There is an off-by-one error in the AIX libc implementation of the inet_network function. Programs which call this function will be vulnerable, so an attacker might be able to execute arbitrary code on the system. There are multiple vulnerabilities in the AIX X server. A successful exploitation of these vulnerabilities allows a non-privileged user to execute code with root privileges. If the X server is configured to allow remote connections, remote attacks are possible.
Patches are available now.

Vulnerabilities were reported in an ActiveX control that Symantec's Backup Exec for Windows Servers (BEWS) installs with its scheduler. Exploitation of these issues could possibly lead to unauthorized information disclosure, system information corruption or potentially allow arbitrary code execution in the context of the user's browser. However, successful exploitation requires specific conditions. A hotfix to solve this problem is available now.

Some Canon digital multifunction printers contain an FTP server that is vulnerable to the FTP bounce attack. Due to this, a remote, unauthenticated attacker may be able to conduct port scans or send arbitrary (TCP) traffic to other hosts. If not needed, the FTP server should be disabled. On the other hand, the FTP server should require an authentication for use.

With the introduction of Version 0.99.8 many security related problems have been solved. Only the new version should be used today.

A vulnerability was discovered by Havoc Pennington in how the dbus-daemon applied its security policy. A user with the ability to connect to the dbus-daemon could possibly execute certain method calls that they should not normally have access to.
A buffer overflow condition was found in Ghostscript, which can lead to arbitrary code execution as the user running any application using it to process a maliciously crafted Postscript file.
Fixed packages are available now.

In 'file' an integer underflow was found in file_printf() which can lead to an exploitable heap overflow.
If a IPsec association is made between two hosts with different byte orders it is possible to bypass the IPsec policy.
A remote user can cause the system to panic by sending a crafted IPv6 packet to a system with an IPSEC enabled kernel.
Patches are available now.

A buffer overflow in PCRE 7.x before 7.6 allows remote attackers to execute arbitrary code via a regular expression that contains a character class with a large number of characters with Unicode code points greater than 255.

D-Bus is a system for sending messages between applications. It's used both for the system-wide message bus service, and as a per-user-login-session messaging facility. In RH EL 5 a flaw has been found in the way the dbus-daemon applies its security policy. A user with the ability to connect to the dbus-daemon may be able to execute certain method calls they should normally not have permission to access.
The netpbm package contains a library of functions for editing and converting between various graphics file formats. An input validation flaw has been discovered in the GIF-to-PNM converter (giftopnm) shipped with the netpbm package. An attacker could create a carefully crafted GIF file which could cause giftopnm to crash or possibly execute arbitrary code as the user running giftopnm.
The gd package contains a graphics library used for the dynamic creation of images such as PNG and JPEG. Several vulnerabilities have been found in gd, leading to a Denial-of-Service or even the execution of arbitrary code provided by attackers.
Updated packages are available now.

A Cross-Site Scripting (XSS) vulnerability has been found in Drupal. Due to a programming error in the function Drupal.checkPlain users are able to inject arbitrary HTML and script code in certain pages. Affected by this vulnerability is Drupal 6.x before version 6.1.

The VideoLAN (VLC) media player package is an open-source popular multimedia player for various audio and video formats, and various streaming protocols. It's vulnerable to an arbitrary memory corruption vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. VLC 0.8.6e solves this problem.

A heap-based buffer overflow vulnerability in Mozilla mail code could potentially allow an attacker to run arbitrary code on a vulnerable system. The vulnerability is caused by allocating a buffer that can be three bytes too small in certain cases when viewing an email message with an external MIME body. Updated software is available now.

Symantec Scan Engine is a standalone Anti-Virus Engine that exposes a scanning Application Programming Interface (API) directly to developers who wish to integrate protection into their own custom applications. Two Denial-of-Service (DoS) vulnerabilities have been identified impacting version 5.1.2 of the Symantec Decomposer used to parse some types of archive content while scanning for malicious content in RAR archives. One of the vulnerabilities is based on a buffer overflow, maybe also allowing a remote execution of arbitrary code. Updates are available for affected products.

A buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter might result in the execution of arbitrary code if a user is tricked into processing a malformed file. An updated package is available now.

A security vulnerability in Solaris Internet Protocol (ip(7P)) implementation may allow a remote privileged user to send certain packets bypassing the security policies set by a firewall or to cause the system to panic, creating a Denial-of-Service (DoS) condition. A patch to fix this vulnerability is available now.

