A vulnerability was discovered in the rmtree() function in File::Path.pm. While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he already had write permissions in any subdirectory of that tree.
An integer overflow flaw was found in libXPM, which is used by some applications for loading of XPM images. An attacker could create a malicious XPM file that would execute arbitrary code via a negative bitmap_unit value if opened by a victim using an application linked to the vulnerable library.
Fixed packages are available now.

A security vulnerability has been identified with HP OpenView Radia Management Portal (RMP) versions 2.x and 1.x running Radia Management Agent (RMA). This security vulnerability could be exploited to allow a remote unauthorized user to gain privileged access or to create a Denial of Service (DoS). Patches are available now.

Vulnerabilities were found in the functions env_opt_add() and slc_add_reply() of the telnet client. Patches are available now.

A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way that it could execute arbitrary instructions when processed by PHP. A denial of service bug was found in the way PHP processes EXIF image headers. Fixed packages are available now.

A buffer overflow has been detected in the IAPP dissector of Ethereal, a commonly used network traffic analyser. A remote attacker may be able to overflow a buffer using a specially crafted packet.
Several format string problems have been discovered in prozilla, a multi-threaded download accelerator, that can be exploited by a malicious server to execute arbitrary code with the rights of the user running prozilla.
Fixed packages are available now.

Multiple security vulnerabilities have been found in libtiff(3), a library for reading and writing Tag Image File Format (TIFF) files. Patches are available now.

Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher and HTTP data objects. Squid allows remote attackers to cause a denial of service (crash) via PUT or POST request. Fixed software is available now.

Several vulnerabilities have been found in the sharutils package. Buffer overflows were found in the .o option and wc command options. Exploiting the vulnerability would require an attacker to coerce a victim into running a specially crafted command on their machine. Also a bug was found in the way unshar creates temporary files. Fixed packages are available now.

Turbolinux has published patches for the packages listed above. Some of the vulnerabilities are critical, so it's recommended to install the updates.

Several vulnerabilities were discovered in the PCX and other image file format readers in the KDE core libraries, some of them exploitable to execute arbitrary code.
It has been discovered that certain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim.
Several security relevant problems have been discovered in lsh, the alternative secure shell v2 (SSH2) protocol server.
Fixed packages are available now.

MaxDB, former SAP DB, is a heavy-duty, SAP-certified open source database. Two stack overflow vulnerabilities were found in the web administration service of MaxDB. Patches are available now.

A potential vulnerability has been identified with OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely by an unauthorized user to create a Denial of Service (DoS). Patches are available now.

A heap based buffer overflow bug was found in the OpenOffice.org DOC file processor. An attacker could create a carefully crafted DOC file in such a way that it could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. Fixed software is available now.

When having updated the pattern of this AntiVirus Software to Update #594, the CPU utilization might go up to 100%. The latest update #596 solves this problem which is unique for #594. If an update isn't possible, a way to edit the registry is described in the advisories.

Several vulnerabilities have been discovered in MySQL, a popular database. MySQL allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code. MySQL uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. Fixed packages are available now.

Several vulnerabilities were found in tne Mozilla and Firefox browsers that may allow a remote attacker to execute arbitrary code and other attackes. Fixed software is available now.

Several bugs have been found in junkbuster, a HTTP proxy and filter. An attacker can modify the referrer setting with a carefully crafted URL by accidently overwriting a global variable. Several heap corruptions due to inconsistent use of an internal function can crash the daemon or possibly lead to the execution of arbitrary code. Fixed packages are available now.

A buffer overflow vulnerability in the Sun Java System Web Proxy Server (Formerly Sun ONE Proxy Server) may allow a remote unprivileged user to execute arbitrary code on the system running the Web Proxy Server with the privileges of the server process. Patches are available now.

SGI has released Security Update #35 for SGI Advanced Linux Environment 3. These updates fix security related problems in kdegraphics and gaim. It's recommended to install this update.

A buffer overflow bug was in the way that grip, gnome-vfs2, and libaudio1 handle data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on the user's machine.
A flaw was discovered in the handling of compressed images where shell meta-characters are not properly escaped. It was also found that insufficient validation of image properties could potentially result in buffer management errors
cdrecord creates temporary files in an insecure manner if DEBUG iss enabled in /etc/cdrecord/rscsi.
Fixed packages are available now.

f2c and fc, which are both part of the f2c package, a fortran 77 to C/C++ translator, open temporary files insecurely and are hence vulnerable to a symlink attack. Fixed packages are available now.

