A format string bug exists in the textual web browser W3M. The bug results in a crash of W3M under run-time options "-dump" or "-backend" if requesting HTTPS URLs and printf(3) escape sequences like "%n%n" occur in the Common Name (CN) of the website X.509 certificate. An updated package addresses this issue.

Several remote vulnerabilities have been discovered in elog, a web-based electronic logbook, which may lead to the execution of arbitrary code.
Gv is the PostScript and PDF viewer for X. It performs insufficient boundary checks in the Postscript parsing code, which allows the execution of arbitrary code through a buffer overflow. Evince embeds a copy of gv and needs an update as well.
It was discovered that the Xine multimedia library performs insufficient sanitising of Real streams, which might lead to the execution of arbitrary code through a buffer overflow.
Updated packages solve these problems.

Turbolinux has published patches for known vulnerabilities in openLDAP, openSSH, and Flashplayer. It's recommended to install these updates.

SGI has released the Security Update #68 for SGI Advanced Linux Environment 3. These updates fix already known security related problems in seamonkey and tar.
So it's recommended to install this update.

Cross-site scripting vulnerabilities in the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php and through a shortcoming in the magicHTML filter have been found. An attacker could abuse these to execute malicious JavaScript in the user's webmail session. An updated package addresses this issue.

A buffer overflow was discovered in the "parse_expression" function of the "permissions" module of the SIP router OpenSER, versions up to and including 1.1.0. The buffer overflow is triggered by parsing a configuration line expression consisting of more than 500 characters and potentially could lead to the execution of arbitrary code under the privileges of the OpenSER process. So it's recommended to update to the latest version.

Certain Sun products (including some bundled third party products) may be vulnerable to an RSA Signature Verification vulnerability that allows unauthorized forged certificates to be validated. This may result in a number of different types of remote exploits. Affected Software is JDK, NSS, OpenSSL bundled with Solaris, Mozilla, IPsec/IKE, Secure Global Desktop, GnuTLS bundled with Solaris, StarOffice, SJS Server Products, and Solaris WAN Boot. Updated packages are available now.

Novell NetMail is an e-mail and calendar system that is based on standard Internet protocols. Remote exploitation of a buffer overflow vulnerability in Novell Inc.'s NetMail IMAP daemon version 3.52 allows authenticated attackers to execute arbitrary code with the privileges of the underlying user. Once logged in, attackers can execute the "subscribe" command with an overly long argument string to overflow a stack based buffer. Novell has addressed this vulnerability in version 3.52e FTF2 of NetMail.

Several vulnerabilities have been found and fixed now in the kernel. They might have led to a Denial-of-Service (local or remote) and a local privilege escalation. It's recommended to install the update which is available now.

A vendor-confirmed Denial-of-Service (DoS) vulnerability in the D-Bus message bus system, versions before 1.0.2, has been found. The flaw is in the "match_rule_equal" function in "bus/signals.c" and allows local applications to remove match rules for other applications and cause a DoS via lost process messages. So it's recommeded to install the latest version.

XSP (the Mono ASP.NET server) is vulnerable to source disclosure attack which allow a malicious user to obtain the source code of the server-side application. This vulnerability grants the attacker deeper knowledge of the Web application logic. Updated packages have been patched to correct this issue.

CA CleverPath Portal and other CA solutions that embed Portal technology contain a session verification vulnerability. In certain multiple Portal server configurations, a user who connects through one Portal server could conceivably inherit the Portal session and associated security authentication of a user running on another Portal server. An updated version solves this problem.

It has been discovered that the links2 character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. An updated package solves this problem.

Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. The read_multipart function of the CGI library shipped with Ruby (cgi.rb) does not properly check boundaries in MIME multipart content. This might lead to a Denial-of-Service. It's recommended to upgrade to the latest version of Ruby.

Multiple vulnerabilities have been found in the file parsing engine of ESET NOD32 Antivirus, so aritrary code can be remotely executed. An update is available and should be installed soon.

When connecting to a remote DB2 instance, the version 7 client typically sends a SQLJRA packet requesting start of the connection. If this SQLJRA packet is specially crafted, it can cause a Denial-of-Service attack by crashing the DB2 instance. This can do any remote unauthenticated attacker. Fixpack 13 for DB2 version 8.1 has been published to solve this problem.

The latest patches for Microsoft are needed to be installed when using the SMA. It's strongly recommended to install these hotfixes from Microsoft.

Running OpenSSL under HP-UX 11.23 or HP-UX 11.11 might lead to a Denial-of-Service or a local increase of privileges. HP has made an updated package available.

A vulnerability exists in the Novell NetWare client for Windows that could allow a remote attacker to execute arbitrary code on an affected system. Novell has issued a beta upgrade that addresses this issue.

Two buffer overflow vulnerabilities in the Java Runtime Environment may independently allow an untrusted applet to elevate its privileges. For example, an applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet. Additionally, it might be able to access data in other applets.
A new release fixes this issue.

A malicious user might create a tar archive that could write to arbitrary files to which the user running GNU tar has write access. An update is available now.

Several security issues in QuickTime for Java are fixed and bundled in the Security Update 2006-008, which is available now.

The weekly SUSE Security Summary reports vulnerabilities in the packages koffice, squirrelmail, evince, novell-lum, and gdm. Updated packages are available now and should be installed on vulnerable systems.

The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Fixed software is available now.

Several local and remote vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or the execution of arbitrary code.
Two remote vulnerabilities have been discovered in 'clamav', the Clam anti-virus toolkit.
Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code.
Fixed packages are available now.

