SGI has released the Security Update #52 for SGI Advanced Linux Environment 3. These updates fix security related problems in imap and xpdf. So it's recommended to install these updates.

A local root vulnerability has been found in the mtink binary. It has a buffer overflow in its handling of the HOME environment variable, allowing the possibility for a local user to gain root privileges. Mandriva encourages all users to upgrade immediately to the updated packages.

The Research in Motion (RIM) BlackBerry Router contains a vulnerability in the way the router handles Server Routing Protocol (SRP) packets. By sending specially crafted SRP packets to the router, an attacker might cause a Denial-of-Service, disrupting communication between BES components and BlackBerry Handheld devices.
The Research in Motion (RIM) BlackBerry Attachment Service contains a vulnerability in the way the service handles TIFF files. By supplying a specially crafted TIFF image as an email attachment and convincing a user to view the image on a BlackBerry Handheld, a remote, unauthenticated attacker could cause a Denial-of-Service and maybe execute arbitrary code on the system.
These issue have been escalated internally, so a patches will follow.

Microsoft Windows Metafile format images are graphical files and Microsoft Windows contains routines for displaying these files. Due to a lack of input validation in one of these routines may allow a buffer overflow to occur, and in turn may allow remote arbitrary code execution with the rights of the Windows user. Current public exploits use the Windows Picture and Fax Viewer (SHIMGVW.DLL) as an attack vector affecting users of any Windows-based application that can handle Windows Metafiles. Until now, no patch is available.

A CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary E-Mail headers via line feeds (LF) in the "To" address argument, when using sendmail as the MTA (mail transfer agent). An updated package solves this problem.

The VMware NAT Service used in multiple VMware products contains a buffer overflow in the way it handles FTP PORT and EPRT commands. An attacker might execute arbitrary code with the privileges of the NAT service or cause a Denial-of-Service (DoS). It's recommended to upgrade to a fixed version.

A security vulnerability in the "/etc/init.d/slsadmin" script in PC NetLink 2.0 may allow files to be opened insecurely, which could allow an unprivileged local user the ability to write to the filesystem with the permissions of the user running "slsadmin." If "slsadmin" is run as "root," it may allow a local unprivileged user to gain elevated privileges on the system and run arbitrary commands.
A patch is available now.

The dhis-tools-dns package contains DNS configuration utilities for a dynamic host information System. It's usually executed by root and it creates temporary files in an insecure manner. An updated package solves this problem.

Tkdiff is a graphical side by side "diff" utility. It creates temporary files in an insecure fashion. An updated package solves this problem.

The GdkPixBuf library provides a number of features. Multiple vulnerabilities have been discovered in the handling of libXpm for gdk-pixbuf. Additionally, the gtk+ package contains the GIMP ToolKit (GTK+), a library for creating graphical user interfaces for the X Window System. Two vulnerabilities have been discovered in the handling of libXpm for gtk2. Both vulnerabilities may allow remote attackers to execute arbitrary code via malformed XPM image files.
OpenSSH is a free version of the SSH protocol suite of network connectivity tools. The sshd in OpenSSH, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. So access controls can be bypassed.
Squid is a high-performance proxy caching server for web clients. It allows remote attackers to cause a Denial-of-Service (crash) via certain crafted requests.
Updated packages solve these problems.

Fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a Denial-of-Service (DoS) because the application crashes if an attacker sends messages without headers from upstream mail servers.
A buffer overflow in cpio 2.6 on 64-bit platforms could also allow a local user to create a DoS and possibly execute arbitrary code when creating a cpio archive with a file whose size is represented by more than 8 digits.
Updated packages solve these problems.

Ketm is an old school 2D-scrolling shooter game. Du to a buffer overflow it's possible to execute arbitrary code with group games privileges. An updated package solves this problem.

McAfee VirusScan is an anti-virus software. Remote exploitation of an access control vulnerability in McAfee Security Center allows attackers to create or overwrite arbitrary files. The vulnerability is due to a registered ActiveX control failing to restrict which domains may load the control for execution. MCINSCTL.DLL as included with McAfee Security Center exports an object for logging called MCINSTALL.McLog. The McLog object is designed to allow Security Center to log to a file through the StartLog and AddLog methods. McAfee fails to restrict the ActiveX control from being loaded in arbitrary domains. As such, attackers can create a specially crafted web page utilizing the McLog object to create arbitrary files. This attack can lead to arbitrary code execution by a remote attacker. McAfee previously released updates to SecurityCenter that resolve this issue.

