Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.
A vulnerability in PostgreSQL 8.1.x allowed remote authenticated users to cause a Denial of Service (daemon crash) via certain aggregate functions in an UPDATE statement which were not handled correctly. Another DoS issue in PostgreSQL 7.4.x, 8.0.x, and 8.1.x allowed remote authenticated users to crash the daemon via a coercion of an unknown element to ANYARRAY. Finally, another vulnerability in 8.1.x could allow a remote authenticated user to cause a DoS related to duration logging of V3-protocol Execute message for COMMIT and ROLLBACK statements.
Fixed packages are available now.

An integer overflow has been found in the pixmap handling routines in the Qt GUI libraries. This could allow an attacker to cause a denial of service and possibly execute arbitrary code by providing a specially crafted image file and inducing the victim to view it in an application based on Qt. Fixed packages are available now.

A stack overflow in Xsupplicant might be exploited by a remote, authenticated user to gain root priviledges on a vulnerable system. An updated package fixes this problem. Additional code cleanups to fix potential memory leaks are also included.
A race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesystems. The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier doesn't properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condition between the mktemp and safe_fopen function calls. Both vulnerability can be fixed with an updated package.
Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a Denial-of-Service (crash or hang) via certain UTF8 sequences. So it's recommended to install the updated package.
The CGI library in Ruby 1.8 allows a remote attacker to cause a Denial-of-Service via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, which would result in an infinite loop and CPU consumption. Also this problem can be solved by installing an updated package.

The weekly SUSE Security Summary reports vulnerabilities in the packages OpenPBS, mailman, python, and libmusicbrainz. Updated packages are available now and should be installed on vulnerable systems.

The Execute() function of the ADODB.Connection ActiveX object contains an unspecified vulnerability. This may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or possibly execute arbitrary code. A patch isn't available yet, so it's recommended to disable ActiveX, at least this control. How to do this is described in the CERT Vulnerability Note.

SGI has released the Security Update #65 for SGI Advanced Linux Environment 3. This update fixes already a known security related problem in kdelibs.
So it's recommended to install this update.

A vulnerability was found in OpenSSL. If an RSA key with exponent 3 is used it may be possible to forge a PKCS #1 v1.5 signature signed by that key. Patches are available now.

The Mozilla Seamonky Suite contains several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Fixed software is available now.

The two vulnerabilities potentially allow a remote attacker to compromise computers by launching malicious Ultravox content in Winamp from the user's web browser when the user visits a malicious web page. Fixed packages are available now.

Cisco Security Agent (CSA) for Linux contains a denial of service vulnerability involving port scans. By performing a port scan against a system running a vulnerable version of CSA, it is possible to cause the system to become unresponsive. Fixed software is available now.

Next problems were found in the device drivers of several Anti-Virus and Internet Security products.
Symantec has released updated device drivers via LiveUpdate to address this issue.

A remote user can create a specific message containing Javascript which would be executed in the end user's browsers. This can be used for a cross-site scripting attack.
Patches are available now.

Several vulnerabilities have been identified in webmin, a web-based administration toolkit.
A format string vulnerability in miniserv.pl could allow an attacker to cause a denial of service by crashing the application or exhausting system resources, and could potentially allow arbitrary code execution.
Improper input sanitization in miniserv.pl could allow an attacker to read arbitrary files on the webmin host by providing a specially crafted URL path to the miniserv http server.
Improper handling of null characters in URLs in miniserv.pl could allow an attacker to conduct cross-site scripting attacks, read CGI program source code, list local directories, and potentially execute arbirary code.
Fixed packages are available now.

Several vulnerabilities in Adobe Flash Player would allow remote attackers to modify HTTP headers of client requests and conduct HTTP Request Splitting attacks. This may allow an attacker to disrupt, or insert commands into, some internet or network applications. Fixed software versions are available now.

Three critical vulnerabilities were found in Novell eDirectory, that could allow an remote attacker to execute arbitrary code in the context of the running daemon. Patches are available now.

