If sendmail is used with the option "-bs" and a mail filter (milter) is configured, a Denial-of-Service can be triggered by sending very long header lines. A patch is available now.

Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a Denial-of-Service or the execution of arbitrary code. Updated packages address this issue.

Gtetrinet is a multiplayer Tetris-like game. Due to several potential out-of-bounds index accesses, an remote server might be able to execute arbitrary code on a vulnerable system. An updated package is available now.

Several buffer overflows have been found in libmusicbrainz, a CD index library. Due to this, remote attackers might cause a Denial-of-Service or execute arbitrary code. An updated package is available now.

The Symantec Enterprise Security Manager 6.0 and 6.5.x is vulnerable to a race condition that can cause the application to lock up, resulting in a Denial-of-Service. This can be achieved by a specially crafted invalid request sent to the manager server to simulate an ESM agent. This causes both the ESM manager and ESM agent to lock up. A fix is available now.

SAP-DB/MaxDB is a heavy-duty, SAP-certified open source database for OLTP and OLAP usage. A remotely exploitable vulnerability exists in MaxDB's WebDBM. Due to an input validation error, it is possible to execute arbitrary code with the privileges of the 'wahttp' process by sending a malformed HTTP request. Authentication is not required for successful exploitation to occur. This problem has been fixed in the latest release of the product, MaxDB 7.6.00.31.

VMware ESX server includes a web interface that can be used for remote management. On affected versions, when a user changes their password, the new credentials are recorded in the server logs as plain text files in directories that all users can read. Vulnerable are VMware ESX prior to 2.5.3 upgrade patch 2, VMware ESX prior to 2.1.3 upgrade patch 1, and VMware ESX prior to 2.0.2 upgrade patch 1. For these versions, an upgrade patch is available.

The kdegraphics package contains graphics applications for the K Desktop Environment. Updated kdegraphics packages that fix several security flaws in kfax are now available for Red Hat Enterprise Linux 2.1 and 3.

Kdm is the X display manager for KDE. It handles access to the session type configuration file insecurely, which may lead to the disclosure of arbitrary files through a symlink attack.
Ruby 1.8 is the interpreter for the Ruby language. Here, the use of blocking sockets can lead to Denial-of-Service. Additionally, it does not properly maintain "safe levels" for aliasing, directory accesses and regular expressions, which might lead to a bypass of security restrictions.
Streamripper is a utility to record online radio-streams. It performs insufficient sanitising of data received from the streaming server, which might lead to buffer overflows and the execution of arbitrary code.
Fixed packages are available now.

Pkgadd is a tool for adding and removing Software packages from a system. If a patch or package is installed which contains a pkgmap(4) with a "?" for the mode field of a file or directory onto a Solaris 10 system, pkgadd(1M) may incorrectly set the permissions of the corresponding file or directory to either 755 or 777. The permissions of 777 are a security risk since when applied to a file any user is then able to modify that file and when applied to a directory all files within that directory can modified by any user. A patch should be installed, so the expected behavior becomes true.

Updated kernel packages fixing several security issues in the Mandriva Linux kernel are available now.

New source code patches have been published for dhcpd, kernel, and isakmpd, fixing security related problems.

VMware ESX Server 2.5.3 Upgrade Patch 2 has been published now. It resolves some issues, including the problem that Local users can read the passwords of any user who changed their password through the web interface. This patch is not applicable for SunFire X4100 or X4200 servers.

A security vulnerability in the Sun Java System Content Delivery Server may allow a local or remote unprivileged user to read data from any file on the system. A patch is available now.

Ethereal is a program for monitoring network traffic. Its name has changed to Wireshark. Several vulnerabilities have been found in this software, allowing the execution of arbitrary code or a Denial-of-Service. Newly published is Wireshark version 0.99.3, so only this version should be used.

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table. MySQL 4.1 before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. Updated packages address these issues.

No further comment due to legal reasons

SGI has released the Security Update #62 for SGI Advanced Linux Environment 3. These updates fix security related problems in gnupg, httpd, ruby, libtiff, and wireshark (ethereal). So it's recommended to install this update.