A vulnerability was found in RealNetworks RealPlayer, RealOnePlayer and Helix Player. An attacker may craft a malicious RAM file that may cause a buffer overflow allowing the attacker to execute arbitrary code on a victim.s machine. Fixed software is available now.

A vulnerability was found in Solaris 8 and 9 that applies to network services which run on non-privileged ports such as NFS or NIS. Local unprivileged users may be able to start processes on non-privileged network ports. By "stealing" the port, these processes may act as modified or "trojaned" versions of the service that typically runs on that port. Patches to solve this problem are available now.

Turbolinux has published patches for the packages listed above. Some of the vulnerabilities are critical, so it's recommended to install the updates.

A cross-site scripting vulnerability was discovered in info2www, a converter for info files to HTML. A malicious person could place a harmless looking link on the web that could cause arbitrary commands to be executed in the browser of the victim user.
A problem was discovered during the upgrade of geneweb, a genealogy software with web interface. The maintainer scripts automatically converted files without checking their permissions and content, which could lead to the modification of arbitrary files.
Fixed packages are available now.

A flaw was discovered in xloadimage where filenames were not properly quoted when calling the gunzip command. An attacker could create a file with a carefully crafted filename so that it would execute arbitrary commands if opened by a victim.
Several vulnerabilities were found in the kernel versions 2.4 and 2.6.
Fixed packages are available now.

Various problems within the Concurrent Versions System (CVS) were reported such as a buffer overflow and memory access problems. Fixed software is available now.

A problem was discovered in gtkhtml, an HTML rendering widget used by the Evolution mail reader. Certain malformed messages could cause a crash due to a null pointer dereference. Fixed packages are available now.

A local unprivileged user may be able to load their own Generic Security Service Application Program Interface (GSS-API) when a privileged GSS-API application is installed which utilizes the libgss(3LIB) library. Patches to solve this problem are available now.

A new Apple Security Update solves several security related problems. The update gives improvements for the Kernel and Safari. So the installation of this update is recommended.

A buffer overflow in libexif, a library that parses EXIF files (such as JPEG files with extra tags), has been found. This bug could be exploited to crash the application and maybe to execute arbitrary code as well. An updated package is available now.

A local or remote unprivileged user may be able to execute arbitrary commands on a vulnerable LDAP server with the privileges of the LDAP process or terminate the LDAP process resulting in a Denial-of-Service (DoS). Patches to solve this problem are available now.

An IETF Internet Draft describes the use of the Internet Control Message Protocol (ICMP) to perform a variety of attacks against the Transmission Control Protocol (TCP) and other similar protocols. Couter measures are proposed, and now some manufacturers start to implement them. If an update is available for your system, it should be installed.

Oracle has released Critical Patch Updates for serveral products. A Critical Patch Update is a collection of patches for multiple security vulnerabilities.

A vulnerability in certain releases of the Sun Java System Web Server (formerly Sun ONE Web Server and iPlanet Web Server) may allow a remote user to cause the web server to become unresponsive, causing a Denial-of-Service (DOS) condition. Patches are available now.

SGI has released Security Update #34 for SGI Advanced Linux Environment 3. These updates fix security related problems in gdk-pixbuf, curl, and kdelibs. It's recommended to install this update.

The SIOCGIFCONF ioctl allows a user process to ask the kernel to produce a list of the existing network interfaces. In generating the list of network interfaces, the kernel writes into a portion of a buffer without first zeroing it. As a result, the prior contents of the buffer will be disclosed to the calling process. A patch a available now.

A critical vulnerability was discovered in the Veritas i3 Focalpoint Server. This component can be found bundled with other servers such as Indepth for Oracle. Veritas has developed a patch to fix the problem.

The Gaim application is a multi-protocol instant messaging client. Bugs were found in the way gaim escapes HTML, in several of gaim's IRC processing functions, and in gaim's Jabber message parser. A remote attacker could send a specially crafted message to a Gaim client, causing it to crash. Fixed packages are available now.

