A vulnerability in Java Web Start may allow an untrusted application to grant itself permissions to overwrite any file that is writable by the user running the application. This would include the user's .java.policy file which would allow the application to invoke applets or Java Web Start applications that can execute arbitrary code with the permissions of the user running the untrusted application. It's recommended to install an updated version, which is available now.

Several vulnerabilities have been reported on the PHP Hypertext Processing Engine provided with the Secure Web Server for HP Tru64 UNIX Powered by Apache (SWS) and HP Internet Express for Tru64 UNIX (IX). The vulnerabilities could be exploited by remote users to execute arbitrary code, read arbitrary files, or cause a Denial of Service (DoS). A patch is available now.

An unprivileged local user may be able to exhaust all available kernel memory and cause the system to hang due to a security vulnerability in the TCP Loopback/Fusion implementation in Solaris 10.
Due to security vulnerabilities related to the handling of memory buffers containing Secure Socket Layer (SSL) records, an unprivileged local or remote user may be able to panic a Solaris 10 system that has been configured to act as a SSL proxy.
An unprivileged local user may be able to execute arbitrary code or commands with the privileges of the dtsession(1X) Common Desktop Environment (CDE) Session Manager. The dtsession(1X) CDE Session Manager runs with root privileges.
Patches are available now.

SGI has released the Security Update #77 for SGI Advanced Linux Environment 3. These updates fix an already known security related problems in shadow-utils, openoffice.org, openldap, mod_perl, pam, freetype, kdebase, krb5, evolution, gcc, fetchmail, gdb, and binutils.
So it's recommended to install this update.

A vulnerability was found in hiki, a Wiki engine written in Ruby, which could allow a remote attacker to delete arbitary files which are writable to the Hiki user, via a specially crafted session parameter. Fixed packages are available now.

Two security vulnerabilities in the OpenSSL product shipped with Solaris 10 may allow Denial of Service (DoS) attacks or execution of arbitrary code.
A security vulnerability in the Solaris libsldap library may allow a local unprivileged user to disable the Name Service Caching Daemon (see nscd(1M)) causing name service lookups to be slower.
A number of memory corruption vulnerabilities have been found in the Mozilla application.
Patches are available now.

Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. Fixed packages are available now.

A flaw was found in the cman daemon. A local attacker could connect to the cman daemon and trigger a static buffer overflow leading to a denial of service or, potentially, an escalation of privileges. Fixed packages are available now.

Several vulnerabilities were found in Xythos Enterprise Document Manager (XEDM) and Xythos Digital Locker (XDL). Fixed software is available now.

Remote exploitation of a buffer overflow within RealNetworks' RealPlayer and HelixPlayer allows attackers to execute arbitrary code in the context of the user. Fixed software is available now.

Several vulnerabilities were found in the Apache HTTP Server.
A flaw was found in the Apache HTTP Server mod_status module. On sites where the server-status page is publicly accessible and ExtendedStatus is enabled this could lead to a cross-site scripting attack.
A bug was found in the Apache HTTP Server mod_cache module. On sites where caching is enabled, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash.
A local attacker with the ability to run scripts on the Apache HTTP Server could manipulate the scoreboard and cause arbitrary processes to be terminated which could lead to a denial of service.
Fixed packages are available now.

Serveral vulnerabilities were found in the 'kadmind' of the MIT Kerberos 5 implementation. A remote unauthenticated attacker who could access kadmind could cause kadmind to crash or possibly execute arbitrary code. Fixed software is available now.

Security vulnerabilities have been identified with HP-UX running Xserver. These vulnerabilities could be exploited by a local user to create a Denial of Service (DoS). A patch is available now.

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available.

It has been discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code. An updated package solves this problem.

Various CA products that embed Ingres products contain multiple vulnerabilities that can allow an attacker to potentially execute arbitrary code. CA has issued fixes, to address all of these vulnerabilities, for all supported CA products that may be affected.

In Anti-Virus product from F-Secure scan bypass vulnerabilities in handling of specially crafted LHA and RAR archives have been found. An automatic update solves this problem.

Apple Safari 3 Beta shows some vulnerabilities which might lead to the execution of arbitrary code, Cross-Site Scripting or Denial-of-Service. Safari 3 Beta Update 3.0.2 is available now.

