Bind may allow remote attackers to cause a denial of service via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability.
Buffer overflow vulnerability exists in php GD Graphics Library.
Patches are available now.

The latest patches for Microsoft are needed to be installed when using the SMA. It's strongly recommended to install these hotfixes from Microsoft.

Multiple security vulnerabilities in the X Font Server (xfs(1)) and the X Render and DBE extensions, which are part of the X11 servers Xsun(1) and Xorg(1), may allow a local or remote unprivileged user to elevate their privileges to root and execute arbitrary code resulting in memory corruption or a Denial of Service (DoS) condition. A patch is available now.

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available.

The Mozilla web browser and derived products contain several vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system. Fixed software is available now.

The InstallShield Update Service, now known as Macrovision FLEXnet Connect, contains an ActiveX control called Update Service Agent. This ActiveX control is a component that is included with some Macrovision and InstallShield Windows software installers and is provided by the file isusweb.dll. The Update Service Agent ActiveX control contains a buffer overflow vulnerability in the Download() method. By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer to crash. Disabling the vulnerable ActiveX Control or active scripting avoids this vulnerability as an upgrade to the appropriate version does.

Multiple vulnerabilities have been found in the programming language PHP, version up to and including 5.2.0. Some of them might lead to a Denial-of-Service, other allow remote attackers the exection of arbitrary code. So it's strongly recommended to use version 5.2.1 only.

Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. SSL clients such as Firefox and Thunderbird can suffer a buffer overflow if a malicious server presents a certificate with a public key that is too small to encrypt the entire "Master Secret". Exploiting this overflow appears to be unreliable but possible if the SSLv2 protocol is enabled. Servers that use NSS for the SSLv2 protocol can be exploited by a client that presents a "Client Master Key" with invalid length values in any of several fields that are used without adequate error checking. This can lead to a buffer overflow that presumably could be exploitable.
Support for SSLv2 is disabled in Firefox 2 due to other known weaknesses in the protocol; Firefox 2 is not vulnerable unless the user has modified hidden internal NSS settings to re-enable SSLv2 support. It's recommended to check if SSLv2 is disabled in the browser.

The JavaScript 'onUnload' event is executed when the browser exits a web page. An event handler can be installed via JavaScript to trap and process this event. Mozilla Firefox fails to properly handle JavaScript onUnload events. Specifically, Firefox may not correctly handle freed data structures modified in the onUnload event handler possibly leading to memory corruption. By convincing a user to view a specially crafted HTML document, an attacker may be able to execute arbitrary code with the privileges of the user. An update to version 2.0.0.2 solves this problem. If an update isn't possible, JavaScript should not be active.

SGI has released the Security Update #70 for SGI Advanced Linux Environment 3. These updates fix already known security related problems in ImageMagick, bind, fetchmail, gnomemeeting, php, samba, postgesql, and squirrelmail.
So it's recommended to install this update.

A cross-site scripting vulnerability exists in the Google Desktop Search application. A remote unauthenticated attacker may be able to perform any action that the Google Desktop Search engine is capable of performing. This includes executing code that is already on a vulnerable system, searching and viewing files and exfiltrating sensitive data. Google has addressed this issue in the most recent version of the Google Desktop Search, which can be updated automatically.

InstallShield InstallFromTheWeb is a web-based software installation product for Microsoft Windows systems. InstallFromTheWeb is available as an ActiveX control for Internet Explorer and also as a Netscape-style plug-in for other web browsers. The ActiveX control is provided by the file iftw.dll, and the plug-in is provided by the file npiftw32.dll. InstallFromTheWeb contains multiple buffer overflows. Note that InstallShield has been acquired by Macrovision. The InstallFromTheWeb product is no longer supported by Macrovision, so a patch won't be available. It's recommended to remove the software or to disable active scripting in the browser.

Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel. A double free vulnerability in the squashfs module could allow a local user to cause a Denial-of-Service by mounting a crafted squashfs filesystem The zlib_inflate function allows local users to cause a crash via a malformed filesystem that uses zlib compression that triggers memory corruption. The key serial number collision avoidance code in the key_alloc_serial function in kernels 2.6.9 up to 2.6.20 allows local users to cause a crash using vectors that trigger a null dereference. In addition to these security fixes, other fixes have been included in an updated package.