Several vulnerabilities have been discovered in xpdf code that is embedded in koffice, an integrated office suite for KDE. These flaws could allow an attacker to execute arbitrary code by inducing the user to import a specially crafted PDF document. Updated packages address this issue.

A SUSE Security Summary reports vulnerabilities in the packages xdg-utils, clamav, wireshark, and pcre. Updated packages are available now and should be installed on vulnerable systems.

Several vulnerabilities were found in the Linux kernel 2.4.27 and 2.6.8. Fixed kernel packages are available now.

A memory leak was found in the snd_page_alloc module of the 'alsa-driver' package. Local users could exploit this issue to obtain sensitive information from the kernel.
It was discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user.
Fixed packages are available now.

A flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to attempt to dereference already freed memory and crash.
A memory management flaw was found in the way CUPS handled the addition and removal of remote shared printers via IPP. When shared printer was removed, allocated memory was not properly freed, leading to a memory leak possibly causing CUPS daemon crash after exhausting available memory.
Fixed packages are available now.

Using Sun Solaris Perl 5.8, an unprivileged local user may be able to cause a Perl application to crash, or possibly execute arbitrary code with the privileges of the Perl application due to a buffer overflow in the regular expression engine.
Two security vulnerabilities, both due to separate race conditions within the CPU Performance Counters cpc(3CPC)) sub-system of the Solaris kernel, may allow a local unprivileged user to panic the system causing a Denial-of-Service (DoS) condition.
A security vulnerability in the Solaris 10 DTrace dynamic tracing framework may allow a local user or a non-global zone which has been granted either the PRIV_DTRACE_USER or the PRIV_DTRACE_PROC privilege to be able to perform some kernel-level tracing. Such users may then be able to access sensitive information.
Patches are available now.

On Windows hosts, if a VMware Host to Guest is configured with a shared folder, it's possible for a program running in the guest to gain access to the host's complete file system and create or modify executable files in sensitive locations. A workaround is described in the advisory.

Turba2 is a contact management component for horde framework. It doesn't correctly check access rights before allowing users to edit addresses. This could result in valid users being able to alter private address records. An update solves this problem.

Kerio MailServer is prone to multiple unspecified vulnerabilities. Attackers can exploit these issues to cause Denial-of-Service conditions or potentially execute arbitrary code in the context of the application; other attacks are also possible. Versions prior to Kerio MailServer 6.5.0 are vulnerable, so they should not be used anymore.

The OpenCA PKI Development Project is an open source out-of-the-box Certification Authority (CA). A cross site request forgery (XSRF) vulnerability exists in the way OpenCA processes requests executed via various forms. By manipulating an administrator who is authenticated to the CA via a session cookie to follow a tag that contains CA commands, an attacker may be able to successfully execute the commands on the CA. A patch is available now.

A Heap Overflow vulnerability has been identified and resolved in the Veritas Enterprise Administrator (VEA) component, specifically in the administrative service. Symantecs VEA is the management GUI component of Veritas Storage Foundation. Successful exploitation of this issue can result in a crash of the service in both the 5.0 Windows and Unix versions. Updates are available for all supported products.

Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Updated Software is available now.

IBM Pegasus CIM Server for Director provides Common Information Model (CIM) object management. This is a framework supporting Web-Based Enterprise Management (WBEM) services. WBEM is a platform and resource independent standard from the Distributed Management Task Force (DMTF). WBEM defines a CIM, and communication protocol for resource monitoring and control.
A stack-based buffer overflow vulnerability exists in the IBM Pegasus CIM Server for Director in which an unauthenticated remote user could trigger this flaw and potentially execute arbitrary code with root privileges. In addition a Denial-of-Service (DoS) issue exists in the IBM Pegasus CIM Server for Director. Interim Fixes are available now.

A patch fixes a flaw in how the aacraid SCSI driver checked IOCTL command permissions. This flaw might allow a local user on the service console to cause a Denial-of-Service or gain privileges. A stack buffer overflow vulnerability in the way Samba authenticates remote users has been fixed. A remote attacker could trigger this vulnerability to cause the Samba server to crash or to execute arbitrary code with the permissions of the Samba server. An integer overflow issue with the way Python's Perl-Compatible Regular Expression (PCRE) module handled certain regular expressions has been fixed, too. If a Python application used the PCRE module to compile and execute untrusted regular expressions, it might be possible to cause the application to crash, or to execute arbitrary code with the privileges of the Python interpreter. So it's recommended to install these updates.

