The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. A flaw has been found in the way CUPS handles certain Internet Printing Protocol (IPP) tags. A remote attacker who is able to connect to the IPP TCP port could send a malicious request causing the CUPS daemon to crash, or potentially execute arbitrary code. Please note that the default CUPS configuration doesn't allow remote hosts to connect to the IPP TCP port. An updated package fixes this vulnerability.

Vulnerabilities were found in the swcons, lqueryvg, lquerypv, ftp, dig, bellmail, and crontab programs og IBM AIX. Patches are available now.

Several vulnerabilities were found in TikiWiki. A patch is available now.

A security vulnerability in the X2100 and X2200 M2 Embedded Lights Out Manager (ELOM) software may allow remote unprivileged users the ability to execute arbitrary commands with root privileges on the embedded Service Processor (SP). Fixed Firmware is available now.

Several vulnerabilities were found in 'gdb' and 'WebObjects', which are part of the Xcode Developer Tools. An update is available now.

A security vulnerability in the Solaris 10 Internet Protocol (ip(7P)) may allow a local unprivileged user the ability to cause a system panic, thereby causing a Denial of Service (DoS) to the system as a whole. A patch is available now.

A security vulnerability in Solaris 10 SCTP INIT processing (see sctp(7P)) may allow a privileged remote user to panic the system, resulting in a Denial of Service (DoS). A patch is available now.

A SUSE Security Summary reports vulnerabilities in the packages fetchmail, flac, opera, util-linux, and openssh. Updated packages are available now and should be installed on vulnerable systems.

The RSA Keon Certificate Authority (CA) software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers of certificate requests. The RSA KEON Registration Authority web interface contains multiple cross-site scripting vulnerabilities. So an attacker may be able to obtain sensitive data from the site running the RSA KEON Registration Authority software or use the vulnerability create spoofed content. RSA has released updates to address this issue.

Two vulnerabilities have been discovered in the Apache HTTP Server. They concern the mod_proxy module as well as the module mod_autoindex. Regarding the proxy, a remotely triggered Denial-of-Service is possible while the other vulnerability allows cross-site scripting under certrain circumstances.
Updated packages are available now, fixing the vulnerabilities.

The Trend Micro AntiVirus scan engine provides AntiVirus capabilities to desktop, server, and gateway systems. The engine is licensed to several of Trend Micro's OEM partners. Local exploitation of a buffer overflow vulnerability within Tmxpflt.sys, as included with Trend Micro's AntiVirus engine, could allow an attacker to execute arbitrary code in kernel context. This vulnerability specifically exists due to insecure permissions on the "\\.\Tmfilter" DOS device interface. The permissions on this device allow "Everyone" write access. This allows a locally logged-in user to access functionality intended for privileged use only. Additionally, the IOCTL handler of this DOS device interface for IOCTL 0xa0284403 does not validate the length of attacker-supplied content when copying to a fixed-size buffer. As such, it's possible to execute attacker-supplied code in the context of the kernel.
Trend Micro has addressed this vulnerability with the release of version 8.550-1001 of their scan engine.

There is a security vulnerability that could allow for Denial of Service (DoS) by sending a specifically crafted TCP/IP packet to the Microsoft Windows CE mobile device Fixed software is available now.

A vulnerability has been identified with HP OpenView Configuration Management (CM) Infrastructure (Radia) and Client Configuration Manager (CCM) running httpd.tkd. The vulnerability could be exploited to allow remote unauthorized access to data. A patch is available now.

It was discovered that xen-utils, a collection of XEN administrative tools, used temporary files insecurely within the xenmon tool allowing local users to truncate arbitrary files. Fixed packages are available now.

Several vulnerabilities have been found in IBM Lotus Notes. Fixed software is available now.

A vulnerability in the Virtual Machine of the Java Runtime Environment may allow an untrusted applet to elevate its privileges. A patch is available now.

Several flaws were discovered in the way libpng handled various PNG image chunks. An attacker could create a carefully crafted PNG image file in such a way that it could cause an application linked with libpng to crash when the file was manipulated. Fixed packages are available now.