ImageMagick(TM) is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Several integer and buffer overflow flaws in the way ImageMagick decodes XCF, SGI, and Sun bitmap graphic files have been found. Attackers might execute arbitrary code on a victim's machine if they were able to trick the victim into opening a specially crafted image file. An update addresses this issue.

A problem has been identified in the in-kernel PPP code shared by ISDN PPP interfaces ippp(4) and pppoe(4). Insufficient checking of options presented by the peer may cause writing of copies of the malicious input beyond the end of a buffer allocated for that purpose. This could cause kernel memory corruption and therefore a Denial-of-Service. A patch is available for FreeBSD and NetBSD.

Certain versions of the software for the Cisco PIX 500 Series Security Appliances, the Cisco ASA 5500 Series Adaptive Security Appliances (ASA), and the Firewall Services Module (FWSM) are affected by a software bug that may cause the EXEC password, passwords of locally defined usernames, and the enable password in the startup configuration to be changed without user intervention. Unauthorized users can take advantage of this bug to try to gain access to a device that has been reloaded after passwords in its startup configuration have been changed. In addition, authorized users can be locked out and lose the ability to manage the affected device. Cisco has made free software available to address this vulnerability.

The Cisco VPN 3000 series concentrators are affected by two vulnerabilities when file management via File Transfer Protocol (FTP) is enabled. It might allow authenticated or unauthenticated attackers to execute certain FTP commands and delete files on the concentrator. Cisco has made free software available to address these vulnerabilities.

Sendmail is a widely used mail transfer agent (MTA). Sendmail fails to properly handle malformed mulitpart MIME messages. This vulnerability may be triggered by sending a specially crafted message to a vulnerable Sendmail MTA. It might lead to a Denial-of-Service. A patch as well as an updated version is available.

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available.

PHP is an HTML-embedded scripting language. A vulnerability has been discovered in the sscanf function. It might allow an attacker to execute arbitrary code by a buffer overflow. Updated versions are available now.

The Java Plug-in and Java Web Start both allow applets and applications to specify the version of the Java Runtime Environment (JRE) to run with. Some versions of Java Web Start and the Java Plug-in may allow applets or applications to run with a specified version of the JRE that does not have the latest security fixes. It's recommended to install the latest versions which are available now.

SAP IGS is a server archtitecture for accessing a SAP system via HTML. It's installed with the SAP Web Application Server since version 6.30. A remote attacker may run a specially crafted HTTP request to execute arbitrary code as either the SAP system administrator account on Linux systems or the SYSTEM account on Windows systems. Additionally, with specially crafted HTTP requests a Denial-of-Service is possible. SAP provides a patch to solve this issue.

X.org is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An integer overflow flaw in the way the X.org server processes PCF files was discovered. A malicious authorized client could exploit this issue to X.org XFree86 server. An update is available now.

XFree86 is an implementation of the X Window System, which provides the core functionality for the Linux graphical desktop. An integer overflow flaw in the way the XFree86 server processes PCF files was discovered. A malicious authorized client could exploit this issue to cause a Denial-of-Service (crash) or potentially execute arbitrary code with root privileges on the XFree86 server. An update is available now.

A security vulnerability in the default Role-Based Access Control (RBAC) configuration associated with the "File System Management" profile may allow a local user who has been assigned that profile to execute arbitrary commands with the privileges of the user root. Additonally, a security vulnerability in the format(1M) command may allow local users who have been granted the "File System Management" RBAC profile to write to the device files associated with local disks with the privileges of the user root.
Patches are available for SPARC and x86 Platform.

A race condition may cause listener programs for databases or other network aware applications to cease to respond if those listeners are coded using routines from libnsl(3LIB) or TLI/XTI APIs. A patch is available now.

A heap overflow vulneravility in the UPX unpacker of the ClamAV anti-virus toolkit might allow remote attackers to execute arbitrary code or cause Denial-of-Service. An updated package is available now.