OpenLDAP is an open source suite of Lightweight Directory Access Protocol (LDAP) applications and development tools. Updated openldap packages fix a flaw in the way the OpenLDAP slapd daemon handled modify and modrdn requests with NOOP control on objects stored in a Berkeley DB (BDB) storage backend. An authenticated attacker with permission to perform modify or modrdn operations on such LDAP objects could cause slapd to crash.
Tcl is a scripting language designed for embedding into other applications and for use with Tk, a graphical toolkit for it. An input validation flaw was discovered in Tk's GIF image handling. A code-size value read from a GIF image was not properly validated before being used, leading to a buffer overflow. The same might happen with an animated GIF image. Updated packages for all versions of RH EL solve this potential problem.
The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) is a standard network protocol for remote printing, as well as managing print jobs. A flaw has been found in the way CUPS handles the addition and removal of remote shared printers via IPP. A remote attacker could send malicious UDP IPP packets causing the CUPS daemon to crash. This Denial-of-Service can be avoided when the latest package is installed.

Splitvt is a utility to run two programs in a split screen. It doesn't drop group privileges prior to executing 'xprop'. This might allow any local user to gain the privileges of group utmp.
A Debian-provided CRON script in dspam, a statistical spam filter, includes a database password on the command line. This allows local attackers to read the contents of the dspam database, such as emails.
Fixed packages are available now.

version 9.26 of the web browser Opera is available now. Among other things, this version fixes three vulnerabilities which might lead to the accidentially execution of scripts and an upload of files to the client system.

IBM Lotus Notes versions 6.0 to 8.0 show a potential security issue with the Execution Control List (ECL) and Notes signatures on Java applets. A correct configuration as well as a workaround is described in the original advisory.
IBM Lotus Notes 6.5.6 and 7.0 shows a vulnerability in the Notes client. It is a known Java plug-in vulnerability, which involves the execution of JavaScript within a Java applet to gain escalated privileges. The Java Virtual Machine fix for this vulnerabity has been incorporated into Notes release 7.0.2. For Notes releases prior to 7.0.2, it is recommended to disable the "Enable Java access from JavaScript" preference.

The Veritas Storage Foundation is based on the Veritas File System and Veritas Volume Manager products. It allows virtualization of storage over a variety of platforms. It contains a remote administration application to configure and monitor the elements of the storage network. When the Veritas Scheduler service (VxSchedService.exe) encounters certain packets, an invalid memory access occurs causing the service to crash, which means Denial-of-Service. Symantec has addressed this vulnerability by releasing an update for Veritas Storage Foundation.

The Symantec Altiris Notification Server Agents are vulnerable to a shatter attack that can lead to privilege escalation. This attack is limited to users with login access to systems running the Symantec Altiris Notification Server Agent. This vulnerability can be fixed as described in the advisory.

EMC RepliStor is a data backup and recovery application for Windows. Remote exploitation of multiple heap overflow vulnerabilities in EMC Corp.'s RepliStor could allow an unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Multiple vulnerabilities exist within the code responsible for compression. In each case, data is decompressed without consideration for the size of the destination buffer. This results in an exploitable heap overflow. EMC has issued updates to address this issue.

Samba is a widely used open-source implementation of Server Message Block (SMB)/Common Internet File System (CIFS). A stack-based buffer overflow exists in the send_mailslot() function due to the function's improper processing of SAMLOGON packets. By sending a SAMLOGON domain logon packet containing a username string placed at an odd offset followed by an overly long GETDC string, an attacker could then overflow the stack to exploit the vulnerability. This vulnerability is addressed in Samba version 3.0.28, patches for earlier versions are available now.

A potential security vulnerability has been identified in Perl 5.8.7 and earlier running on HP Tru64 UNIX. The vulnerability could be exploited remotely to execute arbitrary code. A patch is available now.

It was discovered that libimager-perl, a Perl extension for Generating 24 bit images, did not correctly handle 8-bit per-pixel compressed images, which could allow the execution of arbitrary code.
It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library.
Fixed packages are available now.

