A vulnerability in lsmcode may allow local users to execute arbitrary code with root privileges. A patch is available now.

Several format string vulnerabilities were found in Dia. Fixed packages are available now.

A buffer overflow was discovered in the ktools library which is used in motor, an integrated development environment for C, C++ and Java, which may lead local attackers to execute arbitrary code. Fixed packages are available now.

Vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely by an unauthorized user to gain privileged access, execute arbitrary commands, or create arbitrary files. Patches are available now.

A security vulnerability has been identified with HP OpenView Storage Data Protector running on HP-UX, IBM AIX, Linux, Microsoft Windows, and Solaris. This vulnerability could allow a remote unauthorized user to execute arbitrary commands. Patches are available now.

Security vulnerabilities have been identified with Motif applications running on HP-UX. The vulnerabilities could be exploited to allow remote execution of arbitrary code or Denial for Service (DoS).
A security vulnerability has been identified in the HP-UX kernel. The potential vulnerability could be exploited by a local authorized user to create a Denial of Service (DoS).
Security vulnerabilities have been identified with HP-UX running Software Distributor. These vulnerabilities could be exploited by a local authorized user to gain elevated privileges.
HP has released patches now.

A Cross Site Scripting (XSS) vulnerability in various releases of the Sun Java System Web Server and Sun Java System Application Server may allow an unprivileged local or remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server. Patches are available now.

A security vulnerability in the Solaris 9 in.ftpd(1M) server may allow local or remote unprivileged users to access directories outside of their home directory or to log in with their $HOME directory set to "/" (slash). Patches are not available yet. A workaround is described in the advisory.

A problem has been discovered in the IMAP component of Dovecot, a secure mail server that supports mbox and maildir mailboxes, which can lead to information disclosure via directory traversal by authenticated users.
A buffer overflow was discovered in the processing of ASF files in libextractor, a library to extract arbitrary meta-data from files, which can lead to the execution of arbitrary code.
Fixed packages are available now.

An unspecified vulnerability in mpg123 0.59r allows user-complicit attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. An updated package is available now.

A problem in the TIFF library may allow an attacker with a specially crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values to crash the library and hence the surrounding application. An updated package is available now.

Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow. Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system. New versions are available, so it's strongly recommended to install the updated version.

Lynx is a popular text-mode WWW Browser. It's not able to grok invalid HTML including a TEXTAREA tag with a large COLS value and a large tag name in an element that is not terminated, and loops forever trying to render the broken HTML. An updated package solves this problem.

A buffer overflow in "libbfd" of GNU Binutils, as used by GNU strings, allows context-dependent attackers to cause a Denial-of-Service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. An updated package fixes this problem.

It has been discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands. A fixed package is available now.

In the kernel, a memory corruption can be triggered remotely when the ip_nat_snmp_basic module is loaded and traffic on port 161 or 162 is NATed. Hostapd 0.3.7 allows remote attackers to cause a Denial-of-Service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. Kphone creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. A potential security problem has been found in the useradd tool when it creates a new user's mailbox due to a missing argument to the open() call, resulting in the first permissions of the file being some random garbage found on the stack, which could possibly be held open for reading or writing before the proper fchmod() call is executed. In PHP, an integer overflow in the wordwrap() function could allow attackers to execute arbitrary code via certain long arguments that cause a small buffer to be allocated, triggering a heap-based buffer overflow. Additionally, the substr_compare() function in PHP 5.x and 4.4.2 could allow attackers to cause a Denial-of-Service (memory access violation) via an out-of-bounds offset argument.
Updated packages solve these issues.

Mpg123 is a command-line player for MPEG audio files. Due to insufficient validation of MPEG 2.0 layer 3 files several possibilities for buffer overflows are present. An updated package solves this problem.

The Cisco VPN Client for Windows is affected by a local privilege escalation vulnerability that allows non-privileged users to gain administrative privileges. A user needs to authenticate and start an interactive Windows session to be able to exploit this vulnerability. This issue is not related to any known issues in Microsoft Windows itself. Cisco has made free software available to address this vulnerability for affected customers.

The Xorg X server is one of the X Window System display servers available on the Solaris x86 platform. A buffer overflow in the X Render extension may allow an unprivileged local or remote user who is a client of the Xorg X server the ability to execute arbitrary code with the privileges of the Xorg server. The Xorg X server runs with root privileges on Solaris. So it's recommended to update the system immediately.