A security vulnerability exists in the Microsoft Windows drivers for the Intel 2100 PRO/Wireless Network Connection Hardware because of the way that driver handles certain requests by applications. The vulnerability could potentially be exploited by injecting specially crafted malicious frames into the driver and with the aid of an application loaded on the local system kernel level privileges could potentially be obtained. Updates address this issue.

Trac is an enhanced Wiki and issue tracking system for software development projects. A vulnerability can be used to disclose arbitrary local files because user provided input isn't checked enough. To fix this problem, the packet python-docutils needs to be updated as well as the packet trac.

eEye Digital Security has discovered a security vulnerability in IBM's eGatherer ActiveX control (delivered with IBM laptops) which can lead to remote code execution.
A new version is available now.

In AIX 5 up to version 5.3 a vulnerability in 'setlocale' may allow local users to execute arbitrary code with root privileges.
A patch is available now.

Xsan filesytem version 1.4 is now available which fixes also a buffer overflow in the path name handling. A malicious user with write access can trigger a system crash or arbitrary code execution.

A potential security vulnerability has been identified with HP-UX running the LP subsystem. The vulnerability could be exploited by a remote user to create a Denial-of-Service (DoS). An updated package is available now.

A logged in user could overwrite random variables in compose.php of SquirrelMail, which might make it possible to read/write other users' preferences or attachments. The function that the bug was in, was actually broken in the latest release of SquirrelMail. A new patch restores the functionality.

Symantec discovered a security issue in Symantec's Veritas NetBackup 6.0 PureDisk Remote Office Edition. An unauthorized user with access to the network and the server hosting the management interface can potentially bypass the management interface authentication to gain access and elevate their privileges on the system. So it's strongly recommended to install the Maintenance Pack NB_PDE_60_MP1_P01.

Ethereal is a program for monitoring network traffic. In May 2006, Ethereal changed its name to Wireshark. Several vulnerabilities have been found in this program. They are fixed in Wireshark version 0.99.2, so only this version should be used.

The X.Org server program provides several command-line options that are meant to be parsed only when the program is running as root only, and not by unprivileged users. A flaw exists in the way the server enforces this restriction because it evaluates the address of the geteuid function instead of the result of executing the function (i.e., "geteuid" versus "geteuid()"). This test is flawed because the address of geteuid is guaranteed to be nonzero. As a result, an unprivileged user can load modules from any location on the filesystem with root privileges or overwrite critical system files with the server log. For most systems, a patch is available.

A potential security vulnerability has been identified in HP-UX B.11.23, B.11.11 and B.11.00 running in Trusted Mode. The potential vulnerability could be exploited by a local authorized user to create a Denial-of-Service (DoS). A patch is available now.

McAfee Security Center is a console for managing McAfee products. It provides a "safe for scripting" ActiveX control that contains a buffer overflow. The ActiveX object is called McSubMgr and is provided by the file mcsubmgr.dll. By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause the Internet Explorer to crash. SecurityCenter 6.0.23 solves this problem.

The MIT krb 5 ftpd and ksu programs contain multiple privilege escalation vulnerabilities. These vulnerabilities are dependent on the host operating system's implementation of the setuid() system call and result when seteuid() can fail due to resource exhaustion while changing to an unprivileged user ID. Due to this, an authenticated user might be able to execute code with elevated permissions. Some implementations of seteuid() do not expose the vulnerability. For all others, an update should be installed.

Heartbeat is a subsystem for High-Availability Linux. Here, an out-of-boundary memory access might be possible. This could be used by a remote attacker to cause a Denial-of-Service. An updated package is available now.

Ruby on Rails is a web application programming framework. It contains an unspecified vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system. This vulnerability has been addressed in Ruby on Rails 1.1.6.

A potential security vulnerability has been identified with HP OpenView Storage Data Protector 5.5 and 5.1 running on HP-UX, IBM AIX, Linux, Microsoft Windows, and Sun Solaris. This vulnerability could allow a remote unauthorized user to execute arbitrary commands. So it's recommended to install the appropriate patch.

The Backup Exec for Windows Server and Remote Agents for Window Server, also used by the Continuous Protection Server and Backup Exec for Netware Server, are vulnerable to heap overflows from specifically formatted internal network calls to RPC interfaces. A patch is available now.