A security vulnerability in the vuidmice STREAMS modules (vuidmice(7M)) may allow a local unprivileged user the ability to panic the system. This is a type of Denial of Service (DoS). Patches are available now.

An array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Fixed packages are available now.

The sendfile(2) system call does not check the file descriptor access flags before sending data from a file.
There is an improper reference to a data structure in the processing of IPsec packets, which can result in a NULL pointer being dereferenced.
Patches are available now.

A vulnerability exists the legacy version of the mod_jk2 Apache module. If successfully exploited, an attacker may be able to run arbitrary code on affected system. Fixed software is available now.

Several vulnerabilities were found in IBM Java 2 Runtime Environment. Fixed packages are available now.

Cisco Unified IP Phone models contain multiple overflow and denial of service (DoS) vulnerabilities. Cisco has made free software available to address these vulnerabilities for affected customers.

Cisco Unified Communications Manager is vulnerable to a SQL Injection attack in the parameter key of the admin and user interface pages. A successful attack could allow an authenticated attacker to access information such as usernames and password hashes that are stored in the database. Cisco has made free software available to address these vulnerabilities for affected customers.

Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. Fixed packages are available now.

Apple has published the security update for Mac OS X. It fixes multiple vulnerabilities in Directory Services, Foundation, Launch Services, Mail, NFS, Open Directory, Parental Controls, Samba, Terminal, and X11. It's recommended to install this update.

A security vulnerability has been identified with HP-UX Apache. These vulnerability could be exploited remotely to execute arbitrary code. A patch is available now.

Drupal is an open source content management platform. The Header image module contains a vulnerability where access to the module's administration pages is granted to any user, including the anonymous user. Fixed version is available now.

Vulnerabilities have been identified in Adobe Flash Media Server that could potentially allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Fixed software is available now.

Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' ClamAV allows attackers to execute arbitrary code with the privileges of the affected process. Fixed software is available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

Two vulnerabilities were found in plugins for the Nagios network monitoring and management system. A buffer overflow has been discovered in the parser for HTTP Location headers (present in the check_http module). A buffer overflow has been discovered in the check_snmp module.
Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code.
Fixed packages are available now.

Several vulnerabilities were found in Apache Tomcat. Fixed software is available now.

Several vulnerabilities were found in the Linux kernel 2.6.17 and newer. Fixed kernel packages are available now.

Several critical vulnerabilities have been found in xulrunner, icedove and iceweasel. They also might lead to an unauthorized execution of arbitrary code. A buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to Denial-of-Service and potentially the execution of arbitrary code, too. WML is an off-line HTML generation toolkit which creates insecure temporary files in the eperl and ipp backends and in the wmg.cgi script. This could lead to local Denial-of-sSrvice by overwriting files. Some vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2. They could lead to buffer overlows with a consequence of a Denial-of-Service or even the execution of arbitrary code of attackers.
Fixed packages are available and they should be installed now.

The Java Runtime Environment (JRE) by default allows external entity references to be processed. To turn off processing of external entity references, sites can set the "external general entities" property to FALSE. This property is provided since it may be possible to leverage the processing of external entity references to access certain URL resources (such as some files and web pages) or create a Denial-of-Service (DoS) condition on the system running the JRE. A defect in the JRE allows external entity references to be processed even when the "external general entities" property is set to FALSE. For this vulnerability to be exploited, a trusted application needs to process XML data that contains malicious content. This vulnerability cannot be exploited through an untrusted applet or untrusted Java Web Start application. JDK and JRE 6 Update 4 solves this problem, it's available for download now.

Sun Fire T1000/T2000 and Netra T2000 systems with firmware 6.5.11 or earlier running Solaris 10 with patch 125369-02 will experience a continuous stream of console EFT errors. A final resolution is pending completion.

Solaris 9 systems with certain st(7D) patches installed may panic when sending SCSI commands to tape drives that are in the process of carrying out erase, rewind, or locate operations. It's recommended not to install the critical patches, but the latest ones.

A SUSE Security Summary reports vulnerabilities in the packages SUN Java 1.5 and 1.6, nss_ldap, cairo, geronimo, moodle, SDL_image, python, mySQL, NX/X.org, and xemacs Updated packages are available now and should be installed on vulnerable systems.