The GnuTLS library version prior to 1.4.4 is impacted by an RSA signature forgery vulnerability. This vulnerability, which affects applications which make use of the GnuTLS library to verify PKCS#1 signatures, allows a malicious user to make an altered PKCS#1 v1.5 signature appear to be correct thus forging the signature. A patch is available now.

Cerulean Studios Trillian is a multi-protocol chat application that supports IRC, ICQ, AIM and MSN protocols. Remote exploitation of multiple vulnerabilities in the Internet Relay Chat (IRC) module of Cerulean Studios' Trillian 3.1 could allow for the interception of private conversations or execution of code as the currently logged on user. Version 3.1.5.0 solves this problem.

Tinymux is a text-based multi-user virtual world server. It performs insufficient boundary checks when working with user-supplied data, which might lead to the execution of arbitary code.
Ekg is a console Gadu Gadu client. It was discovered that memory alignment errors may allow remote attackers to cause a Denial-of-Service on certain architectures such as sparc. Several endianess errors may allow remote attackers also to cause a Denial-of-Service. These two vulnerabilities only affect Debian Sarge. Debian Etch is shows three vulnerabilities which might lead to a Denial-of-Service. This is due to a memory leak in handling image messages, a null pointer deference in the token OCR code and a memory leak in the token OCR code itself.
MaraDNS is a simple security-aware Domain Name System server, which shows three vulnerabilities leading to a Denial-of-Service. All of them can be triggered by malformed DNS requests, leading to memory leaks.
Fixed packages are available now.

Multiple cross-site scripting (XSS) vulnerabilities were discovered in pam_login.cgi in webmin prior to version 1.350, which could allow a remote attacker to inject arbitrary web script or HTML. Updated packages have been patched to prevent this issue.

The weekly SUSE Security Summary reports vulnerabilities in the packages squirrelmail, OpenOffice, Blackdown JDK/JRE, gnash, libpng, python, pulseaudio, gd, otrs, and net-snmp. Updated packages are available now and should be installed on vulnerable systems.

Apple has published the security update for June 2007. It fixes two potential vulnerabilities. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. Additionally, Cross-Site Scripting attacks might be possible. It's recommended to install this update.

Multiple security vulnerabilities in the Solaris Gnome PDF Document Viewer (gpdf(1)) may allow a local or remote unprivileged user to cause the PDF Document Viewer application to crash or hang (potentially consuming excessive amounts of disk space, which may affect system performance), or may allow that user to execute arbitrary code with the privileges of the user opening a specially crafted PDF document with gpdf(1). A patch is not available yet.

Several vulnerabilities were found in the Ingeress Database. A patch is available now.

The latest patches for Microsoft are needed to be installed when using the SMA. It's strongly recommended to install these hotfixes from Microsoft.

Several vulnerabilities were found in MadWifi.
xfs_fsr in xfsdump creates a .fsr temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems.
Fixed packages are available now.

It has been discovered that emacs, the GNU Emacs editor, will crash when processing certain types of images. Fixed packages are available now.

A security vulnerability has been identified in HP Help and Support Center running on HP Notebook Computers running with Windows XP. The vulnerability could be remotely exploited to allow unauthorized access to the system. A patch is available now.

A design issue exists in the IPv6 protocol's handling of type 0 routing headers. Remote attackers may be able to adversely affect network performance. A patch is available now.

Web pages that display the Accept-Language header value sent by the client are susceptible to a cross-site scripting attack if they assume the Accept-Language header value conforms to RFC 2616. Fixed software is available now.

A security vulnerability in Solaris 10 BIND DNSSEC may allow a local or remote unprivileged user the ability to cause the "named" BIND server process to exit. A patch is available now.

Remote exploitation of a heap overflow vulnerability in Cerulean Studios Trillian Instant Messenger could allow attackers to execute arbitrary code as the currently logged on user. A patch is available now.

The Auth API in ProFTPD, when multiple simultaneous authentication modules are configured, did not require that the module that checks authentication is the same module that retrieves authentication data, which could possibly be used to allow remote attackers to bypass authentication. Fixed packages are available now.

It was discovered that the MPlayer movie player performs insufficient boundary checks when accessing CDDB data, which might lead to the execution of arbitrary code.
Two flaws were discovered in open-iscsi. A local attacker could use these flaws to cause the server daemon to stop responding, leading to a denial of service.
It was discovered that libphp-phpmailer, an email transfer class for PHP, performs insufficient input validition if configured to use Sendmail. This allows the execution of arbitrary shell commands.
Fixed packages are available now.

