The jail system call allows a system administrator to lock up a process and all its descendants inside a closed environment with very limited ability to affect the system outside that environment, even for processes with superuser privileges. It is an extension of, but far more stringent than, the traditional Unix chroot system call. A programming error has been found in the jail_attach system call which affects the way that system call verifies the privilege level of the calling process. Instead of failing immediately if the calling process was already jailed, the jail_attach system call would fail only after changing the calling process's root directory. A process with superuser privileges inside a jail could change its root directory to that of a different jail, and thus gain full read and write access to files and directories within the target jail. It's recommended to install a patch or an upgrade.

Xboing is a game. It shows a number of buffer overflow vulnerabilities, which could be exploited by a local attacker to gain gid "games". A patch is available now.

Multiple vulnerabilities in Oracle9i Database have been found. They can be exploited by malicious database users to compromise the system and gain escalated privileges. The first vulnerabilities are caused due to boundary errors in two functions used for interval conversion ("NUMTOYMINTERVAL" and "NUMTODSINTERVAL"). These can be exploited to cause buffer overflows by supplying an overly long "char_expr" string and have been reported in versions prior to 9.2.0.4 (Patchset 3). The last two vulnerabilities are caused due to boundary errors in the "FROM_TZ" function and in the "TIME_ZONE" parameter. Both vulnerabilities affect versions prior to 9.2.0.3. Successful exploitation of the vulnerabilities may allow a malicious, unprivileged database user to execute arbitrary code with either SYSTEM or ORACLE privileges. It's recommended to update to version 9.2.0.4 and apply Patch 3, which reportedly is via the Metalink site.

The command passwd is used for e.g. changing their passwords by the users. A local unprivileged user may be able to gain unauthorized root privileges due to a security issue involving the passwd command. The "/usr/lib/print/conv_fix" command is invoked by the conv_lpd script and contains a security vulnerability. If the conv_lpd script is executed as the "root" user, it may be possible for unprivileged local users to exploit this vulnerability to overwrite or create any file on the system. This could lead to unauthorized elevated privileges or allow a Denial of Service (DoS) against the system. It's recommended to install the concerning patches.

A vulnerability was discovered in the SMB (Server Message Block) protocol parsing routines of the ISS Protocol Analysis Module (PAM) component found in some ISS products. The flaw relates to incorrect parsing of the SMB protocol, which may lead to a heap overflow condition. Patches are available now.

SGI has released Patch 10044: SGI Advanced Linux Environment security update #11, Patch 10051: SGI Advanced Linux Environment security update #12, and Patch 10046: SGI ProPack v2.4: Kernel update which include updated RPMs for SGI ProPack v2.4 for the SGI Altix family of systems. It's strongly recommended to install this update.

Several vulnerabilities have been found in the do_brk() and mremap() system calls of the linux-kernel-2.4.19-mips. Patches are available now.

the mformat program, when installed suid root, can create any file with 0666 permissions as root, and that it also does not drop privileges when reading local configuration files. The updated packages remove the suid bit from mformat.

'libxml2' is a library for manipulating XML files. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing routines. These routines can overflow a buffer if passed a very long URL.
'mod_python' embeds the Python language interpreter within the Apache httpd server. A bug has been found in mod_python that can lead to a denial of service vulnerability.
Fixed packages are available now.

XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. Two buffer overflows have been discovered in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gain root privileges in this way. Patches are available now.

Hewlett Packard has revised some advisories. They address vulnerabilities in VirtualVault OpenSSH, Apache 1.3.29 web server on VVOS, ypxfrd, SharedX, libDtSvc, dtterm, Apache web server, Mozilla, rpc.mountd, CDE libDtHelp, DNS, uucp, uusub, /usr/lbin/rwrite, and calloc. It's recommended to look up, if the patches for your system have been revised.

BIND is an implementation of the Domain Name System (DNS) protocols. Some versions show the possibility for cache poisoning. Successful exploitation of this vulnerability may result in a temporary Denial-of-Service. When Perl code is executed within a Safe compartment, it cannot access variables outside of the compartment unless the outside code chooses to share the variables with the code inside the compartment. If code inside a Safe compartment is executed via Safe->reval() twice, it is able to change its operation mask the second time. This could allow the code to access variables outside the Safe compartment. Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments. Patches are available now.