Remote exploitation of a buffer overflow vulnerability in a SupportSoft ActiveX control allows attackers to execute arbitrary code in the context of the current user. The ActiveX affected control can be identified by the ProgId of "SPRT.SmartIssue" or the CLSID of "01010e00-5e80-11d8-9e86-0007e96c65ae". This ActiveX control is marked safe for scripting as it is intended to be used in a web browser. When installed with Norton Internet Security (NIS) 2006, the code responsible for implementing the control can be found in "C:\Program Files\Common Files\Symantec Shared\tgctlsi.dll". An updated version is available.

The ConfigChk ActiveX Control is part of VeriSign Inc.'s MPKI, Secure Messaging for Microsoft Exchange and Go Secure! products. It looks for the Microsoft Enhanced Cryptographic Provider in order to support 1024-bit cryptography. Remote exploitation of a buffer overflow vulnerability in VeriSign Inc.'s ConfigChk ActiveX Control could allow an attacker to execute arbitrary code within the security context of the victim. The ActiveX control in question, identified by CLSID 08F04139-8DFC-11D2-80E9-006008B066EE, is marked as being safe for scripting. The vulnerability specifically exists when processing lengthy parameters passed to the VerCompare() method. If either of the two parameters passed to this method are longer than 28 bytes, stack memory corruption will occur. This amounts to a trivially exploitable stack-based buffer overflow. VeriSign has addressed this vulnerability by releasing a patch which corrects the security issues found in the affected .dll file.

Local exploitation of a file creation vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to elevate privileges to the superuser. This vulnerability exists due to unsafe file access from within several setuid-root binaries. Specifically, when supplying the DB2INSTANCE environment variable, the setuid-root DB2 administration binaries will use the home directory of the specified user for loading configuration data. This vulnerability is addressed in DB2 9 Fixpack 2.
Further on, local exploitation of a multiple vulnerabilities in IBM Corp.'s DB2 Universal Database allow attackers to cause a Denial-of-Service condition or elevate privileges to root. Several vulnerabilities exist due to unsafe file access from within several setuid-root binaries. Specifically, when supplying certain environment variables, the DB2 administration binaries will use the specified filename for saving data. This allows an attacker to create or append to arbitrary files as root. A heap-based buffer overflow vulnerability can occur when copying data from an environment variable. The variable contents are copied to a static BSS segment buffer without ensuring proper NUL termination. Consequently, this allows an attacker to cause a heap overflow in a later function call. A stack-based buffer overflow can occur when an environment variable contains a long string. By specifying a specially crafted value, it is possible to overwrite the return address of a function and execute arbitrary code. This vulnerability is addressed in DB2 9 Fixpack 2.

The Java Runtime Environment and the Java Secure Socket Extension may verify incorrect RSA PKCS #1 v1.5 signatures if the RSA public key exponent is 3. This may allow applets or applications that are signed by forged signing certificates and web sites with forged web server certificates to be verified as valid. An update is available now.

KOffice is a collection of productivity applications for the K Desktop Environment (KDE) GUI desktop. An integer overflow has been found in KOffice's PPT file processor. An attacker might create a malicious PPT file that could cause KOffice to execute arbitrary code if the file was opened by a victim. An updated package addresses this issue.

A possible denial of service was found in 'spamassassin' because of a special crafted HTML email containing URIs could cause consumtion of ressources.
Fixed packages are available now.

The Cisco Secure Services Client (CSSC) is a software client for 802.1X authentication. Multiple vulnerabilities including privlege escalations and information disclosure were found.
Updates are provided now.

Cisco Unified IP Conference Station 7935 and 7936 devices do not require a password when a URL is accessed directly via the administrator HTTP interface.
There is a workaround for this vulnerability.

Some Cisco Unified IP Phone devices contain a hard coded default user account with a default password which is remotely accessible via a Secure Shell (SSH) server enabled on the phone. This user account can not be disabled, removed or have its password changed.
Updates are provided now.

A format string flaw has been discovered in how ekiga (ex GnomeMeeting) processes certain messages, which could permit a remote attacker that can connect to ekiga to potentially execute arbitrary code with the privileges of the user running ekiga.
Gnucash 2.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gnucash.trace, qof.trace, and qof.trace.[PID] temporary files.
Updated package have been patched to correct this issue.

Seamonkey is an open-source web browser. Turbolinux points out that several vulnerabilities in this program can be fixed now and recommends to use version 1.0.7-1.

The latest SuSE Summary Support points out some vulnerabities, which have been fixed now. Vulnerabilities were found in chmlib, GraphicsMagick and ImageMagick, various PDF viewers and in pam_unix login. Additionally, a vulnerability in AppArmor can be fixed now.

The Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control contains multiple buffer overflows, which could allow a remote attacker to execute arbitrary code on a vulnerable system.
Vulnerabilities were found in Trend Micro Server Protect which allow also a remote attacker to execute arbitrary code on a vulnerable system.
Patches and a workaround are available now.

The DCE/RPC preprocessor (enabled by default, detecting SMB traffic) does not properly reassemble SMB 'Write AndX' commands. An attacker can exploit this vulnerability and execute code with the same privileges as the Snort binary.
Fixed software is available now.

Several important security holes where again found in PHP. An attacker could possible execute arbitrary code as the 'apache' user.
A critical security hole was found in GnomeMeeting. A remote attacer could potentially execute arbitrary code with the privileges of the user.
Fixed packages are available now.

It was discovered that the rule matching algorithm of Snort can be exploited in a way known as a "backtracking attack" to perform numerous time-consuming operations. Fixed software is available now.

Several security issues in Finder, iChat, and UserNotification are fixed and bundled in the Security Update 2007-002, which is available now.

A security vulnerability has been identified with HP ServiceGuard for Linux that may allow remote unauthorized access. A patch is available now.

Clam AntiVirus is a multi-platform GPL anti-virus toolkit. A file descriptor leak was found in clamav when extracting CAB archives. This may be used in denial of service attacks. A vulnerability exists due to the lack of validation of the id parameter string taken from a MIME header. An attacker can create or overwrite an arbitrary file owned by the clamd process. Fixed software is available now.

Multiple vulnerabilities are found in Cisco PIX 500 Series Security Appliances and the Cisco ASA 5500 Series Adaptive Security Appliances. They affect inspection of malformed Hypertext Transfer Protocol (HTTP) traffic, malformed Session Initiation Protocol (SIP) packets, malformed Transmission Control Protocol (TCP) packets and privilege escalation. Some vulnerabilities also affect Cisco Firewall Services Module (FWSM). Cisco has made free software available to address this vulnerability.

A specially crafted URL could be used to create a cross-site scripting attack on ColdFusion when Global Script Protection is not enabled. A vulnerability in ColdFusion.s default error page could allow an attacker to bypass ColdFusion.s cross-site scripting protection. A specially crafted request sent to the ColdFusion server could result in the attacker being able to conduct cross site scripting attacks.
A vulnerability in JRun.s administrator console could allow a cross-site scripting attack. A specially crafted URL sent to the JRun administrator application could result in the attacker being able to conduct cross site scripting attacks.
Fixed software is available now.

A security vulnerability in the in.telnetd(1M) daemon may allow a local or remote unprivileged user who is able to connect to a host using the telnet(1) service to gain unauthorized access to that host by connecting as any user on the system, allowing them to execute arbitrary commands with the privileges of that user. A patch is available now.

It was discovered that fetchmail, a popular mail retrieval and forwarding utility, insufficiently enforces encryption of connections, which might lead to information disclosure.
It was discovered that the fix for a vulnerability in the PALM decoder of Imagemagick, a collection of image manipulation programs, was ineffective.
Fixed packages are available now.

Two vulnerabiliies were found in the Intrusion Prevention System (IPS) feature set of Cisco IOS: Fragmented IP packets may be used to evade signature inspection. IPS signatures utilizing the regular expression feature of the ATOMIC.TCP signature engine may cause a router to crash resulting in a denial of service. Cisco has made free software available to address this vulnerability.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

A buffer overflow was found with MIMEDefang hich could lead to a denial-of-service attack, or possibly even arbitrary code execution as the "defang" user. A fixed software version is available now.

Several vulnerabilities and security weaknesses were discovered in 'smb4k'. Fixed packages are available now.

A race condition vulnerability in handling recursive directory deletion via the rm(1) command with either the "-r" or "-R" option may lead to deletion of files or directories external to the argument directory hierarchy. A patch is available now.

A vulnerability exists in the SessionPlugin extension of the Wiki engine TWiki, version up to and including 4.1.0. This vulnerability allows local users to cause TWiki to execute arbitrary Perl code with the privileges of the web server process by creating CGI session files on the local filesystem. An upgrade solves this potential problem.

A buffer overflow in GraphicsMagick and ImageMagick allows user-assisted attackers to cause a Denial-of-Service and possibly execute execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. An update solves this problem.

The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a Denial-of-Service condition. Sun has released updates to address this issue.

Remote exploitation of a buffer overflow vulnerability within Trend Micro's AntiVirus engine could allow an attacker to crash the scan engine or execute arbitrary code. Additionally, a vulnerability in the Trend Micro Anti-Rootkit Common Module may allow a local attacker to gain elevated privileges. Patches are available now.