The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously-used data, which could be used to obtain potentially sensitive information by unauthorized users.
A function in the JasPer JPEG-2000 library could allow a remote user-assisted attack to cause a crash and possibly corrupt the heap via malformed image files.
Fixed packages are available now.

It was discovered that the Apache 1.3 connector for the Tomcat Java servlet engine decoded request URLs multiple times, which can lead to information disclosure. A patch addresses this issue.

A divide by zero security vulnerability exists in the X11 Render Extension to the X11 display server Xorg(1). By using specially crafted values for compositing or adding trapezoids, a local or remote unprivileged user who is able to display data on a running X11 server instance may cause the X11 display server Xorg(1) to crash.
An unprivileged local or remote user may be able to panic a Solaris 10 system which is configured to use IPv6 (ip6(7p)) but is not configured to use the IPsec stack (ipsec(7P)), therefore causing a Denial of Service to the system as a whole.
Patches are available now.

It has been discovered that the PostgreSQL database performs insufficient validation of variables passed to privileged SQL statements, so called "security definers", which could lead to SQL privilege escalation. A patch addresses this issue.

An updated kernel fixes several vulnerabilities which might lead to a Denial-of-Service (DoS) or remote execution of arbitrary code.

Multiple security vulnerabilities in the Samba (samba(7)) software for Solaris may allow a local or remote user to issue unauthorized Samba operations or to execute arbitrary code or commands with elevated privileges. If this service is not needed, it should be turned off. The publication of a patch is pending.

The JSP examples web application displays does not escape some user provided data before including it in the output. This enables a XSS attack. Additionally, the Manager and Host Manager web applications do not escape some user provided data before including it in the output. This enables a XSS attack. The user must be logged in to the Manager or Host Manager web application.
It's recommended to remove the examples and to close the browser after having completed the tasks.

SpamAssassin 3.1.x, when running as root with unusual configuration options using vpopmail or virtual users, could allow local users to cause a Denial-of-Service (via corrupting arbitrary files) using a symlink attack on a file used by spamd. SpamAssassin 3.1.9 corrects this flaw.

An updated kernel fixes several vulnerabilities which might lead to a Denial-of-Service (DoS). One of the vulnerabilities enables attackers to a remote DoS.

The icedove mail client is an unbranded version of the Thunderbird client. It shows problems with APOP authentication, the possibility to execute arbitrary code via the network by crashes of the layout engine or the JavaScript engine.
The iceweasel web browser is an unbranded version of the Firefox browser. Also this software shows possibility to execute arbitrary code via the network by crashes of the layout engine or the JavaScript engine. Additionally, a Denial-of-Service (DoS) might occur due to an insufficient validation of cookies. Another vulnerability might lead to a DoS, too. Finally, Cross-Site Scripting might be possible as well as spoofing or phishing attacks.
For both programs, an update is available now.

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 5 kernel are now available. Please note that only one vulerability is exploitable remotely, leading to a Denial-of-Service.

Java Server Faces, JSF, is a framework used to create server side GUI Web applications. Remote exploitation of an input validation vulnerability in Apache Software Foundation's MyFaces Tomahawk JSF framework could allow an attacker to perform a cross-site scripting (XSS) attack. The code responsible for parsing HTTP requests is vulnerable to an XSS vulnerability. When parsing the 'autoscroll' parameter from a POST or GET request, the value of this variable is directly inserted into JavaScript that is sent back to the client. This allows an attacker to run arbitrary JavaScript in the context of the affected domain of the MyFaces application being targeted. An update to MyFaces Tomahawk version 1.1.6 solves this issue.

A security vulnerability in Solaris 10 related to the handling of XDR data within NFS requests may allow a local or remote unprivileged user to panic a Solaris system that is configured to run as an NFS server, resulting in a Denial-of-Service (DoS). A patch is available now.

A security vulnerability in Sun Java System Directory Server 5.2 and Enterprise Edition may allow a local or remote unprivileged user to obtain unauthorized access and perform specific data modifications in the directory server, which would normally require root access privileges. An update to solve this issue is available.

Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. A patch is not available yet.

A flaw in libgd2 was found by Xavier Roche where it would not correctly validate PNG callback results. If an application linked against libgd2 was tricked into processing a specially-crafted PNG file, it could cause a denial of service scenario via CPU resource consumption.
Also affected are the libwmf and tetex packages.
Fixed packages are available now.