On Solaris 10 a system panic may result due to a race condition between netstat(1M) (or snmp queries) and ifconfig(1M) Patches are available now.

The sail, dungeon master arbiter and tetris games all contain buffer overflows. These programs are installed sgid games, and when successfully exploited the vulnerabilities may allow an attacker to elevate their privileges to the games group. Patches are available now.

In several packages that execute the setuid() system call a problem has been detected. There is a lack of checking for success when trying to drop privileges, which may fail with some PAM configurations. Updated packages for shadow, login and passwd solve this problem.

The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Vixie cron does not check the return code of a setuid call. This vulnerability may allow local users to obtain root privileges. An updated package solves this issue.

The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. Some of the tools crash when given corrupted input files.
The NTP daemon (ntpd), when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes ntpd to run with different privileges than intended.
The Linux kernel handles the basic functions of the operating system. Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 4. This is the eighth regular update and solves several security related issues.
Alock file handling flaw was discovered in kcheckpass. If the directory /var/lock is writable by a user who is allowed to run kcheckpass, that user could gain root privileges.
A flaw was discovered in sperl, the Perl setuid wrapper, which can cause debugging information to be logged to arbitrary files. By setting an environment variable, a local user could cause sperl to create, as root, files with arbitrary filenames, or append the debugging information to existing files.
Fixed packages are available now.

A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. Fixed packages are available now.

The weekly SUSE Security Summary reports vulnerabilities in the packages fbi, gimp, libwmf, x.org, zope, and horde Updated packages are available now and should be installed on vulnerable systems.

A security vulnerability in the Sun Ray Server 3.x software utxconfig(1) utility may allow a local unprivileged user the ability to create or overwrite arbitrary files on the system. Patches are available now.

The AdminAPI of ColdFusion MX 7 provides programmatic access to all ColdFusion Administrator functionality. All calls to the adminAPI require an authentication test before calling any other adminAPI functionality. The authentication test could be bypassed. Fixed software is available now.

Drupal, a dynamic website platform, performs insufficient input sanitising in the user module, which might lead to cross-site scripting.
Several remote vulnerabilities have been discovered in gallery, a web-based photo album.
Fixed packages are available now.

A missing boundary check was discovered in ncompress, the original Lempel-Ziv compress and uncompress programs, which allows a specially crafted datastream to underflow a buffer with attacker controlled data. Fixed software is available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

A boundary error was discovered in the UPX extraction module in ClamAV, which is used to unpack PE Windows executables. This could be abused to cause a Denial of Service issue and potentially allow for the execution of arbitrary code with the permissions of the user running clamscan or clamd. Fixed software is available now.

In certain application programs packaged in the MIT Kerberos 5 source distribution, calls to setuid() and seteuid() are not always checked for success and which may fail with some PAM configurations. A local user could exploit one of these vulnerabilities to result in privilege escalation. Patches are available now.

A vulnerability was discovered in McAfee Security Center that ships with all McAfee consumer products. There is a remote code execution vulnerability that allows an attacker to take complete control of a remote computer by exploiting a vulnerability found in the Subscription Manager ActiveX control. A patch is available now.

Samba provides file and printer sharing services to SMB/CIFS clients. A denial of service bug was found in the way the smbd daemon tracks active connections to shares. It was possible for a remote attacker to cause the smbd daemon to consume a large amount of system memory by sending carefully crafted smb requests.
A vulnerability in a common Apache HTTP server module, mod_rewrite, could allow a remote attacker to execute arbitrary code on an affected web server.
Fixed packages are available now.

It was discovered that one of the utilities shipped with chmlib, a library for dealing with Microsoft CHM files, performs insufficient sanitising of filenames, which might lead to directory traversal.
Several remote vulnerabilities have been discovered in freeradius, a high-performance RADIUS server, which may lead to SQL injection or denial of service.
Fixed packages are available now.

If a user has access to MyISAM table t, that user can create a MERGE table m that accesses t. However, if the user's privileges on t are subsequently revoked, the user can continue to access t by doing so through m. If this behavior is undesirable, you can start the server with the new --skip-merge option to disable the MERGE storage engine.