A security vulnerability has been identified with HP OpenView Storage Data Protector running on HP-UX and Solaris. The vulnerability could be exploited by a local user to execute arbitrary code. HP has made an updated package available.

A security vulnerability has been identified with the Mercury LoadRunner Agent, Performance Center Agent, and Monitor over Firewall. The vulnerability could be exploited by a remote unauthenticated user to execute arbitrary code. Patches are available now.

Turbolinux has published patches for known vulnerabilities in fetchmail, xpdf, ImageMagick, and AdobeReader. It's recommended to install these updates.

A buffer overflow vulnerability in various r-commands may allow a local user to gain root privileges. This vulnerability may be exploited through the rsh, rcp, rlogin and rdist commands. A patch is available now.

Unrar is a command line archive extractor for Windows and Linux. Exploitation of a stack based buffer overflow vulnerability in RARLabs Unrar may allow an attacker to execute arbitrary code with the privileges of the user opening the archive. Fixed software is available now.

A flaw was discovered in the way D-BUS processes certain messages. It is possible for a local unprivileged D-BUS process to disrupt the ability of another D-BUS process to receive messages. Fixed packages are available now.

Several vulnerabilities have been found and fixed now in the kernel. It's recommended to install the update which is available now.

Buffer overflow in the gdImageStringFTEx function in gdft.c in the GD Graphics Library allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Also affected are the libwmf and php packages. Fixed packages are available now.

It was discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory. The query planner does not verify that a table is still compatible with a previously-generated query plan, which could be exploted to read out arbitrary locations of the server's memory by using ALTER COLUMN TYPE during query execution. Fixed software is available now.

A vulnerability in Blue Coat Systems Inc.'s WinProxy can be triggered by sending an overly long HTTP CONNECT request to WinProxy's HTTP proxy service. Exploitation allows an attacker to cause a denial of service condition or potentially execute arbitrary code. A patch is available now.

Several vulnerabilities were discovered in samba, a free implementation of the SMB/CIFS protocol. Incorrect handling of deferred file open calls may lead to an infinite loop, which results in denial of service. A buffer overflow in the nss_winbind.so.1 library on Solaris can allow execution of arbitrary code. It was discovered that the AFS ACL mapping VFS plugin performs insecure format string handling, which may lead to the execution of arbitrary code Fixed software is available now.

Local privileged users inside a non-global zone may be able to move or rename files which are part of a read-only mounted loopback file system. A patch is available now.

Bugzilla does not properly escape some fields in generated Atom feeds, which leads to the potential for cross-site scripting in feed readers that support javascript and properly implement the Atom feed specification. Fixed software is available now.

The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a Denial-of-Service (infinite loop) by closing the HTTP connection early. An updated package has been patched to correct this issue.

Konqueror 3.5.5 does not properly parse HTML comments in title tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment. An updated package has been patched to correct this issue.

Wireshark, formerly Ethereal, contains Vulnerabilities in the LLT, IEEE 802.11, HTTP, and TCP dissectors. They were discovered in versions of wireshark less than 0.99.5, as well as various other bugs. An update provides wireshark 0.99.5 which is not vulnerable to these issues.

Several vulnerabilities have been found and fixed now in the kernel. It's recommended to install the update which is available now.

A vulnerability was discovered in PGP Desktop which can allow a remote authenticated attacker to execute arbitrary code on a system on which PGP Desktop is installed. A patch is available now.

A security vulnerability in the Solaris 10 ICMP handling process may allow a remote unprivileged user to panic the system, resulting in a Denial of Service (DoS) condition. A patch is available now.

Cisco devices running IOS which support voice and are not configured for Session Initiated Protocol (SIP) are vulnerable to a crash under yet to be determined conditions, but isolated to traffic destined to Port 5060. Cisco has made free software available to address this vulnerability.

It was discovered that the GNOME gtop library performs insufficient sanitising when parsing the system's /proc table, which may lead to the execution of arbitrary code. Fixed packages are available now.

A denial of service flaw was found when Fetchmail was run in multidrop mode. A malicious mail server could send a message without headers which would cause Fetchmail to crash. An other flaw was found in the way Fetchmail used TLS encryption to connect to remote hosts. Fetchmail provided no way to enforce the use of TLS encryption and would not authenticate POP3 protocol connections properly.
Several cross-site scripting bugs were discovered in SquirrelMail. An attacker could inject arbitrary Javascript or HTML content into SquirrelMail pages by tricking a user into visiting a carefully crafted URL.
Fixed packages are available now.