If a server implemented a mod_perl registry module using the "namespace_from_uri" method, a remote attacker requesting a carefully crafted URI can cause resource consumption, which could lead to a denial of service .
A symlink issue was discovered in SpamAssassin that affects certain non-default configurations. A local user could use this flaw to create or overwrite files writable by the spamd process
A problem with the interaction between the Flash Player and the Konqueror web browser was found. The problem could lead to key presses leaking to the Flash Player applet instead of the browser.
Two flaws were discovered in open-iscsi. A local attacker could use these flaws to cause the server daemon to stop responding, leading to a denial of service
Updated packages address these issues.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

Several vulnerabilities have been identified with HP-UX running BIND. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). A patch is available now.

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 3 kernel are now available.

A heap overflow was discovered in the routines of OpenOffice.org and StarOffice that parse RTF files. A specially crafted RTF file could cause the filter to overwrite data on the heap, which may lead to the execution of arbitrary code. Fixed packages are available now.

GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages. Various buffer overflows and underflows were found in the DWARF expression computation stack in GDB. If an attacker could trick a user into loading an executable containing malicious debugging information into GDB, they may be able to execute arbitrary code with the privileges of the user.
The gcc packages include C, C++, Java, Fortran 77, Objective C, and Ada 95 GNU compilers and related support libraries. A directory traversal flaw in fastjar. An attacker could create a malicious JAR file which, if unpacked using fastjar, could write to any files the victim had write access to.
Updated packages address these issues.

A buffer overflow has been identified in Gimp's SUNRAS plugin in versions prior to 2.2.15. This bug could allow an attacker to execute arbitrary code on the victim's computer by inducing the victim to open a specially crafted RAS file.
Two problems have been discovered with lighttpd, a fast webserver with minimal memory footprint. They could allow a remote Denial-of-Service.
Both vulnerabilities can be fixed by installing the appropriate update.

Pluggable Authentication Modules (PAM) provide a system whereby administrators can set up authentication policies without having to recompile programs that handle authentication. A flaw was found in the way the Linux kernel handled certain SG_IO commands. Console users with access to certain device files had the ability to damage recordable CD drives. Another vulnerability has been found in the way pam_console set console device permissions. It is possible for various console devices to retain ownership of the console user after logging out, possibly leaking information to an unauthorized user. An update solves these potential problems.

The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, as well as programs for managing user and group accounts. A flaw has been found in the useradd tool in shadow-utils. A new user's mailbox, when created, could have random permissions for a short period. This could allow a local attacker to read or modify the mailbox. An update addresses this issue.

CTA installations on Mac OS X show a vulnerability which can allow an unauthorized user to access the "System Preferences" window which can be used to change passwords of all non-root user accounts including admin accounts. The "System Preferences" window becomes available to the unauthorized user because of the "user notifications" feature within CTA. These messages are sent from Cisco Secure Access Control Server (ACS) to CTA upon completion of initial posture validation or upon posture revalidation. These notifications are displayed as pop-up messages on the desktop, or login screen, of the system on which CTA is installed. CTA release 2.1.104.0 or later resolves this vulnerability. Workarounds are described in the advisory, too.

OpenLDAP is an open source suite of LDAP (Lightweight Directory Access Protocol) applications, libraries and development tools. A vulnerability has been found in the way OpenLDAP handles selfwrite access. Users with selfwrite access were able to modify the distinguished name of any user. Users with selfwrite access should only be able to modify their own distinguished name. A memory leak bug has been found in OpenLDAP's ldap_start_tls_s() function. An application using this function could result in an Out Of Memory (OOM) condition, crashing the application. Red Hat provides an update, which should be installed.

An iframe is an HTML element which allows an HTML document to be embedded inside a master HTML document. Mozilla Firefox 2.0.0.4 and earlier allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Since there is no patch available at the moment, it's recommended to disable Java Script.

The CUPS service allows remote attackers to cause a denial of service via a "partially-negotiated" SSL connection. Fixed packages are available now.

A security vulnerability which affects the sshd(1M) daemon when configured to use protocol version 1 may allow a remote user to cause the daemon to consume an excessive amount of CPU power.
Due to a security vulnerability in the way the scp(1) command executes helper applications, certain additional unintended commands may be executed at the same time.
Patches are available now.

A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitary code via an integer overflow in specially crafted TTF files. Fixed software is available now.

Several security related bugs were found in 'Asterisk' that allow attackers to remotely crash asterisk or cause information leaks. Fixed packages are available now.