The Symantec RAR decompression library Dec2RAR.dll contains multiple heap buffer overflows. Using a specially crafted RAR archive, a remote attacker could execute arbitrary code or cause a Denial-of-Service. A patch isn't available yet, so the scanning of RAR archives could be disabled.

A buffer overflow in xloadimage might allow attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during zoom, reduce, or rotate operations.
The wu_fnmatch function in wu_fnmatch.c of the wu-ftpd allows remote attackers to cause a Denial-of-Service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, which can e.g. provided with the dir command.
TCP doesn't adequately validate segments before updating timestamp value, allowing a remote attacker to arbitrarily modify host timestamp values that will in turn cause TCP connections to abort/drop segments, leading to a Denial-of-Service condition.
Updated packages solve these problems.

A vulnerability in sudo versions prior to 1.6.8p12 has been found. When the perl taint flag is off, sudo doesn't clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library files that have the same name as library files that included by the script. In addition, other environment variables have been included in the patch that remove similar environment variables that could be used in python and ruby, scripts, among others. Updated packages have been patched to correct this problem.
Additionally, a new kernel package has been published, fixing several vulnerabilities in the kernel.

It has been found out, that nbd, the network block device client and server could potentially allow arbitrary code on the NBD server.
PhpBB is a fully featured and skinnable flat webforum. It shows several vulnerabilities which might lead to script injection, bypass protection and security mechanisms, Cross-Site Scripting, modification of global variables, SQL injection and more.
Updated packages solve these problems.

Cisco Clean Access is a Network Admission Control solution that can automatically detect, isolate, and clean infected or vulnerable devices that attempt to access the network. A method has been published to create a Denial-of-Service on a few layers. One, a user without a username or password can use the vulnerability to upload files to a web visable folder, leading to a DoS when the drive is filled. To carry out this attack, jsp files are used. Cisco recommends to remove obsolete jsp files and has published a patch for customers.

Several buffer overflows were discovered in pnmtopng which is also included in netpbm, a collection of graphic conversion utilities, that can lead to the execution of arbitrary code via a specially crafted PNM file.
A flaw was discovered in the way udev sets permissions on various files in /dev/input. It may be possible for an authenticated attacker to gather sensitive data entered by a user at the console, such as passwords.
An off-by-one bug was discovered in curl. It may be possible to execute arbitrary code on a user's machine if the user can be tricked into executing curl with a carefully crafted URL.
Several flaws were discovered in the way CUPS processes PDF files. An attacker could construct a carefully crafted PDF file that could cause CUPS to crash or possibly execute arbitrary code when opened.
Fixed packages are available now.

Integer overflows in the format string functionality in Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap. Fixed software is available now.

A vulnerability has been identified with HP-UX systems running WBEM Services. The vulnerability could be exploited remotely to create a Denial of Service (DoS). HP has made software updates available to resolve the issue.

A memory leak in the worker MPM in Apache 2 could allow remote attackers to cause a Denial of Service (memory consumption) via aborted commands in certain circumstances, which prevents the memory for the transaction pool from being reused for other connections. Updated packages are available now.

A buffer overflow has been discovered in dropbear, a lightweight SSH2 server and client, that may allow authenticated users to execute arbitrary code as the server user (usually root). Fixed packages are available now.

Zgrep in gzip doesn't properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. A race condition in gzip, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. A directory traversal vulnerability in gunzip -N allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
Various flaws in tcpdump can allow remote attackers to cause Denial-of-Service (DoS).
Updated packages solve these problems.

The Citrix Program Neighborhood client supports a UDP based application enumeration mechanism. If this functionality is used to present the client in version 9.1 and earlier for 32-bit and 64-bit Windows with a very long application name then an implementation flaw in the client could result in an internal buffer being overflowed. It's possible that this buffer overflow could be used to execute malicious code within the client process. This issue has been fixed in version 9.150, which is ready for download now.