A buffer overflow was discovered in axel, a light download accellerator. When reading remote input the program did not check if a part of the input can overflow a buffer and maybe trigger the execution of arbitrary code.
Several vulnerabilities have been discovered in MySQL, a popular database. MySQL allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code. MySQL uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack. If a user is granted privileges to a database with a name containing an underscore ("_"), the user also gains privileges to other databases with similar names.
Fixed packages are available now.

No further comment due to legal reasons.

No further comment due to legal reasons.

No further comment due to legal reasons.

No further comment due to legal reasons.

No further comment due to legal reasons.

No further comment due to legal reasons.

No further comment due to legal reasons.

No further comment due to legal reasons.

A vulnerability in MySQL would allow a user with grant privileges to a database with a name containing an underscore character ("_") to have the ability to grant privileges to other databases with similar names. Fixed packages are available now.

Multiple Cisco products are affected by attacks with ICMP packets on TCP sessions. Successful attacks may cause connection resets or reduction of throughput in existing connections. Details on affected products, workarounds, and fixed software versions can be found in the Cisco advisory.

The Gaim application is a multi-protocol instant messaging client. Bugs were found in the way gaim escapes HTML, in several of gaim's IRC processing functions, and in gaim's Jabber message parser. A remote attacker could send a specially crafted message to a Gaim client, causing it to crash.
A number of integer and buffer overflow bugs that affect libtiff were discovered. The kfax application contains a copy of the libtiff code used for parsing TIFF files and is therefore affected by these bugs.
Fixed packages are available now.

Remote exploitation of a buffer overflow vulnerability in Computer Associates International Inc's BrightStor ARCserve Backup UniversalAgent may allow attackers to execute arbitrary code. Patches are available now.

The racoon IKE daemon, contained in package ipsec-tools, can be crashed from remote by sending a special crafted ISAKMP packet.
A buffer overflow was discovered in the way libexif parses EXIF tags. An attacker could exploit this by creating a special EXIF image file which could cause image viewers linked against libexif to crash.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. Multiple buffer overflow bugs were found in the way curl processes base64 encoded replies. If a victim can be tricked into visiting a URL with curl, a malicious web server could execute arbitrary code on a victim's machine.
Fixed packages are available now.

BIND is the Berkeley Internet Name Domain, the most used DNS Nameserver. The Internet Software Consortium points out that in all versions except BIND 9 a vulnerability exists when the option "forwarders" is used. There is a current, wide scale Kashpureff-style DNS cache corruption attack which depends on BIND4 and BIND8 as "forwarders" targets. So it's strongly recommended to upgrade all nameservers used as "forwarders" to BIND9.

The Common Desktop Environment (CDE) dtlogin utility has a double-free vulnerability in the X Display Manager Control Protocol (XDMCP). By sending a specially-crafted XDMCP packet to a vulnerable system, a remote attacker could obtain sensitive information, cause a denial of service or execute arbitrary code on the system.
Multiple vulnerabilities were discovered in the libtiff library.
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
Patches are available now.

cscope creates temporary files with an easily predictable file name. A local attacker could exploit this vulnerability and possibly gain elevated privileges on the system.
A very long HOME environment variable will cause a buffer overflow in auditsh, atcronsh and termsh.
Patches are available now.

ColdFusion 6.1 Updater 1 in the ColdFusion MX for JRun4 configuration only creates a /WEB-INF/cfclasses directory under the web server root and places compiled java .class files created from .cfms and .cfcs. The .class files can be downloaded by end users. A fix is available now.

Two vulnerabilities were found in gr_osview. gr_osview -s can corrupt arbitrary files. gr_osview can display head of arbitrary files. Patches are available now.

Several vulnerabilities were discovered in 'sharutils'. A buffer overflow in triggered by output files (using -o) with names longer than 49 characters. 'shar' does not check the data length returned by the wc command. 'unshar' would create temporary files in an insecure manner which could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user using 'unshar'.
A bug was discovered in the way that gtk+ and gdk-pixbuf process BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+ or gdk-pixbuf.
Fixed packages are available now.

A flaw was discovered in dcopserver, the KDE Desktop Communication Protocol (DCOP) daemon. A local user could use this flaw to stall the DCOP authentication process, affecting any local desktop users and causing a reduction in their desktop functionality. Fixed packages are available now.