Security Update 2004-02-23 is now available. It addresses issues in the CoreFoundation, DiskArbitration, IPSec, Point-to-Point-Protocol, QuickTime Streaming Server, Safari, and tcpdump.

A buffer overflow flaw exists in the way that the Lightweight Directory Access Protocol (LDAP) server included with the IPswitch IMail Server handles messages with overly long tags. This results in a vulnerability than can be exploited by a remote attacker with the ability to supply a specially-crafted message to the server. So a remote attacker may be able to execute arbitrary code in the context of Administrator on vulnerable systems running Windows 2000 or Windows XP. Furthermore, successful exploitation has been reported to cause the LDAP service to crash, resulting in a denial-of-service condition. It's strongly recommended to install the patch published now.

Within the last the last week 56 new vulnerabilities have been reported:

10 security related problems have been fixed in the Linux kernel 2.4.17 used for the S/390 architecture, mostly by backporting fixes from 2.4.18 and incorporating recent security fixes.
A vulnerability in lbreakout2 has been found. This is a game, where proper bounds checking isn't performed on environment variables. This bug could be exploited by a local attacker to gain the privileges of group "games".
Synaesthesia is a program which represents sounds visually. Synaesthesia creates its configuration file while holding root privileges, allowing a local user to create files owned by root and writable by the user's primary group. This type of vulnerability can usually be easily exploited to execute arbitrary code with root privileges by various means.
A format string vulnerability in hsftp has been found. This vulnerability might be exploited by an attacker able to create files on a remote server with carefully crafted names, to which a user would connect using hsftp. When the user requests a directory listing, particular bytes in memory could be overwritten, potentially allowing arbitrary code to be executed with the privileges of the user invoking hsftp.
Pwlib is a library used to aid in writing portable applications. Due to a vulnerability a remote attacker might cause a Denial-of-Service or potentially execute arbitrary code. This library is most notably used in several applications implementing the H.323 teleconferencing protocol, including the OpenH323 suite, gnomemeeting and asterisk.
Patches to solve these problems are available now.

Hewlett Packard has revised some advisories. They are about a vulnerability in sendmail, potentially allowing unauthorized privileged access, and a security vulnerability in rpc.yppasswdd, also allowing unauthorized privileged access or a Denial-of-Service. Additionally, a potential buffer overflow in xdrmem_getbyte and related functions might lead to a Denial-of-Service or unauthorized privileged access. The same effect might have a potential buffer overflow in XDR library. It's recommended to look up, if the patches for your system have been revised.

A security vulnerability exists in specific versions of ZoneAlarm, ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity client. This vulnerability is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing which could lead to a buffer overflow. In order to exploit the vulnerability without user assistance, the target system must be operating as an SMTP server. Zone Labs does not recommend using our client security products to protect servers. This problem can be solved by installing an upgrade.

A buffer overflow exists in the X server of IBM AIX 4.3, 5.1 and 5.2. This can be exploited by an attacker who has the ability to modify the fonts.alias file used by the X server and perform operations against the X server. The fonts.alias file can only be modified by root. This makes it difficult for an attacker to exploit this vulnerability. A patch should be applied.

Multiple vulnerabilities exist in the Cisco ONS 15327 Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiplexer Platform, and the Cisco ONS 15600 Multiservice Switching Platform. This hardware is managed through the XTC, TCC+/TCC2, TCCi/TCC2, and TSC control cards respectively. They show some vulnerabilites. The TFTP service is enabled by default to allow both GET and PUT commands to be executed without any authentication. Some hardware is susceptible to an ACK Denial of Service (DoS) attack on TCP port 1080. TCP port 1080 is used by network management applications to communicate with the controller card. The controller card on the optical device will reset under such an attack. Telnet access to the underlying VxWorks operating system, by default, is restricted to Superusers only. Due to a vulnerability, a superuser whose account is locked out, disabled, or suspended is still able to login (Telnet) into the VxWorks shell, using their previously configured password. Fixes are available now.