Integer overflow in the exif_data_load_data_entry function in libexif allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data. Fixed packages are available now.

A problem was discovered with freetype, a FreeTyp2 font engine, which could allow the execution of arbitary code via an integer overflow in specially crafted TTF files.
Two problems were discovered with lighttpd, a fast webserver with minimal memory footprint, which could allow denial of service.
Fixed packages are available now.

Security vulnerabilities in the authentication mechanism and in the logging mechanism for Solaris Management Console (SMC) may allow a local or remote unprivileged user to gain unauthorized root access to a Solaris system. Patches are available now.

SGI has released the Security Update #76 for SGI Advanced Linux Environment 3. These updates fix an already known security related problems in mutt, seamonkey, and quagga.
So it's recommended to install this update.

The APOP functionality in fetchmail's POP3 client implementation was validating the APOP challenge too lightly, accepting random garbage as a POP3 server's APOP challenge, rather than insisting it conform to RFC-822 specifications. Fixed packages are available now.

It was discovered that a specially-crafted packet sent to the racoon ipsec key exchange server could cause a tunnel to crash, resulting in a denial of service. Fixed packages are available now.

Three remote denial of service vulnerabilities have been identified in Symantec Ghost Solution Suite. All three vulnerabilities affect both the client and server daemons. Each vulnerability is triggered by sending a malformed UDP Packet to ether the client or server daemon. A patch is available now.

Two vulnerabilities were discovered in the Reporting Server component that comes with the Symantec AntiVirus Corporate Edition and Symantec Client Security products. Patches are available now.

Two vulnerabilities have been identified with HP-UX running CIFS Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code. A patch is available now.

The HP System Management Homepage (SMH) server is a web-based interface that can manage HP servers running the Microsoft Windows or Linux operating systems. The SMH contains an unspecified cross-site scripting vulnerability. Fixed software is available now.

If GNOME Assistive Technology support has been enabled on a system and a local user locks the terminal using xscreensaver(1) then it may be possible for an individual with physical access to the system to be able to execute arbitrary commands on the system with the privileges of the user running xscreensaver(1). A patch is available now.

An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code execution.
A flaw how libpng handled malformed images was discovered. An attacker able to create a carefully crafted PNG image could cause an application linked with libpng to crash when the file was manipulated.
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
Fixed packages are available now.

An authentication bypass, remote code execution vulnerability has been identified and resolved in the Symantec Storage Foundation for Windows v5.0 Volume Manager Scheduler Service. Successful exploitation could result in potential compromise of the targeted system. A patch is available now.

A security hole was discovered in all versions of the PEAR Installer and would allow a malicious package to install files anywhere in the filesystem.
login in util-linux skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_mgmt and chauth_tok.
Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
Fixed packages are available now.

A vulnerability in the OLE2 parser in ClamAV was found that could allow a remote attacker to cause a denial of service via resource consumption with a carefully crafted OLE2 file. Fixed software is available now.

A buffer overflow vulnerability in the image parsing code in the Java Runtime Environment may allow an untrusted applet or application to elevate its privileges. A second vulnerability may allow an untrusted applet or application to cause the Java Virtual Machine to hang. Patches are available now.

Several vulnerabilities were found in mutt. Fixed packages are available now.

Two vulnerabilities were found in PHP. An infinite loop was discovered in the imagecreatefrompng function. An integer overflow was discovered inside the chunk_split() function. Fixed software is available now.

Logitech VideoCall ActiveX controls contain multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. A workaround is described in the advisory.

A remote user may be able to gain admin privileges on an Xserve system with IPMI configured in a particular manner. Fixed firmware is available now.

Several denial of service vulnerabilities were found in MadWifi. Fixed software is available now.

When GNU locate reads filenames from an old-format locate database, they are read into a fixed-length buffer allocated on the heap. Filenames longer than the 1026-byte buffer can cause a buffer overrun. The overrunning data can be chosen by any person able to control the names of filenames created on the local system. Fixed software is available now.

Security vulnerabilities in the Adobe Flash Player product shipped with Solaris 10 may allow remote users who create applications that are viewed with the Flash Player to generate unauthorized HTTP requests from the affected host by inserting arbitrary HTTP headers.
A local or remote unprivileged user may be able to disable the snmpd(1M) daemon causing a Denial of Service (DoS) of the SNMP service.
Patches are available now.