SGI has released Security Update #33 for SGI Advanced Linux Environment 3. These updates fix security related problems in mysql-server, gtk2, tetex, krb5, XFree86, and telnet. It's recommended to install this update.

Remote exploitation of a Denial-of-service vulnerability in IBM Corp.'s Lotus Domino Server web service allows attackers to crash the service, thereby preventing legitimate access. The problem specifically exists within the module NLSCCSTR.DLL. If a very long string of UNICODE decimal value 430 characters is sent, the nHTTP.EXE crashes without this beeing reported to the NSERVER terminal. The crash occurs only when the long string is prefixed with /cgi-bin/. IBM has released technote #1202446 for this issue. The vendor has been unable to reproduce the issue and has therefore not released any patches.

Computer Associates International, Inc.'s (CA) eTrust Intrusion Detection 3.0 is a complete session security solution for network protection, network session monitoring and Internet web filtering. A vulnerability exists due to insufficient checking on values passed to Microsoft's Crypto API function CPImportKey. The CPImportKey function determines certain buffer allocation sizes from data supplied in the data blob passed to CPImportKey and may be manipulated to cause the allocation of large buffers if wrapper functions do not validate the data passed to the Crypto API before calling CPImportKey. In cases which CPImportKey receives a size value which exceeds the mapped memory size, an exception is generated and the memory is never freed. This is a Denial-of-Service. For eTrust Intrusion Detection 3.0 a new download is available.

Certain release trains of Cisco Internetwork Operating System (IOS), when configured to use the IOS Secure Shell (SSH) server in combination with Terminal Access Controller Access Control System Plus (TACACS+) as a means to perform remote management tasks on IOS devices, may contain two vulnerabilities that can potentially cause IOS devices to exhaust resources and reload. Repeated exploitation of these vulnerabilities can result in a Denial-of-Service (DoS) condition. Use of SSH with Remote Authentication Dial In User Service (RADIUS) is not affected by these vulnerabilities.
Cisco IOS Software release trains 12.2T, 12.3 and 12.3T may contain vulnerabilities in processing certain Internet Key Exchange (IKE) Xauth messages when configured to be an Easy VPN Server. Successful exploitation of these vulnerabilities may permit an unauthorized user to complete authentication and potentially access network resources.
Cisco has made free software available to address these vulnerabilities for all affected customers.

Turbolinux has published patches for the packages listed above. Some of the vulnerabilities are critical, so it's recommended to install the updates.

Buffer overflow vulnerabilities occur in internal parsing components and built-in functions that are accessible to all authenticated Sybase users. They allow an attacker with no special permission to take advantage of these flaws and no mechanism exists to prevent a user from executing the vulnerable code. An unauthenticated Sybase User could trigger a buffer overflow and gain full control of the database server. Due to a buffer overflow, at least a Denial-of-Service is possible. It's strongly recommended to install the latest patches published by Sybase.

In phpMyAdmin 2.6.1 and prior the convcharset parameter isn't correctly set, so there is a Cross-Site Scripting vulnerability (XSS). It's recommended to ugrade to phpMyAdmin 2.6.2-rc1 or newer.

A remote attacker may gain root access to a system configured as a NIS client. Note that it's also possible for a local attacker to exploit this vulnerability. Versions of AIX prior to AIX 5.3 are not affected by this issue. An official patch is available.

Windows Server 2003 has two denial of service vulnerabilties by which authenticated local users, and in particular Terminal Services users can crash the server. A Terminal Services user can cause the system to crash. This may be exploited by opening a Microsoft Word attachment in Outlook then printing it to a network printer. When a SMB browser announcement frame is wrongly processed by the SMB redirector, it may attempt to execute code that is paged out and unavailable, resulting in a "STOP 0x000000D1" blue screen error. A local user can exploit this for example by retrieving large files from a network share when the system is under heavy load. These vulnerabilities are fixed in Windows Server 2003 Service Pack 1.

SGI has released Security Update #32 for SGI Advanced Linux Environment 3. These updates fix security related problems in imagemagick, ipsec-tools, and mozilla. It's recommended to install this update.

The Linux kernel is the core component of the Linux system. A problem was found within the Bluetooth kernel stack which can be used by a local attacker to gain root access or crash the machine. Fixed kernel packages are available now.