Buffer overflow vulnerabilities in muxatmd and slocal may allow any local user to gain root privileges. A vulnerability was discovered in the diagela script that allows a local user that is in the system group and that has the RunDiagnostics role to execute arbitrary code. Exploits for this vulnerability may be publicly available. Fixes solve these problems.

Updated PHP packages fix the some security issues, which might also lead to remote code execution. Several vulnerabilities have been discovered in the kernel, the core of a linux system. A fixed package solves these vulnerabilities, too.

A new cumulative security rollup contains security patches potential vulnerabilities. ColdFusion Sandbox security relies on the Java SecurityManager. When ColdFusion is running on a JRun 4 cluster member and the SecurityManager is disabled, Sandbox security silently fails without throwing an exception. With Sandbox security disabled a remote attacker using an application setup to use Sandbox security could potentially bypass security controls. Additionally, an application written to use the CFMAIL tag could be used to attach arbitrary files and send mail with any content. This is due to weak input validation in the "Subject" field. Setting CFOBJECT /CreateObject(Java) to be disabled in Sandbox security has no effect, still allowing a local attacker to create an object. Finally, the password hash used to authenticate the ColdFusion Administrator is exposed via an API call, allowing a local developer to obtain the hash and authenticate as Administrator.

A new updater solves some problems in the JRun 4.0 server. A remote attacker could enter a malformed URL causing JRun to return web application source code. The JRun Web Server improperly handles long URLs and headers allowing a remote attacker to cause a Denial-of-Service. Macromedia doesn't recommend the JWS be used as a production web server.

A new cumulative security rollup contains security patches for two potential vulnerabilities. ColdFusion Sandbox security relies on the Java SecurityManager. When ColdFusion is running on a JRun 4 cluster member and the SecurityManager is disabled, Sandbox security silently fails without throwing an exception. With Sandbox security disabled a remote attacker using an application setup to use Sandbox security could potentially bypass security controls. Additionally, an application written to use the CFMAIL tag could be used to attach arbitrary files and send mail with any content. This is due to weak input validation in the "Subject" field.

Flash Media Server remote administrator interface connects using TCP to port 1111. An error exists in the way that the server handles malformed data allowing a remote attacker to crash the administrator service. Workarounds to limit the exposure to attacks is described in the advisory.

A vulnerability in FFmpeg libavcodec has been found. It can be exploited by malicious people to cause a DoS (Denial-of-Service) and potentially to compromise a user's system. This code is used by xine-lib, xmovie, mplayer, ffmpeg, and gstreamer-ffmpeg, so these programs are vulnerable. Updated packages fix this problem.

A Denial-of-Service (DoS) vulnerability exists in "libcurl", the underlying library of the cURL networking tool. The reason are two off-by-one errors in libcurl's URL parser which a buffer overflow.
A Cross-Site Scripting (XSS) vulnerability exists in the Apache HTTP server. The flaw exists in the "mod_imap" extension module and occurs when using the "Referer" directive with image maps. In certain configurations a remote attacker could perform an XSS attack if a victim can be forced to visit a malicious URL using certain web browsers.
Updated packages are available now.

Remote exploitation of a command injection vulnerability in Lynx might allow attackers to execute arbitrary commands with the privileges of the underlying user. The reason is the URI handler "lynxcgi:".
In Xloadimage the titles of NIFF Images aren't handled correctly, so a buffer overflow is possible.
An integer overflow vulnerability in libXpm can be exploited by a remote user to cause arbitrary code to be executed.
Updated packages solve these problems.

Several vulnerabilities in the kernel have been fixed now. It's recommended to use kernel 2.4.27 or 2.6.8 only and to upgrade immediately, because some vulnerabilities are critical.

Trend Micro Server Protect is a centrally managed solution for Anti-Virus. Three vulnerabilities have been detected in the Management Console 5.58 running with Trend Micro Control Manager 2.5/3.0 and Trend Micro damage Cleanup Server 1.1. The first is reasoned by the handling of the IMAGE parameter in the script rptserver.asp. When supplying special data, an attacker is able to have a remote view on all files on the system. Two other vulnerabilities give remote attackers the chance to execute arbitrary code on the system with the rights of the web server. Providing relay.dll or isaNVWRequest.dll with special content, the heap will be damaged and the supplied code will be executed. Finally, a remote Denial-of-Service against the EarthAgent Daemon is possible by sending specially crafted packets to port 5005/tcp.
For the fourth vulnerability, a patch is available. The others can be fixed by workarounds described in the concerning advisory.