A security vulnerability has been identified with HP-UX and Tru64 UNIX running dtmail. The vulnerability could be exploited by a local, authorized user to execute arbitrary code as a member of the 'mail' group. Patches are available now.

Various security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Fixed packages are available now.

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available.

SGI has released the Security Update #64 for SGI Advanced Linux Environment 3. These updates fix already known security related problems in gzip, openssh, openssl, php, python, and squirrelmail.
So it's recommended to install this update.

Local exploitation of a design error vulnerability in Kaspersky Labs Anti-Virus allows an attacker to execute arbitrary code with kernel privileges. Updates are available now.

Oracle has released Critical Patch Updates for serveral products. A Critical Patch Update is a collection of patches for multiple security vulnerabilities.

Due to an issue with URL parsing in Breeze 5.0 Licensed Server and Breeze 5.1 Licensed Server, a malicious user could retrieve the contents of an arbitrary file from the drive on which Breeze is installed. A fixed software version is available now.

The Asterisk Skinny channel driver for Cisco SCCP phones chan_skinny.so) incorrectly validates a length value in the packet header. An integer wrap-around leads to heap overwrite, and arbitrary remote code execution as root. A fixed software version is available now.

Remote exploitation of a heap overflow vulnerability within version 9 of Opera Software's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. A fixed software version is available now.

An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim. Fixed packages are available now.

An integer overflow in previous versions of ClamAV could allow a remote attacker to cause a Denial of Service (scanning service crash) and execute arbitrary code via a Portable Executable (PE) file. Another vulnerability could allow a remote attacker to cause a DoS via a crafted compressed HTML (CHM) file that causes ClamAV to read an invalid memory location. A fixed software version is available now.

The weekly SUSE Security Summary reports vulnerabilities in the packages openssl, openssh, and bind9. Updated packages are available now and should be installed on vulnerable systems.

Various security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Fixed packages are available now.

Remote exploitation of a format string vulnerability in the mod_tcl module for the Apache httpd v2.x could allow attackers to execute arbitrary code in the context of the httpd. A fixed software version is available now.

A format string vulnerability was discovered within Trendmicro OfficeScan Corporate Edition. If successfully exploited, this could allow the user to execute code of the attackers choice on the system running the ActiveX Management Console. A patch is available now.

A security vulnerability has been identified with HP Version Control Agent. The vulnerability could be exploited by an authorized user to gain unauthorized access possibly leading to elevation of privilege. Patches are available now.

It was discovered that an integer overflow can be triggered when user input is passed to the unserialize() function. The successful exploitation of this integer overflow will result in arbitrary code execution. A patch is available now.

The Cisco Wireless Location Appliance software contains a default password for the 'root' administrative account. Fixed software is available now.

Several security vulnerabilities have been found in the Apache HTTP server which affect the Apache 1.3 web server bundled with Solaris 8, 9, and 10 and the Apache 2.0 web server bundled with Solaris 10.
A "use-after-free" security vulnerability in sendmail(1M) relating to the handling of long header lines may allow a local or remote unprivileged user to fill up a disk if sendmail(1M) is configured to write unique core files.
Local exploitation of a design error vulnerability in the Netscape Portable Runtime (NSPR) API, as included with Sun Microsystems Solaris 10, allows attackers to create or overwrite arbitrary files on the system.
Patches are available now.

A potential vulnerability in a third party library included with ColdFusion MX 7 could allow a malicious local user to execute arbitrary code with the privilege level of the local SYSTEM. Fixed software is available now.

Updated kernel packages that fix several security issues in the Linux kernel are now available.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

Several vulnerabilities have been discovered in the X Window System, which may lead to the execution of arbitrary code or denial of service.
It was discovered that an integer overflow in libwmf, the library to read Windows Metafile Format files, can be exploited to execute arbitrary code if a crafted WMF file is parsed.
Fixed packages are available now.

A flaw was discovered in the way that the Python repr() function handled UTF-32/UCS-4 strings. If an application written in Python used the repr() function on untrusted data, this could lead to a denial of service or possibly allow the execution of arbitrary code with the privileges of the Python application. Fixed packages are available now.