The sendfile(2) system call allows a server application to transmit the contents of a file over a network connection without first copying it to application memory. If the file being transmitted is truncated after the transfer has started but before it completes, sendfile(2) will transfer the contents of more or less random portions of kernel memory in lieu of the missing part of the file.
Unprivileged users on amd64 systems can gain direct access to some hardware, allowing for denial of service, disclosure of sensitive information, or possible privilege escalation.
Patches are available now.

A bug was found in the way gdk-pixbuf processes BMP images. It is possible that a specially crafted BMP image could cause a denial of service attack on applications linked against gdk-pixbuf.
cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. Multiple buffer overflow bugs were found in the way curl processes base64 encoded replies. If a victim can be tricked into visiting a URL with curl, a malicious web server could execute arbitrary code on a victim's machine.
Updated packages solve these problems.

Several vulnerabilities were found in remstats, the remote statistics system. When processing uptime data on the unix-server a temporary file is opened in an insecure fashion which could be used for a symlink attack to create or overwrite arbitrary files with the permissions of the remstats user. The remoteping service can be exploited to execute arbitrary commands due to missing input sanitising.
Several denial of service conditions have been discovered in wu-ftpd, the popular FTP daemon. A denial of service condition in wu-ftpd can be exploited by a remote user and cause the server to slow down the server by resource exhaustion. /bin/ls may be called from within wu-ftpd in a way that will result in large memory consumption and hence slow down the server.
Fixed packages are available now.

A vulnerability within the Adobe Reader and Acrobat web control has been identified. Under certain circumstances, if the Internet Explorer ActiveX control is directly invoked by a web page, it is possible to discover the existence of local files by monitoring the behavior of certain methods. Fixed versions are available now.

A buffer overflow bug has been found in the way that grip handles data returned by CDDB servers. If a user is connected to a malicious CDDB server, an attacker might execute arbitrary code on the user's machine. An updated package addresses this issue.

TeTeX is an implementation of TeX for Linux or UNIX systems. A number of security flaws have been found affecting libraries used internally within teTeX. An attacker who has the ability to trick a user into processing a malicious file with teTeX could cause teTeX to crash or possibly execute arbitrary code. Additionally, a number of security related bugs concerning teTeX have been found in Xpdf and libtiff.
The gtk2 package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. A bug has been found in the way gtk2 processes BMP images. It's possible that a specially crafted BMP image could cause a Denial-of-Service attack on applications linked against gtk2. Additionally, a double free vulnerability has been found.
Updated packages solve these problems.

Several vulnerabilities have been discovered in ImageMagick, a commonly used image manipulation library. These problems can be exploited by a carefully crafted graphic image. A format string vulnerability in the filename handling code might allow attackers to cause a Denial-of-Service and possibly execute arbitrary code of attacker's choice. A Denial-of-Service might occur due to in invalid tag in a TIFF image. Additionally, the TIFF decoder is vulnerable to accessing memory out of bounds which will result in a segmentation fault. Finally, a buffer overflow in the SGI parser allows a remote attacker to execute arbitrary code via a specially crafted SGI image file. For most Linux a fixed package is available now.

Several vulnerabilities were found in PHP 4 and PHP 5. Two vulnerability in the getimagesize() PHP routine could allow unauthenticated remote attackers to consume 100% CPU resources on vulnerable systems. A vulnerability in swf_openfile() bypasses safe mode restrictions. In conjunction with application vulnerabilities this can potentially allow overwriting arbitrary files. unserialize() corrupts floating point values in non-English locales. Patches are available now.

A cross-site scripting vulnerability was discovered in ht://dig.
A buffer overflow was discovered in the way libexif parses EXIF tags. An attacker could exploit this by creating a special EXIF image file which could cause image viewers linked against libexif to crash.
Fixed packages are available now.

The racoon IKE daemon, contained in package ipsec-tools, can be crashed from remote by sending a special crafted ISAKMP packet. Fixed packages are available now.

SGI has released Security Updates #30 and #31 for SGI Advanced Linux Environment 3. These updates fix security related problems in xpdf, squid, kdenetwork, mailman, ethereal, and gaim. It's recommended to install these updates.

Samba is an Open Source/Free Software suite that provides seamless file and print services to SMB/CIFS clients. Integer overflow vulnerabilities have been discovered in Samba, so remote attackers might execute arbitrary code using certain SMB requests. Fixed packages are available now.