It was discovered that xfce-terminal, a terminal emulater for the xfce environment, did not correctly escape arguments passed to the processes spawned by "Open Link". This allowed malicious links to execute arbitary commands upon the local system.
It was discovered that reprepro, a tool to create a repository of Debian packages, when updating from a remote site only checks for the validity of known signatures, and thus does not reject packages with only unknown signatures.
Updated packages are available now.

Critical vulnerabilities have been identified in Adobe Reader and Acrobat that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. This issue only affects customers on Windows XP with Internet Explorer 7 installed. A malicious file must be loaded in Adobe Reader or Acrobat by the end user for an attacker to exploit these vulnerabilities. It's recommended that affected users update to Adobe Reader 8.1.1 or Acrobat 8.1.1.

CA Host-Based Intrusion Prevention System (CA HIPS) contains a vulnerability in the Server installation that can allow a remote attacker to take unauthorized administrative action. A patch is available now.

Several vulnerabilities were found in the linux kernel. Fixed kernel packages are available now.

Security vulnerabilities in the implementation of the retrieval of Kernel statistics may allow a local unprivileged user to panic the system, causing a Denial of Service (DoS) condition. Patches are available now.

RealNetworks RealPlayer is a multimedia application that allows users to view local and remote audio/video content. The RealPlayer Database Component, which is provided by MPAMedia.dll, contains a stack buffer overflow in the handling of playlist names. The RealPlayer IERPCtl ActiveX control, which is provided by ierpplug.dll, can be used to import a local file into a specified playlist in RealPlayer. This can be used to trigger the buffer overflow vulnerability. The ActiveX control is present in RealPlayer version 9 (RealOne Player) and later. By convincing a user to view a specially crafted HTML document, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user on a vulnerable system. So an update to the latest version is strongly recommended.

A SUSE Security Summary reports vulnerabilities in the packages hplip, kdelibs3, kdebase3, NX, festival daemon, opal, and openssl. Updated packages are available now and should be installed on vulnerable systems.

The Sun JAVA JDK 1.5.0 was upgraded to release 13, and the Sun JAVA SDK 1.4.2 was upgraded to update 16 to fix various bugs, includingthe security bugs. Due to the same reasons, the IBM Java JRE/SDK has been brought to release 1.5.0 SR5a and 1.4.2 SR 9.0. It's recommended to upgrade the systems.

Eight security advisories have been found in Firefox 2.0.0.7 and earlier, Thunderbird 2.0.0.7 and earlier as well as SeaMonkey 1.1.4 and earlier. These vulnerabilities give attackers the possibility to execute arbitrary code / commands, to access to confidential data and to provide misleading information. Please update your systems since the latest versions don't show these vulnerabilities.

It has been discovered that zoph, a web based photo management system, performs insufficient input sanitising, which allows SQL injection.
A buffer overflow the intT1_Env_GetCompletePath routine in t1lib, a Type 1 font rasterizer library. This flaw might allow an attacker to crash the application using the t1lib shared libraries, and potentially execute arbitrary code within such an application's security context.
For Debian updates are available, other systems might be vulnerable, too.

A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited locally to create a Denial-of-Service (DoS). HP has published an updated package now, it should be installed soon.

The latest patches for Microsoft are needed to be installed when using the SMA. It's strongly recommended to install these hotfixes from Microsoft.

It was discovered that Tk could be made to overrun a buffer when loading certain images. A patch is available now.

Oracle has published a Critical Patch Update including 51 new security fixes across all products. So it's recommended to install it as soon as possible.

It was discovered that dhcp, a DHCP server for automatic IP address assignment, didn't correctly allocate space for network replies. This could potentially allow a malicious DHCP client to execute arbitary code upon the DHCP server. Fixed packages are available now.

Unified Contact Center and Intelligent Contact Management products contain a vulnerability that may result in unauthorized access to the web-based reporting and script monitoring tool (Web View) and the web-based configuration tool (Web Admin). Updated software solves this problem.

Cisco Unified Communications Manager (CUCM), formerly CallManager, contains two denial of service (DoS) vulnerabilities. Updated software solves this problem.

Two crafted packet vulnerabilities exist in the Firewall Services Module (FWSM) and the Cisco PIX 500 Series Security Appliance (PIX) and the Cisco 5500 Series Adaptive Security Appliance (ASA) that may result in a reload of the device. Fixed software is available now.