Trend Micro PC-Cillin Internet Security is antivirus protection software for home and business use. During the installation the default Access Control List (ACL) settings aren't save, so a local user can modify the installed files. Due to the fact that some of the programs run as system services, a user could replace an installed Trend Micro product file with their own malicious code, and the code would be executed with system privileges. An updated version solves this problem.

No further comment due to legal reasons.

No further comment due to legal reasons.

SCO has released updated packages to address two vulnerabilities identified in OpenSSH. These flaws might be exploited by attackers to disclose sensitive information or bypass security restrictions.
Local exploitation of a buffer overflow vulnerability in the uidadmin binary included in multiple versions of UnixWare allows attackers to gain root privileges. The main reason is because uidadmin is setuid root. An updated package solves this proble, too.

A bug in enigmail, the GPG support extension for Mozilla MailNews and Mozilla Thunderbird was discovered that could lead to the encryption of an E-Mail with the wrong public key. This could potentially disclose confidential data to unintended recipients. An updated packages have been patched to prevent this problem.

A vulnerability has been discovered a buffer overflow in libcurl that could allow the execution of arbitrary code. Several off-by-one errors allow local users to trigger a buffer overflow and cause a Denial-of-Service or bypass PHP security restrictions via certain URLs. An updated package remedies these problems.

Libcurl's URL parser function can have a malloced buffer overflows in two ways if given a too long URL. It cannot be triggered by a redirect, which makes remote exploitation unlikely, but can be passed directly to libcurl (allowing for local exploitation) and could also be used to break out of PHP's safe_mode/ open_basedir. This vulnerability only exists in libcurl and curl 7.11.2 up to and including 7.15.0. An updated packages have been patched to correct the problem. As well, updated php-curl packages are available that provide a new curl PHP module compiled against the fixed code.
A new way to exploit format string errors in the Perl programming language might lead to the execution of arbitrary code. Updated packages are available now.

Ethereal is a full featured open source network protocol analyzer. Remote exploitation of an input validation vulnerability in the OSPF protocol dissectors within Ethereal, as included in various vendors operating system distributions, could allow attackers to crash the vulnerable process or potentially execute arbitrary code. It's recommended to disable the OSPF dissector or to install a patch.

The Dell TrueMobile 2300 Wireless Broadband Router is an 802.11b/g wireless access point, wired ethernet switch and internet router. By requesting a special url from the router, it's possible to obtain a page containing a form which allows you to reset the authentication credentials. Exploitation could allow remote attackers to associate with the internal side of the router to change any configuration settings, including uploading of new firmware. Dell is no longer selling this product and has replaced it with newer models that do not exhibit the defect. Therefore, a patch will not be released to address this issue.

A potential security vulnerability has been identified by IBM for the IBM Tivoli Directory Server (ITDS). Exploiting this vulnerability may allow unauthorized access to change, modify and/or delete directory data stored in IBM Tivoli Directory Server. Patches are available now.

Solaris 10 with Sun Update Connection Services, a web proxy password may be visible to unauthorized local users on the affected system and also in the web proxy log files at the web proxy server. In addition, this issue prevents Sun Update Connection from authenticating to the web proxy server. Patches are available now.

phpMyAdmin comes with a register_globals emulation layer within grab_globals.php, to ensure compatibility with hosts where this feature is turned off. A bug in this feature opens phpMyAdmin to a number of XSS, local and remote file inclusion vulnerabilities. Fixed software is available now.

It was discovered that courier-authdaemon, the authentication daemon of the Courier Mail Server, grants access to accounts that are already deactivated.
Two security related problems have been discovered in osh, the operator's shell for executing defined programs in a privileged environment. A bug in the substitution of variables allows a local attacker to open a root shell. A buffer overflow caused by the current working directory plus a filename could be used to execute arbitrary code and e.g. open a root shell.
Fixed packages are available now.

Several vulnerabilities have been discovered in the kernel, the core of a linux system. A fixed package solves these vulnerabilities.