A bug was discovered in dhcp, the DHCP server for automatic IP address assignment, which causes the server to unexpectedly exit. Fixed packages are available now.

Several information and file disclosure vulnerabilities were found in the Barracuda Spam Firewall. Patches are available now.

A security vulnerability has been identified in the Xserver running on HP-UX. The vulnerability could be exploited by a local user to execute arbitrary code with the privileges of the Xserver. Patches are available now.

In the game 'freeciv' a buffer overflow was found, which allow remote attackers to cause a denial of service.
A fixed package is available now.

HP ProCurve Series 3500yl, 6200yl and 5400zl Switches are vulnerable against a remote Denial of Service.
HP provides new Firmware.

In the IOS CallManager Express (CME) a vulnerabilities in the SIP implemetation was found which can lead attackers to discover the names of users stored in the SIP user database.
Cisoc is currently working on this issue.

Vulnerabilities already found in 'Mozilla' and 'Firefox' have also impact on 'Thunderbird' and fixed now.
Several buffer overflows already fixed for 'xpdf' were now also fixed in 'gpdf', the Gnome PDF viewer.
An integer overflow in the cryptographic filesystem 'cfs' was found which allows local users to crash the encryption daemon.
Updated packages should be installed.

Several security bugs in 'Seamonkey', the successor of 'Mozilla' were found.
Fixed packages are available now.

Two more possible memory allocation attacks were found in GnuPG. This bug can easily be be exploted for a DoS; remote code execution is not entirely impossible. Fixed software is available now.

A number of flaws were discovered in libtiff during a security audit. An attacker could create a carefully crafted TIFF file in such a way that it was possible to cause an application linked with libtiff to crash or possibly execute arbitrary code. Fixed packages are available now.

Symantec On-Demand Agent (SODA) and Symantec On-Demand Protection (SODP) provide a Virtual Desktop environment to secure Web-based applications and services. Files created while in the virtual desktop are encrypted as they are saved to a hard drive or removable media, if that option is enabled in the policy configuration. Symantec is aware of a method which could potentially be used to defeat the encryption on these files. A patch is available now.

Several security issues in AFP Server, AppKit, Bluetooth Setup Assistant, Bom, DHCP, dyld, fetchmail, gunzip, Image RAW, ImageIO, LaunchServices, OpenSSH, telnet, and WebKit are fixed and bundled in the Security Update 2006-004, which is available now.

The crypto provider in Solaris 10 3/05 HW2 when running on Sun Fire T2000 platforms might incorrectly verify a DSA signature. Applications which depend on the results of this DSA signature verification might be vulnerable to trusting data which could have been tampered with. Patches are available now.

Several remote vulnerabilities have been discovered in the Mantis bug tracking system, which may lead to the execution of arbitrary web script.
Several stack-based buffer overflows were discovered in the LookupTRM::lookup function in libtunepimp, a MusicBrainz tagging library, which allows remote attacers to cause a denial of service or execute arbitrary code.
Fixed packages are available now.

The weekly SUSE Security Summary reports vulnerabilities in the packages mysql, Sun Java, dia, ruby, NetworkManager, and libextractor Updated packages are available now and should be installed on vulnerable systems.

In 'sitebar', a web based bookmark manager written in PHP, a cross-site scripting vulnerability was found.
Fixed Software is available now.

Several vulnerabilities were found in the VMware ESX server, which can lead to inappropriate access to system or privileged data.
An upgrade to newer versions than the affected ones fix this issues.

Symantec Brightmail Antispam for Linux, Solaris and Windows has multiple security vulnerabilities. Confidential system information can be read or modified by combining this issues.
Fixed software is available now.

In the game 'freeciv' a buffer overflow was found, which allow remote attackers to cause a denial of service.
A fixed package is available now.

SGI has released the Security Update #61 for SGI Advanced Linux Environment 3. These updates fix security related problems in elfutils, openssh, samba, seamonkey and squirrelmail. So it's recommended to install this update.