src/exec.c contains a double-free vulnerability. Impact A remote attacker could inject specially-crafted...

Chromium, V8: Multiple vulnerabilities

Background Chromium is an open source web browser project. V8 is Google's open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A context-dependent...

MySQL: Multiple vulnerabilities

Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description Multiple vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. Impact An unauthenticated remote attacker may be able to execute arbitrary...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a web-based management tool for MySQL databases. Description Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers and phpMyAdmin Security Advisories referenced below for details. Impact Remote attackers might be able to insert and...

Perl Safe module: Arbitrary Perl code injection

Background Safe is a Perl module to compile and execute code in restricted compartments. Description Unsafe code evaluation prevents the Safe module from properly restricting the code of implicitly called methods on implicitly blessed objects. Impact A remote attacker could entice a user to load ...

radvd: Multiple vulnerabilities

Background radvd is an IPv6 router advertisement daemon for Linux and BSD. Description Multiple vulnerabilities have been discovered in radvd. Please review the CVE identifiers referenced below for details. Impact A remote unauthenticated attacker may be able to gain escalated privileges, escalat...

GNU Tar: User-assisted execution of arbitrary code

Background GNU Tar is a utility to create archives as well as add and extract files from archives. Description GNU Tar is vulnerable to a boundary error in the rmtread function in lib/rtapelib.c, which could cause a heap-based buffer overflow. Impact A remote attacker could entice the user to loa...

MaraDNS: Arbitrary code execution

Background MaraDNS is a proxy DNS server with permanent caching. Description A long DNS hostname with a large number of labels could trigger a buffer overflow in the compressadddlabelpoints function of dns/Compress.c. Impact A remote unauthenticated attacker could execute arbitrary code or cause ...

TinTin++: Multiple vulnerabilities

Background TinTin++ is a free MUD gaming client. Description Multiple vulnerabilities have been discovered in TinTin++. Please review the CVE identifiers referenced below for details. Impact Remote unauthenticated attackers may be able to execute arbitrary code with the privileges of the TinTin++...

abcm2ps: Multiple vulnerabilities

Background abcm2ps is a program to convert abc files to Postscript files. Description Multiple vulnerabilities have been discovered in abcm2ps: Boundary errors in the PUT0 and PUT1 macros, the trimtitle function, or a long "-O" command line option can lead to a buffer overflow CVE-2010-3441. A...

Evince: Multiple vulnerabilities

Background Evince is a document viewer for multiple document formats, including PostScript. Description Multiple vulnerabilities have been discovered in Evince. Please review the CVE identifiers referenced below for details. Impact A remote attacker could entice a user to load a DVI file with a...

Chromium, V8: Multiple vulnerabilities

Background Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A context-dependent...

OpenTTD: Multiple vulnerabilities

Background OpenTTD is a clone of Transport Tycoon Deluxe. Description Multiple vulnerabilities have been discovered in OpenTTD. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary code with the privileges of the OpenTTD process or cause...

phpDocumentor: Function call injection

Background The phpDocumentor package provides automatic documenting of PHP API directly from the source. Description phpDocumentor bundles Smarty with the modifier.regexreplace.php plug-in which does not properly sanitize input related to the ASCII NUL character in a search string. Impact A remot...

Oracle JRE/JDK: Multiple vulnerabilities

Background The Oracle Java Development Kit JDK formerly known as Sun JDK and the Oracle Java Runtime Environment JRE formerly known as Sun JRE provide the Oracle Java platform formerly known as Sun Java Platform. Description Multiple vulnerabilities have been reported in the Oracle Java...

Chromium, V8: Multiple vulnerabilities

Background Chromium is an open-source web browser project. V8 is Google's open source JavaScript engine. Description Multiple vulnerabilities have been discovered in Chromium and V8. Please review the CVE identifiers and release notes referenced below for details. Impact A local attacker could ga...

libxml2: Multiple vulnerabilities

Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description Multiple vulnerabilities have been discovered in libxml2. Please review the CVE identifiers referenced below for details. Impact A local or remote attacker may be able to execute arbitrary code with th...