Kpdf and gpdf, the pdf viewers for KDE and Gnome, shares code with xpdf. Xpdf contains multiple integer overflow vulnerabilities that allow specially crafted pdf files, when opened, to overflow a heap allocated buffer and execute arbitrary code. Source code patches have been made available which fix these vulnerabilities.

A potential security vulnerability has been discovered with HP-UX running IPSec. The vulnerability could be exploited to allow remote unauthorized access. HP has made software updates available to resolve the issue.

Inkscape is a vector-based drawing program. A buffer overflow in the SVG parsing routines might lead to the execution of arbitrary code. Additionally, the ps2epsi extension shell script uses a hardcoded temporary file making it vulnerable to symlink attacks. An updated package remedies these problems.

A Security Vulnerability in Communications Services Delegated Administrator 2005Q1 may allow a remote unauthorized user the ability to gain access to the Top-Level Administrator (TLA) default password.
A security vulnerability exists in the Proxy Plug-in for certain Sun ONE and Java System Application Server products when the plug-in is used with a supported web server, such as Sun Java System Web Server, Apache Web Server or Microsoft Internet Information Server (IIS). This vulnerability may allow a "Man-in-the-Middle" condition to be exploited and possibly compromise data privacy between the client and the server.
Patches solve these problems.

The xpdf package is an X Window System-based viewer for Portable Document Format (PDF) files. Several flaws were discovered in Xpdf. An attacker could construct a carefully crafted PDF file that could cause Xpdf to crash or possibly execute arbitrary code when opened.
A buffer overflow flaw was discovered in the way the c-client library parses user supplied mailboxes. If an authenticated user requests a specially crafted mailbox name, it may be possible to execute arbitrary code on a server that uses the library.
Fixed packages are available now.

Three security vulnerabilities with the use of "reflection" APIs in the Java Runtime Environment (JRE) may (independently) allow an untrusted applet to elevate its privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. Patches are available now.

SpamAssassin 3.0.4 allows attackers to bypass spam detection via an E-Mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
Scrubber.py in Mailman 2.1.4 - 2.1.6 doesn't properly handle UTF8 character encodings in filenames of E-Mail attachments, which allows remote attackers to cause a Denial-of-Service. In addition, these versions of mailman have an issue where the server will fail with an Overflow on bad date data in a processed message. The version of mailman in Corporate Server 2.1 doesn't contain the above vulnerable code.
A format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180 has been discovered. If syslog logging is enabled, remote attackers might to cause a Denial-of-Service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.
Updated packages have been patched to address these issues.

The Sun Java Runtime Environment provides the libraries and components necessary to run Java-based applications. There is an unspecified vulnerability in the Java Runtime Environment that may allow an untrusted Java applet to bypass the Java security settings. Once the security restrictions are bypassed, the applet may be able to access and manipulate system resources. Sun has addressed this issue in the Java Development Kit and Java Runtime Environment 5.0 Update 4 and later.

eEye Digital Security has discovered a critical vulnerability in RealPlayer. The vulnerability allows a remote attacker to reliably overwrite stack memory with arbitrary data and execute arbitrary code in the context of the user who executed the player. RealNetworks has released a patch for this vulnerability.

A vulnerability exists in the IOS HTTP server. Exploiting this vulnerability may result in an attacker executing commands on the device, including the possibility of gaining full administrative privileges on the device which is dependent on the privilege level of the authenticated user. A proof of concept exploit exists for this vulnerability. Cisco has made free software available to address this vulnerability.

A vulnerability was discovered in Cisco Security Agent (CSA). CSA is a security software agent that provides threat protection for server and desktop computing systems. Exploiting this vulnerability may allow privilege escalation and allow an attacker with local system level privileges on a Windows workstation or server running managed or standalone CSA 4.5.0 or 4.5.1 agents. Cisco has made free software available to address this vulnerability.

A vulnerability has been discovered in horde2, a web application suite, that allows attackers to insert arbitary script code into the error web page.
An integer overflow has been discovered in helix-player, the helix audio and video player. This flaw could allow a remote attacker to run arbitrary code on a victims computer by supplying a specially crafted network resource.
Fixed packages are available now.