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. he phpinfo() PHP function doesn't properly sanitize long strings. An attacker might use this to perform cross-site scripting attacks against sites that have publicly-available PHP scripts that call phpinfo(). The error handling output was found to not properly escape HTML output in certain cases. An attacker could use this flaw to perform cross-site scripting attacks against sites where both display_errors and html_errors are enabled. A buffer overflow flaw was discovered in uw-imap, the University of Washington's IMAP Server. php-imap is compiled against the static c-client libraries from imap and therefore needed to be recompiled against the fixed version. The wordwrap() PHP function did not properly check for integer overflow in the handling of the "break" parameter. An attacker who could control the string passed to the "break" parameter could cause a heap overflow.
Users of PHP should upgrade to these updated packages, which contain backported patches that resolve these issues.

Potential security vulnerabilities have been identified in Firefox for HP Tru64 UNIX and in the Mozilla Application Suite for HP Tru64 UNIX. The vulnerabilities might result in remote execution of arbitrary code or Denial-of-Service (DoS). Please install to the latest versions: Mozilla 1.7.13 Application Suite, Firefox 1.5.0.3 and Firefox 1.0.8.

If the WebObjects developer tools are installed, remote attackers may be able to obtain or modify WebObjects projects while Xcode is running. Fixed software is available now.

Several vulnerabilities were found in the linux kernel. Fixed kernel packages are available now.

SGI has released the Security Update #58 for SGI Advanced Linux Environment 3. These updates fix security related problems in ethereal, ipsec-tools, libtiff, php, and squirrelmail. So it's recommended to install this update.

A weakness exists in OpenLDAP which is caused due to a boundary error in slurpd(8) within the handling of the status file. This can be exploited to cause a stack-based buffer overflow via an overly long hostname read from the status file. Fixed packages are available now.

Several flaws were found in the way various XScreenSaver screensavers create temporary files. It may be possible for a local attacker to create a temporary file in way that could overwrite a different file to which the user running XScreenSaver has write permissions.
A bug was found in the way PostgreSQL's PQescapeString function escapes strings when operating in a multibyte character encoding. It is possible for an attacker to provide an application a carefully crafted string containing invalidly-encoded characters, which may be improperly escaped, allowing the attacker to inject malicious SQL.
Fixed packages are available now.

A buffer overflow has been discovered in nagios, a host, service and network monitoring and management system, that could be exploited by remote attackers to execute arbitrary code. Fixed packages are available now.

Sendmail is a multi purpose Mailserver. It might allow a remote attacker to execute arbitrary code as root, caused by a signal race vulnerability. An updated package solves this problem.

Several vulnerabilities have been discovered in MySQL, a popular SQL database. Fixed packages are available now.

Several vulnerabilities have been found in the packages above. Some are critical, so updated packages should be installed.

Since yesterday, many mails with an attachment have been found in the Internet. The attachment is a file in doc-format, exploiting a newly found vulnerability in Microsoft Word. If opened, a trojan is installed. Since there is no hotfix available, it's recommended to update the Anti-Virus Software and to be careful with attachments.

A security vulnerability in Sun N1 System Manager 1.1 may allow a local unprivileged user to access internal System Manager passwords. A patch is available now.

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel, so a kernel update should be installed as soon as possible.

It has been discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands. A fixed package is available now.

A vulnerability was discovered in FreeSSHd, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. An updated version solves this problem.

A security vulnerability in Sun Java System Directory Server 5.2 may allow a local or remote user to gain unauthorized administrative access to the Directory Server by logging in to the Directory Server console. Workaround is to manually change the administrative user password.

PhpLDAPadmin is a web based interface for administering LDAP servers. Due to several cross-site scripting vulnerabilities, remote attackers might be able to inject arbitrary web script or HTML. An updated package is available now.

webcalendar, a PHP-Based multi-user calendar, returns different error messages on login attempts for an invalid password and a non-existing user, allowing remote attackers to gain information about valid usernames. Fixed packages are available now.

A vulnerability has been identified in RealVNC Free Edition Version 4.1.1 and Personal/Enterprise Version 4.2.2, respectively. It might be exploited by remote attackers to compromise a vulnerable system. This flaw is due to a design error in the authentication process that doesn't properly validate passwords, which could be exploited by remote unauthenticated attackers to gain unauthorized access to a vulnerable system via a specially crafted request. An updated version solves this problem.

A vulnerability in the Verisign i-Nav ActiveX control allows remote attackers to execute arbitrary code on vulnerable installations. A patch is available now.

Several security vilnerabilities were found in Apple QuickTime. Fixed software is available now.