NetBSD ships with the racoon IKE (Internet Key Exchange) daemon. A vulnerability was found in the code for packet validation of "informational exchange" messages. By sending specifically-crafted IKE packets, a malicious party could remove an IPsec SA and/or ISAKMP SA on the victim node.
Once a specially-crafted ICMPv6 "too big" message is sent to a victim node, a routing table entry with a small path-MTU is installed. The victim system may later experience a kernel panic (due to a kernel stack overflow) if a TCP session that uses the routing table entry is later established.
OpenSSL 0.9.6k ASN.1 parser has a possible denial-of-service vulnerability, further described here.
A programming error in the shmat system call can result in a shared memory segment's reference count being erroneously incremented. This system call is part of the System-V Shared Memory subsystem; although this is enabled in the default (GENERIC*) kernels, custom kernels built without "options SYSVSHM" are not affected.
Patches have been published now.

Metamail is a system for handling multimedia mail. Two format string bugs and two buffer overflow bugs in versions of Metamail up to and including 2.7 have been found. An attacker might create a carefully-crafted message such that when it is opened by a victim and parsed through Metamail, it runs arbitrary code as the victim. A patch to solve this problem is available now.

The new RPM k_athlon 2.4.21-192 solves several vulnerabilities in the Kernel. These vulnerabilities include Denial-of-Service (DoS) and also the problems with nremap mentioned before.

A new mass-mailing virus known as W32/Netsky.B is in the wild an spreading rapidly. It propagates either as an attachment to an E-Mail message or by automatically copying itself to Windows network shares. Upon successful execution, the virus attempts to
- modify various Windows registry values so that the virus is run again upon reboot.
- install a copy of itself in the %Windir%\services.exe, where %Windir% is a variable pointing to the root of the Windows directory on the host.
- collect target email addresses from files with specific extensions on the local system.
- copy itself to particularly-named files within non-CDROM local drives or mapped network shares.
- remove registry keys that were added as a likely result of successful compromise via other recent malicious code, including W32/Novarg.A and W32/MyDoom.B.
When spreading via E-Mail, the virus arrives as an email message with a 22,016-byte attachment that has a filename selected randomly from a fixed list and a double-extension. Anti-virus vendors have developed signatures for and information about W32/Netsky.B. So please update your Anti-virus Software and be careful with E-Mail attachments.

More vulnerabilities have been found in kernel 2.4.16 and 2.4.17, respectively. An integer overflow in the brk system call (do_brk() function) for Linux allows a local attacker to gain root privileges. A flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) may allow a local attacker to gain root privileges. In the memory management code of Linux inside the mremap(2) system call another vulnerability has been found. Due to missing function return value check of internal functions a local attacker can gain root privileges. Patches are available now.

A critical security vulnerability has been found in the Linux kernel memory management code inside the mremap system call due to missing function return value check. This bug is completely unrelated to the mremap bug disclosed on 05-01-2004 except concerning the same internal kernel function code. Since no special privileges are required to use the mremap system call any process may use its unexpected behavior to disrupt the kernel memory management subsystem. Proper exploitation of this vulnerability leads to local privilege escalation giving an attacker full super-user privileges. The vulnerability may also lead to a denial-of-service attack on the available system memory. If the vendor of your distribution offers a patch, please install it.

Within the last the last week 56 new vulnerabilities have been reported:

Apache-contrib is a collection of third-party modules contributed to the Apache HTTP server project. An update fixes some buffer overflows which might lead to problems with remote attackers. Additionally, the insecure handling of files in the Apache module mod_gzip has been fixed as well as a bug in mod_auth_shadow. Here, the validity time of accounts hasn't been correct.

Several Linux a remote exploitable vulnerability in mutt, a text based mail user agent. This vulnerability is in the index menu code of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim. It's recommended to install the concerning patch.

XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. Two buffer overflows have been discovered in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gain root privileges in this way.
The main part of slocate 2.6 an maybe also other versions show a heap-based buffer overflow. So local users might gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
Both problems can be fixed now for Turbolinux also.