Multiple vulnerabilities have been identified in Symantec's Veritas NetBackup Master, Media Servers and clients. An attacker, able to access a vulnerable NetBackup host and successfully exploit these issues, could potentially cause execution of arbitrary code resulting in possible unauthorized, elevated access to the targeted system. Fixed software is available now.

A flaw in glob(3) could potentially allow for the execution of untrusted code. Currently the NetBSD ftp daemon that ships with the base distribution uses glob(3) which has been found to be potentially vulnerable to attack. A patch is available now.

Local exploitation of a format string vulnerability in GNOME Foundation's GNOME Display Manager host chooser window (gdmchooser) could allow an unauthenticated attacker to execute arbitrary code on the affected system. Fixed packages are available now.

A denial of service vulnerability has been discovered in the CGI library included with Ruby, the interpreted scripting language for quick and easy object-oriented programming.
It was discovered that enemies-of-carlotta, a simple manager for mailing lists, does not properly sanitise email addresses before passing them through to the system shell.
Fixed packages are available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

The weekly SUSE Security Summary reports vulnerabilities in the packages xine-lib, texinfo, wv, and libpng. Updated packages are available now and should be installed on vulnerable systems.

The madwifi-ng Atheros Wireless LAN card driver is subject to a remotely exploitable stack buffer overflow, which either code execution possibility or at least a denial of service (kernel crash). Fixed packages are available now.

Windows Media Player does not properly handle malformed Windows Media Metafiles. This vulnerability may allow a remote attacker execute arbitrary code or crash Windows Media Player. A patch is not available yet.

A "stack overwrite" vulnerability in GnuPG (gpg) allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. Fixed packages are available now.

Sophos AntiVirus Engine is vulnerable to Memory Corruption and Heap Overflow vulnerabilities when scanning malformed CHM archives. Fixed packages are available now.

A vulnerability was discovered in l2tpns, a layer 2 tunnelling protocol network server, which could be triggered by a remote user to execute arbitrary code.
There are two security issues with GnuPG that could cause GnuPG to execute arbitrary code: A stack overwrite flaw in the way GnuPG decrypts messages. A heap based buffer overflow flaw was found in the way GnuPG constructs messages to be written to the terminal during an interactive session.
It was discovered that malformed base64-encoded MIME attachments can lead to denial of service through a null pointer dereference.
Fixed packages are available now.

A vulnerability has been reported in IMail Server, which can be exploited by malicious people to compromise a vulnerable system. A patch is available now.

A vulnerability was discovered in all Intel network adapter drivers that could allow unprivileged code executing on an affected system to gain unfettered, kernel-level access. Patches are available now.

Microsoft Word contains a vulnerability that could be exploited when Word opens a specially crafted document. A patch is not available yet.

In the FW_GCROM ioctl, a signed integer comparison is used instead of an unsigned integer comparison when computing the length of a buffer to be copied from the kernel into the calling application. A user in the "operator" group can read the contents of kernel memory. A patch is available now.

There are two security issues with GnuPG that could cause GnuPG to execute arbitrary code: A stack overwrite flaw in the way GnuPG decrypts messages. A heap based buffer overflow flaw was found in the way GnuPG constructs messages to be written to the terminal during an interactive session.
An off by one flaw was found in the way mod_auth_kerb handles certain Kerberos authentication messages. A remote client could send a specially crafted authentication request which could crash an httpd child process.
Fixed packages are available now.

An integer overflow was discovered in the Skinny channel driver in Asterisk, an Open Source Private Branch Exchange or telephone system, as used by Cisco SCCP phones, which allows remote attackers to execute arbitrary code. Fixed packages are available now.

Several buffer overflows were found in the Tivoli Storage Manager (TSM). Invalid requests sent to a TSM server by an application directly opening the server TCP socket, not by the TSM client, during the client login process can cause the TSM server to crash. It is possible to execute arbitrary code. Patches are available now.

A security vulnerability has been identified with HP-UX running HP-UX Secure Shell. The vulnerability could be remotely exploited to allow a remote unauthorized user to create a Denial of Service (DoS). Patches are available now.

Vulnerabilities in Adobe Reader and Acrobat 7 would cause the application to crash and could potentially allow an attacker to take control of the affected system. A workaround is available now. The vulnerability is fixed in Adobe Reader 8.

A critical vulnerability has been identified in Adobe Download Manager that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. It is recommended that users uninstall Adobe Download Manager.

It was discovered that the elinks character mode web browser performs insufficient sanitising of smb:// URIs, which might lead to the execution of arbitrary shell commands. Fixed packages are available now.

A security vulnerability related to a race condition in the Solaris kernel may allow a local unprivileged user to panic the system, creating a Denial of Service (DoS) condition. A patch is available now.

Remote exploitation of two integer overflow vulnerabilities in Novell Inc.'s ZENworks Asset Management could potentially allow an attacker to execute arbitrary code with the privileges of the system. Fixed packages are available now.

If the Sun Java System Proxy Server is used in conjunction with the Sun Java System Application Server or the Sun Java System Web Server then it may be susceptible to "HTTP Request Smuggling" (HRS) which can allow remote unprivileged users to be able to poison web caches, hijack sessions, perform cross-site scripting (CSS or XSS) attacks or bypass web application firewall protection. Patches are available now.

The System.CodeDom.Compiler classes in Novell Mono create temporary files with insecure permissions, which allows local users to overwrite arbitrary files or execute arbitrary code via a symlink attack. Fixed packages are available now.

Several remote vulnerabilities have been discovered in Imagemagick, a collection of image manipulation programs, which may lead to the execution of arbitrary code. Fixed packages are available now.

Several remote vulnerabilities have been discovered in the proftpd FTP daemon, which may lead to the execution of arbitrary code or denial of service. Fixed packages are available now.