The IBM Lotus Domino Web Server service is vulnerable to a stack based buffer overflow which can be exploited remotely. A patch is available now.

Therefore, a carefully crafted destination number sent to an Asterisk system running cdr_addon_mysql could escape out of a SQL data field and create another query. A workaround is described in the advisory.

A security vulnerability in the firmware FTP service of the Sun StorEdge 3510 FC Array may allow a remote unprivileged user who has access to the management network to which the array's management Ethernet interface is connected, to make the array unresponsive to data services. Fixed firmware is available now.

Several vulnerabilities wer found in the BEA WebLogic JRockit JRE and SDK. Fixed packages are available now.

Several vulnerabilitiesy were found in the IBM DB2 Universal Database. Patches are available now.

Multiple security vulnerabilities in the Solaris Tag Image File Format library (libtiff(3)) may allow a local or remote unprivileged user to crash applications that dynamically link to the "libtiff" library and execute arbitrary code with the privileges of a local user.
A number of memory corruption vulnerabilities have been found in the Mozilla application.
A security vulnerability in the Solaris RPC services library (librpcsvc(3LIB)) may allow a local unprivileged user to crash the automountd(1M) daemon on a system.
Patches are available now.

It has been discovered that the original patch for a buffer overflow in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (CVE-2007-3999, DSA-1368-1) was insufficient to protect from arbitrary code execution in some environments. Fixed packages are available now.

The Cisco IOS Line Printer Daemon contains a buffer overflow vulnerability when checking the hostname of the router. If successfully exploited by e.g. using SNMP, this vulnerability may allow a remote attacker to execute arbitrary code or create a Denial-of-Service condition. Updated software solves this problem.

A SUSE Security Summary reports vulnerabilities in the packages TK GIF image loader, OpenSSL, hugin, lighttpd, novess-groupwise-client, and sylpheed-claws. Updated packages are available now and should be installed on vulnerable systems.

Several local vulnerabilities have been discovered in the Linux kernel that may lead to a Denial-of-Service or the execution of arbitrary code with elevated rights. An updated package remedies these problems.

The Xorg server shows vulnerabilities in the X FontServer. These are an Integer Overflow and an Heap Overflow vulnerabilites. Additionally, a buffer overflow exists in the Composite extension. These can be exploited by logged in users to potentially execute code in the X server or xfs, which are running as root. So it's recommended to install patches, which are available now.

Free Lossless Audio Codec (FLAC) is a popular file format for audio data compression. AOL Corp.'s Winamp media player has support for the FLAC format. Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the curre These vulnerabilities specifically exist in the handling of malformed FLAC media files. In each case, an integer overflow can occur while calculating the amount of memory to allocate. As such, insufficient memory is allocated for the data that is subsequently read in from the file, and a heap based buffer overflow occurs. The FLAC maintainers have released version 1.2.1 of FLAC to address these vulnerabilities.

A remote vulnerability in CA BrightStor ARCserve Backup Server allows an attacker to execute arbitrary code as SYSTEM without any user interaction. The exploit is extremely reliable and can be successfully delivered either across the Internet or within local networks via a random TCP port that is disclosed by the BrightStor portmapper service on TCP/111. Computer Associates has released patches for these vulnerabilities.

A potential security vulnerability has been identified with HP Select Identity. The vulnerability could be exploited to allow remote unauthorized access. HP has provided software patches to resolve the vulnerability. Please contact HP Support to receive the patches.

A potential security vulnerability has been identified with HP-UX Apache version 2.0.59. The vulnerability could be exploited remotely to create a Denial-of-Service (DoS). An updated package has been published by HP now, it should be installed soon.

Tomcat is a servlet container for Java Servlet and Java Server Pages technologies. It shows some possibilities for Cross-Site Scripting and therefore also access to confidential data. Exploiting these vulnerabilities do not require a local account. Updated packages solve these problems.

The libvorbis package contains runtime libraries for use in programs that support Ogg Voribs. Ogg Vorbis is a compressed audio format. Several flaws were found in the way libvorbis processea audio data. An attacker could create a carefully crafted OGG audio file in such a way that it could cause an application linked with libvorbis to crash or execute arbitrary code when it was opened. A fixed package is available now.