AusCERT has become aware of an E-Mail with the subject "Police investigation" circulating in Australia and overseas which is used to entice the reader to visit a malicious web site. This web site contains executable Java code which, if successfully executed, will install a trojan program which in turn captures keystrokes when the user visits particular banking related web sites. This malicious web site attempts to exploit a vulnerability in the Microsoft Virtual Machine (VM), for which Microsoft have released a patch on April 9, 2003 with security bulletin MS03-011.

Gnupg is a software for encrypting and signing data, e.g. E-Mail. A bug in the way GnuPG creates and uses ElGamal keys for signing has been fixed now. Due to this bug, a significant security failure can lead to a compromise of almost all ElGamal keys used for signing. The update provided in DSA 429-1 disables the use of this type of key, using an interim fix. This update, DSA 429-2, implements a more correct and permanent fix.

A key component of the Novell Nsure secure identity management solution, Novell iChain controls access to application, Web and network resources across technical and organizational boundaries. iChain separates security from individual applications and Web servers. This enables single-point, policy-based management of authentication and access privileges throughout the Net. A remote attacker can connect and provide an arbitrary password to obtain unauthorized access. The telnet server is enabled by default, and cannot be disabled. So it's strongly recommended to install iChain 2.2 Field Patch 3b version 2.2.116.

For the known problem in XFree86 now also for Mandrake Linux a patch is available. A cross-site scripting vulnerability was discovered in mailman's administration interface in . version 2.1 earlier than 2.1.4. In versions earlier than 2.1.3 another cross-site scripting vulnerability was found in mailman's 'create' CGI script. Certain malformed email commands could cause the mailman process to crash in version 2.0 earlier than 2.0.14.

Mutt, a text based mail user agent, shows a remote exploitable vulnerability. This vulnerability is in the index menu code of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim.
Netpbm is a graphics conversion toolkit. It consists of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool.
Patches to fix these vulnerabilities are available now.

PWLib is a cross-platform class library designed to support the OpenH323 project. Several bugs in PWLib were found that may lead to denial of service conditions.
XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. Two buffer overflows have been discovered in the parsing of the 'font.alias' file. A local attacker could exploit this vulnerability by creating a carefully-crafted file and gain root privileges this way.
Fixed packages are available now.

A vulnerability has been discovered in cgiemail. This is a CGI program used to email the contents of an HTML form, whereby it could be used to send email to arbitrary addresses. This type of vulnerability is commonly exploited to send unsolicited commercial email (spam). It can be fixed by installing a patch.

The main part of slocate 2.6 an maybe also other versions show a heap-based buffer overflow. So local users might gain privileges via a modified slocate database that causes a negative "pathlen" value to be used. This can be fixed mow by applying a patch.

Vim is a highly configurable text editor. It is an improved version of the vi editor distributed with most UNIX systems. A vulnerability in vim that can be exploited to execute arbitrary commands when the user opens a text file specially crafted by an attacker. The vulnerability resides in the "modelines" feature, which allows one to place some VIM commands inside of a text file. A patch is available now.
As reported quite a time before (e.g. ae-200401-077), several vulnerabilities in GAIM have been found. Now, patches for Conectiva Linux are also available.

SGI has released Patch 10050: SGI Advanced Linux Environment security update #10, which includes updated RPMs for SGI ProPack v2.3 for the SGI Altix family of systems. Problems fixed concern slocate, util-linux, mc, NetBPM, Gaim, and mailman. It's strongly recommended to install this update.

On systems running Sun Cluster 3.x with SunPlex Manager configured, a remote unprivileged user (who has obtained "root" privileges) may cause a Denial-of-Service (DoS) and arbitrary code execution due to multiple vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. These vulnerabilities are described in CA-2003-26. Now, Sun Microsystems has published new patches to solve these problems.

XFree86 provides a client/server interface between display hardware (e.g. the mouse, keyboard, and video displays) and the desktop environment while also providing both the windowing infrastructure and a standardized application interface (API). XFree86 is platform independent, network-transparent and extensible. A problem exists in the parsing of the 'font.alias' file. The X server (running as root) fails to check the length of user provided input. So A malicious user may craft a malformed 'font.alias' file causing a buffer overflow upon parsing, eventually leading to the execution of arbitrary code with the privileges of root. A patch for all systems is available now.