A security vulnerability resulting from incorrect and insufficient permission checks in the default Solaris 10 configuration may allow a local unprivileged user to create a raw socket on a Solaris link aggregation, resulting in unrestricted access to network packets.
Patches are available now.

The design of the open_basedir feature of PHP that is meant to disallow access to files outside a set of configured directories is vulnerable to race conditions. Obviously there is a little span of time between the check and the actual open call. During this time span the checked path could have been altered and point to a file that is forbidden to be accessed due to open_basedir restrictions. Workarounds are described in the advisory.

Systrace(4) shows an integer overflow in the STRIOCREPLACE support. This could be exploited for DoS, limited kmem reads or local privilege escalation. A source code patch addresses this issue.

Skype software provides telephone service over IP networks. Skype for Mac contains a format string vulnerability in the handling of URIs. By sending a specially crafted URI to Skype, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user. Such a URI can be sent to Skype by convincing a user to view a specially crafted HTML document. The attacker could also cause Skype to crash.
This vulnerability is addressed in Skype for Mac release 1.5.*.80 or later.

Symantec has a wide range of Anti-Virus and Internet Security products to protect users from viruses and other harmful software. A vulnerability has been found in the two device drivers NAVENG and NAVEX15. Exploiting this vulnerability, an attacker can overwrite a user supplied address, including code segments, with a constant double word value by supplying a specially crafted Irp to the IOCTL handler function. Successful exploitation allows a local attacker to obtain elevated privileges by exploiting the kernel. This could allow the attacker to gain control of the affected system. Symantec has released updated device drivers via LiveUpdate to address this issue.

When the Apache 2 Web Server shipped with Solaris 10 is configured to support the Secure Sockets Layer (SSL), it may be possible for a local or remote unprivileged user to cause a Denial of Service (DoS) to the Apache application.
Patches are available now.

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available.

It was discovered that the WebDBM frontend of the MaxDB database performs insufficient sanitising of requests passed to it, which might lead to the execution of arbitrary code. Fixed packages are available now.

It was discovered that phpMyAdmin's protection against Cross Site Request Forgeries (CSRF) can be bypassed in multiple ways. Patches are available now.

A buffer overflow vulnerability has been found in ePolicy Orchestrator and ProtectionPilot from McAfee that may allow an attacker to exploit the vulnerability by constructing a specially crafted HTTP request that could potentially allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. A patch is available now.

A security vulnerability has been identified in HP-UX when running Service Locator Protocol (SLP).The vulnerability could be exploited by a remote user of Service Locator Protocol (SLP) for unauthorized access.
A security vulnerability has been identified in HP-UX running the Ignite-UX server. The vulnerability could be exploited to allow a remote unauthorized user to gain root access to the system running the Ignite-UX server.
Patches are available now.

Several cross-site scripting problems were discovered in malman, the the web-based GNU mailing list manager, that could allow remote attackers to inject arbitrary web script or HTML. It was discovered that a remote attacker can inject arbitrary strings into the logfile. Fixed packages are available now.

Several security issues in CFNetwork, Flash Player, ImageIO, Kernel, LoginWindow, Preferences, QuickDraw Manager, SASL, WebCore, and Workgroup Manager are fixed and bundled in the Security Update 2006-006, which is available now.

On Solaris 8, 9 and 10 systems utilizing an IPv6 address, a remote unprivileged user may be able to panic the system, causing a Denial of Service (DoS) condition.
Patches are available now.

Two Cross Site Scripting vulnerabilities in the Sun Secure Global Desktop (SSGD) software may allow a local or remote unprivileged user to execute arbitrary script commands in another user's context, potentially allowing an unprivileged remote user to steal cookie information, hijack sessions, or cause a loss of data privacy between a client and the server. Patches are available now.

Several vulnerabilities were discovered in the Linux kernel. Fixed kernel packages are available now.

Several buffer overflows were discovered in cscope, a source browsing tool, which might lead to the execution of arbitrary code. Fixed packages are available now.