The hplip (Hewlett-Packard Linux Imaging and Printing Project) package provides drivers for HP printers and multi-function peripherals. A flaw in the way the hplip hpssd daemon handles user input has been found. A local attacker could send a specially crafted request to the hpssd daemon, possibly allowing them to run arbitrary commands as the root user. For some systems an update is available now.

A security vulnerability in the Solaris Auditing (BSM) included with Sun Solaris 10 may allow a local unprivileged user to cause a system panic on hosts which are configured to audit networking events. This will result in a Denial-of-Service (DoS) to the system as a whole. A patch solves this problem.

Critical security updates for all supported versions of VMware ESX Server, VMware Server, VMware Workstation, VMware ACE, and VMware Player are available now. They fix possibilities for Denial-of-Service as well as remote code execution. So it's recommended to install the updates which are available now.

Kaspersky Lab Online Virus Scanner is a free online virus scanner service, enabling a user to scan their system for malicious code via their Web browser. Remote exploitation of a format string vulnerability in this virus scanner service could allow an attacker to execute arbitrary code within the security context of the targeted user. The reason is a vulnerable ActvieX Control. For further information, please refer to the advisory. Kaspersky Online Scanner version 5.0.98.0 corrects the high-risk vulnerability.

Very many, mostly known vulnerabilities in Apache can be fixed now for this web server running on HP-UX. Since there are some critical vulnerabilities, an instant update is recommended.

Two Security Vulnerabilities in Solaris Trusted Extensions label daemon (labeld) may allow a local unprivileged user to stop Trusted Extensions services from running on a system. A patch is available now.

A security vulnerability in the Solaris 10 Virtual File System (VFS) may allow a local unprivileged user to exhaust all kernel memory, thereby causing a Denial of Service (DoS) to the system as a whole. A patch is available now.

Several security vulnerabilities have been identified HP System Management Homepage (SMH). These vulnerabilities could by exploited remotely to allow cross site scripting (XSS. Fixed software is available now.

Two buffer overflows were found in the IMAP code of Asterisk. Fixed software is not available yet.

Critical vulnerabilities have been identified in Illustrator CS3 and GoLive that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Patches are available now.

A critical vulnerability has been identified in Adobe PageMaker that could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Patches are available now.

Customers who use the CiscoWorks Wireless LAN Solution Engine (WLSE) may use a conversion utility to convert over to a Cisco Wireless Control System (WCS). This conversion utility creates and uses administrative accounts with default credentials. Workarounds are described in the advisory.

Several local vulnerabilities have been discovered in the Linux kernel that may lead to a Denial-of-Service or the execution of arbitrary code. An updated package remedies these problems.

A security vulnerability in the vuidmice(7M) STREAMS modules may allow a local unprivileged user who has access to the system console device (console(7D)) to render the console unusable, which is a type of Denial-of-Service (DoS). A patch addresses this issue for all supported versions of Sun Solaris.

A DHCP client with a carefully chosen maximum message size that is less than the minimum IP MTU could lead to a buffer overflow in dhcpd(8). This could cause the dhcpd to crash or could potentially result in remote code execution. This problem is specific for OpenBSD. Patches are available for OpenBSD 4.2, 4.1 and 4.0.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

A memory management flaw was discovered in PWLib. An attacker could use this flaw to crash an application, such as Ekiga, which is linked with pwlib
A flaw was discovered in the way opal handled certain Session Initiation Protocol (SIP) packets. An attacker could use this flaw to crash an application, such as Ekiga, which is linked with opal.
Fixed packages are available now.

On Microsoft Windows XP Systems, that have Internet Explorer 7 installed, handling of "mailto:" URIs by Adobe Acrobat and Reader leady to unexpected results. A workaround is described in the advisory.

Several flaws were found in the packages 'kdebase' and 'kdelibs' of the K Desktop Environment (KDE). Fixed packages are available now.

GForge is a collaborative development tool. Exploiting a Cross-Site Scripting vulnerability, it allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session.
Several local vulnerabilities have been discovered in the Xen hypervisor packages which may lead to the execution of arbitrary code.
Updated packages are available now.