Red Hat Linux 9 and Enterprise Linux shows a remote exploitable vulnerability in mutt, a text based mail user agent. This vulnerability is in the index menu code of mutt. A remote attacker could send a carefully crafted mail message that can cause mutt to segfault and possibly execute arbitrary code as the victim. It's recommended to install the patch, which is available now.

Apache is a famous Web server and is delivered with Sun Solaris 8 and 9. A local or remote unprivileged user may be able to execute arbitrary code with the privileges of the Apache HTTP process on Solaris 8 and Solaris 9 systems when running the bundled version of Apache. This is due to a buffer overflow in the Apache modules "mod_alias" and "mod_rewrite". Sun has published patches for an upgrade to version 1.3.29 and 2.0.48, respectively.

Samba 3.0 is susceptible to a password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script. Samba version 3.0.2 fixes this problem.

No further comment due to Microsoft insisting on their copyright on advisories.

No further comment due to Microsoft insisting on their copyright on advisories.

No further comment due to Microsoft insisting on their copyright on advisories.

Some (well known) vulnerabilities in BIND concerning ASN.1 encodings, malformed public keys and an error in the SSL/TLS protocol handling have been fixed for HP-UX B.11.11 now also. So an updated version of BIND 9.2 is available for this system.

As reported quite a time before (e.g. ae-200401-077), several vulnerabilities in GAIM have been found. Now, patches for Red Hat Enterprise Linux 2.1 are also available.

Due to a possible buffer overflow in CDE DtHelp might allow local users to gain root-access. Now, Sun Microsystems has published revised patches to solve this problem.

Within the last the last week 55 new vulnerabilities have been reported:

Mailman is a mailing list manager. Cross-site scripting bugs were discovered in the admin interface and via certain CGI parameters. In addition certain malformed email commands could cause the mailman process to crash. Fixed packages are available now.

An IPv6 MTU handling problem has been found. An attacker might be able to cause a Denial-of-Service attack against hosts with reachable IPv6 TCP ports. A patch fixes this problem.

A vulnerability was discovered in mpg123, a command-line mp3 player, whereby a response from a remote HTTP server could overflow a buffer allocated on the heap, potentially permitting execution of arbitrary code with the privileges of the user invoking mpg123. In order for this vulnerability to be exploited, mpg321 would need to request an mp3 stream from a malicious remote server via HTTP. This problem can be fixed by a patch, which has been published now.

GNU libtool consists of a set of shell scripts used to build shared libraries. There is a vulnerability in the way the ltmain.sh script as part of the libtool package creates temporary directories for its use. So a local attacker might exploit this vulnerability to change or delete arbitrary files in the system on behalf of the user who is calling the script. This vulnerability has been fixed in the 1.5.2 version of libtool.

Three vulnerabilities have been detected in the RealPlayer. It's possible to operate remote Javascript from the domain of the URL opened by a SMIL file or other file and to fashion RMP files which allow an attacker to download and execute arbitrary code on a user's machine. Additionally buffer overruns can be created by fashion media files. A patch fixes these problems.

A flaw in bounds checking in the do_brk() function in the Linux kernel can allow a local attacker to gain root privileges. This issue is known to be exploitable; an exploit has been seen in the wild that takes advantage of this vulnerability. Fixed kernels are available now.

The System V Shared Memory interface provides primitives for sharing memory segments between separate processes. The shmat(2) system call is used to attach a shared memory segment to the calling process's address space. It may be possible to cause a shared memory segment to reference unallocated kernel memory, but remain valid. This could allow a local attacker to gain read or write access to a portion of kernel memory, resulting in sensitive information disclosure, bypass of access control mechanisms, or privilege escalation. A patch is available now.

Radius is a server for remote user authentication and accounting. Remote exploitation of a denial of service condition within GNU Radius can allow an attacker to crash the service. This vulnerability has been fixed in GNU Radius version 1.2.