Several security issues in Safari, Mail, LaunchServices, QuickTime Streaming Server, MySQL Manager, FTPServer, Flash Player, Finder, CoreGraphics, ClamAV, BOM, AppKit, CFNetwork, CoreFoundation, ImageIO, Keychain, libcurl, Preview, QuickDraw, and Ruby are fixed and bundled in the Security Update 2006-003, which is available now.

Ghostscript is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Updated packages solve this issue.

Cisco Application Velocity System's (AVS) default configuration allows transparent relay of TCP connections to any reachable destination TCP port if the receiving TCP service can process requests embedded in a HTTP POST method message. Cisco has released a fixed version now.

Code generated by Dreamweaver server behaviors for the ColdFusion, PHP mySQL, ASP, ASP.NET, and JSP server models could allow SQL Injection by an attacker. Fixed software is available now.

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. Fixed packages are available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

A race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. Fixed packages are available now.

A bug was found in the way Ruby creates its xmlrpc and http servers. The servers use a non blocking socket, which enables a remote user to cause a denial of service condition if they are able to transmit a large volume of information from the network server. Fixed packages are available now.

Several vulnerabilities were discovered in libtiff that can lead to remote Denial of Service attacks or tne execution of arbitrary code. Fixed software is available now.

A vulnerability issue exists in the CA CAIRIM LMP solution for z/OS. CAIRIM is delivered as part of CA's z/OS Common Services, and the LMP component provides licensing services to many of CA's z/OS solutions. Patches are available now.

It may be possible for a remote privileged user to cause the in.iked(1M) daemon to crash or cause in.iked to send invalid data to a peer system, potentially causing that system's in.iked daemon to crash, when an IKE exchange with a malformed payload is attempted. Patches are available now.

A buffer overflow was found in the HTTP content_length header handling of Nagios, that could affect the CGIs under certain web servers (although probably not Apache). Fixed software is available now.

Several vulnerabilities were found in PHP 5.1.3. Fixed software is available now.

Several buffer overflows have been discovered in cgiirc, a web-based IRC client, which could be exploited to execute arbitrary code. Fixed packages are available now.

In April 2006 some patches concerning inappropriate access and other security related problems have been published. They address vulnerabilities which might be exploited unauthenticated and remote. There is one patch for the IBM Tivoli Directory Server, two for the IBM Tivoli Identity Manager, twelve for the WebSphere Application Server and three for the WebSphere Extended Deployment. Please refer to the advisory to get detailed information about the fixed problems.

MySQL contains several vulnerabilities which may allow unauthenticated information disclosure and the execution of arbitrary code by a remote, authenticated user. It's recommended, to use only MySQL 5.0.21, 5.1.10 or 4.1.19, respectively.

Three buffer overflow bugs were discovered in Dia's xfig file format importer. If an attacker is able to trick a Dia user into opening a carefully crafted xfig file, it may be possible to execute arbitrary code as the user running Dia.
Several vulnerabilities were found in SquirrelMail.
A number of vulnerabilities have been discovered in the Ethereal network analyzer.
Fixed packages are available now.

A vulnerability was discovered in the protocol code of freshclam, a command line utility responsible for downloading and installing virus signature updates for ClamAV, the antivirus scanner for Unix. This could lead to a Denial-of-Service or potentially the execution of arbitrary code. A fixed package is available now.

A buffer overflow flaw in the X.org server RENDER extension was discovered. A malicious authorized client could exploit this issue to cause a denial of service (crash) or potentially execute arbitrary code with root privileges on the X.org server. Patches are available now.

The 'deleted object reference' vulnerability was now fixed in version 1.5.0.3 of Mozilla Firefox.
So it's recommended to update to the fixed version.

Three vulnerabilities which can lead to remote access were found in Symantec Scan Engine, a dedicated TCP/IP server and programming interface for third party software.
Update to version 5.1 will solve the issues.

Again a number of vulnerabilities have been discovered in the Ethereal network analyzer.
Fixed packages are available now.

A vulnerability resides in Cisco's Voice-over-IP-Modul 'Unity Express' (CUE) which allows arbitrary users to change a expired password of another user. This can lead in worse case to administrative access.
Cisco has released a fixed version now.

Asterisk is an Open Source Private Branch Exchange (telephone control center). Due to missing input sanitising it's possible to retrieve recorded phone messages for a different extension. Additionally, an integer error might trigger a buffer overflow and hence allow the execution of arbitrary code. A patch addresses these issues.