The Java Runtime Environment (JRE) may allow untrusted applets or applications to display an oversized window so the warning banner is not visible to the user. Some security vulnerabilities in Java Runtime Environment may allow network access restrictions to be circumvented.
An untrusted Java Web Start Application or Java Applet may move or copy arbitrary files by requesting the user to drag and drop a file from application or applet window to a desktop application. Further on, multiple security vulnerabilities in Java Web Start have been found regarding local file access.
It's recommended to upgrade to the latest version.

Drupal is an open source content management platform. Some vulnerabilities concerning Cross-Site Scripting have been found. Additionally cross site requests might be possible as well as remotely overwriting arbitrary files. New versions fix these problems.

A command injection issue has been found in Apple QuickTime's handling of URLs in the qtnext field in files with QTL content. By enticing a user to open a specially crafted file, an attacker may cause an application to be launched with controlled command line arguments, which may lead to arbitrary code execution. A security update addresses the issue through improved handling of URLs. Mac OS X systems are not affected by this problem.

Several local vulnerabilities have been discovered in the Linux kernel that may lead to a Denial-of-Service or the execution of arbitrary code. An updated package remedies these problems.

An off-by-one error has been identified in the SSL_get_shared_ciphers() routine in the libssl library from OpenSSL, an implementation of Secure Socket Layer cryptographic libraries and utilities. This error could allow an attacker to crash an application making use of OpenSSL's libssl library, or potentially execute arbitrary code in the security context of the user running such an application. Additionally, in some implementations a flaw in how OpenSSL performed Montgomery multiplications has been discovered. This could allow a local attacker to reconstruct RSA private keys by examining another user's OpenSSL processes. Updated packages are available for some systems.

A security vulnerability in the Solaris Named Pipes (pipe(2)) may allow a local unprivileged user to gain access to unauthorized memory locations. This may allow a local unprivileged user to read potentially sensitive data in the kernel's memory layout or in the memory layouts of other processes running on the system. A patch addresses this issue.

The bgpd daemon in Quagga allowes remote BGP peers to cause a denial of service crash via a malformed OPEN message or COMMUNITY attribute. Fixed packages are available now.

Two vulnerabilities discovered in Prefork MPM module and mod_proxy of Apache. Fixed packages solve these problems.

Remote exploitation of a multiple vulnerabilities in X.Org Foundation's X Font Server, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code. Fixed software is available now.

It was discovered that elinks, an advanced text-mode WWW browser, sent HTTP POST data in cleartext when using an HTTPS proxy server potentially allowing private information to be disclosed. New releases fix this vulnerability.

Several flaws were found in the Xen virtual machine monitor.
A stack buffer overflow flaw was discovered in the RPC library used by nfs-utils-lib. A remote unauthenticated attacker who can access an application linked against nfs-utils-lib could trigger this flaw and cause the application to crash.
Fixed packages are available now.

A heap-based buffer overflow in libsndfile could allow remote attackers to execute arbitrary code via a FLAC file with crafted PCM data which contains a block with a size exceeding that of the previous block. The same may also happen when specially crafted .avi files are opened with the mplayer. Fixed packages solve these problems.

A SUSE Security Summary reports vulnerabilities in the packages star, cpio, emacs, krb5, pptpd, mysql, qt3, balsa, and id3lib. Updated packages are available now and should be installed on vulnerable systems.

Google Gmail is a web based mail service. According to a report on the GNUCITIZEN site, Gmail contained a cross-site request forgery (XSRF) vulnerability that allowed attackers to create mail filters and forward mail to arbitrary email addresses. So a remote attacker could have collected email addresses, emails, and attachments from a user's Gmail account. To exploit this vulnerability, an attacker would have had to convince a user to click or open a specially crafted hyperlink while the user was logged into their Gmail account. Google has addressed this vulnerability.

A security vulnerability in the X2100 and X2200 M2 Embedded Lights Out Manager (ELOM) software may allow remote unprivileged users the ability to initiate unauthorized network traffic from the embedded service processor (SP). This may allow the SP to be used as a proxy to send unsolicited bulk e-mail (spam). Fixed Firmware is available now.

Two vulnerabilities were found when Sun Java System Access Manager is installed in a Sun Java System Application Server container. A patch is not available yet. A workaround is described in the advisory.

A vunerability was found in openssl, which may result in the remote execution of code from via a off-by-one buffer overflow in the SSL_get_shared_ciphers function. New releases fix this vulnerability.