A buffer overflow vulnerability has been identified in the ISAKMP processing for both the Check Point VPN-1 Server and VPN Client (Securemote/SecureClient). A remote attacker could gain root access to the VPN-1 server, which could then allow possible compromises to other systems on the network. Check Point will not be patching this vulnerability since the software is no longer supported. Instead, they recommend upgrading to VPN-1 NG.

The K Desktop Environment (KDE) is a graphical desktop for the X Window System. The KDE Personal Information Management (kdepim) suite helps to organize mail, tasks, appointments, and contacts. A buffer overflow in the file information reader of VCF files has been found. So an attacker can construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. This can be prohibited by installing the latest patch.

Mailman is a mailing list manager. Cross-site scripting bugs were discovered in the admin interface and the 'create' CGI script. Fixed packages are available now.

A read buffer overflow vulnerability exists in the resolver code in versions of glibc. The vulnerability is triggered by DNS packets larger than 1024 bytes, which can cause an application to crash. A patch to fix this vulnerability is available now.

Several format string vulnerabilities were found in Check Point Firewall-1. If the HTTP Security Server is used, a remote unauthenticated attacker may exploit one of these vulnerabilities and execute commands under the security context of the super-user, usually "SYSTEM", or "root". This attack may lead to direct compromise of the Firewall-1 server. A hotfix is available now.

Solaris systems with Basic Security Module (BSM) enabled which have been security hardened may have had the SUNWscpu package removed. If this is the case, the BSM audit_warn script will not e-mail any errors or warning messages generated by the audit daemon (auditd). The SUNWCscp cluster provides source compatibility support for Solaris 1.0 (previously known as SunOS 4.X) and the SUNWscpu package contains the mail command which the BSM audit_warn relies on. A patch addressing this problem has been published now.

A layer 2 frame that is encapsulating a protocol independent layer 3 packet (IP, IPX, etc.) may cause Cisco 6000/6500/7600 series systems with an MSFC2 to freeze or reset. The actual length of the layer 2 frame needs to be inconsistent with the length of the encapsulated layer 3 packet. A layer 3 packet that is routed by the Cisco 6000/6500/7600 series systems may trigger this vulnerability if the packet is encapsulated in a specifically crafted layer 2 frame. Crafted packets must be software switched on the vulnerable systems to trigger this vulnerability. The packets that are switched in hardware will not trigger this vulnerability. Fixes are available now and should be installed.

The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. In some situations, the login program could use a pointer that had been freed and reallocated. This could cause unintentional data leakage. Note that Red Hat Enterprise Linux 3 is not vulnerable to this issue. It's recommended that all users upgrade to these updated packages, which are not vulnerable to this issue.
Additionally, updated kernel packages are now available that fix a few security issues, an NFS performance issue, and an e1000 driver loading issue introduced in Update 3.

A problem in crawl, another console based dungeon exploration game, has been found. The program uses several environment variables as inputs but doesn't apply a size check before copying one of them into a fixed size buffer. To prevent a buffer overflow, it's recommended to install the patched version now.

Further investigations after publication of the problems with bzip2 bombs of antivirus scanner software brought interesting results. Also several other applications have no anomaly detection on opening compressed data. This mostly causes a crash or a fulfilled temporary directory, which leads in many cases to an unusable system. We have investigated some applications (antivirus-scanners, web browsers, image manipulation- and office programs) and the results published in our Advisory.

No further comment due to Microsoft insisting on their copyright on advisories.

A potential security vulnerability has been identified in HP TCP/IP for HP OpenVMS Bind 8 software that may result in a local or remote user creating a Denial of Service (DoS). It's recommended to install the concerning patch, which is available now.

A graphics conversion toolkit is netpbm. It consists of a large number of single-purpose programs. Many of these programs were found to create temporary files in an insecure manner, which could allow a local attacker to overwrite files with the privileges of the user invoking a vulnerable netpbm tool. This can be avoided by installing the latest version.

Within the last the last week 66 new vulnerabilities have been reported:

Suidperl is a helper program to run Perl scripts with setuid privileges. A number of similar bugs in suidperl have been found now. By exploiting these bugs, an attacker could abuse suidperl to discover information about files (such as testing for their existence and some of their permissions) that should not be accessible to unprivileged users. It's recommended to install the patch which has been published now.