Several vulnerabilities have been discovered in the EXIF parsing code of the libexif library, which can lead to Denial-of-Service (DoS) or the execution of arbitrary code if a user is tricked into opening a malformed image. Additionally, several remote vulnerabilities have been discovered in phpBB, a web based bulletin board.
Fixed packages are available now.

A stack-based buffer overflow was discovered in libcdio that allowes context-dependent attackers to cause a Denial-of-Service (core dump) and possibly execute arbitrary code via a disk or image file that contains a long joliet file name. In addition, failed UTF-8 conversions might cause a segfault on certain ISOs.
The LWZReadByte() and IMG_LoadLBM_RW() functions in SDL_image contain a boundary error that could be triggered to cause a static buffer overflow and a heap-based buffer overflow. If a user using an application linked against the SDL_image library were to open a carefully crafted GIF or IFF ILBM file, the application could crash or possibly allow for the execution of arbitrary code.
The ReadImage() function in Tk did not check codeSize read from GIF images prior to initializing the append array, which could lead to a buffer overflow with unknown impact.
A potential vulnerability was discovered in Qt4 version 4.3.0 through 4.3.2 which may cause a certificate verification in SSL connections not to be performed. As a result, code that uses QSslSocket could be tricked into thinking that the certificate was verified correctly when it actually failed in one or more criteria.
An updated package solves these problems.

The Adobe Reader 8.1.2 update addresses a number of customer workflow issues and security vulnerabilities while providing more stability. Further information about security related problems is not available yet. So it's recommended to use the latest version only.

Several critical vulnerabilities have been found in Firefox, Seamonkey, and Thunderbird. New versions are available, solving the vulnerabilities.

IBM Corp.'s DB2 Universal Database product is a large database server product commonly used for high end databases. The DB2 Administration Server (DAS) provides functionality that implements the Java-based DB2 Control Center GUI. Remote exploitation of a memory corruption vulnerability within version 9.1 of IBM Corp.'s DB2 Universal Database Administration Server (DAS) allows attackers to crash the service or potentially execute arbitrary code in the context of the affected service. Additionally, local exploitation of a library loading vulnerability in IBM Corp.'s DB2 Universal Database could allow attackers to gain root privileges. IBM provides Fix Packs to solve these problems.

Potential security vulnerabilities have been identified with HP Select Identity software. The vulnerabilities could be exploited remotely to gain unauthorized access. The vulnerabilities can only be exploited by authenticated users. HP has provided software patches to resolve the vulnerability.

Two vulnerabilities in the Java Runtime Environment may independently allow an untrusted application or applet that is downloaded from a website to elevate its privileges. Updates address this issue. SDK and JRE 1.4.x and earlier are not affected by these issues.

Bind includes the name server (named) and a resolver library. Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier allows context-dependent attackers to cause a Denial-of-Service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption. Updated packages solve this potential problem.

Potential vulnerabilities have been identified with the HP Storage Essentials, Storage Resource Management (SRM) software. These vulnerabilities could be exploited remotely to allow unauthorized access to a managed device. HP has developed v6.0.0 of the HP Storage Essentials, Storage Resource Management (SRM) software to resolve these vulnerabilities.

A potential security vulnerability has been identified with HP Virtual Rooms (HPVR) v6 and previous running on Microsoft Windows. The vulnerability could be exploited to allow remote execution of arbitrary code. HP has provided HP Virtual Rooms v7 to resolve this vulnerability.

The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash. Please check your manufacturer for a patch, if your system is vulnerable.

Skype uses Internet Explorer web control to render HTML content for different webapplications, including SkypeFind. When a victim receives Skype contact request authorization from an attacker's Skype account, Cross Zone Scripting is possible. So the atacker can execute arbitrary code on the vulnerable system. This vulnerability is exploitable because of security zone elevation vulnerability in skype client. Skype has fixed the vulnerability in Skypefind.

The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ':safe', did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. Additionally, a stack-based buffer overflow in emacs could allow user-assisted attackers to cause an application crash or possibly have other unspecified impacts via a large precision value in an integer format string specifier to the format function.
An updated package solves these problems.

OpenSSH could allow a remote attacker to gain elevated privileges under IBM AIX. Trusted X11 cookies are created when untrusted cookies cannot be created, which could allow an attacker to bypass security restrictions and gain elevated privileges using an untrusted X client. A fix is available for AIX 6.1 and 5.3, but not yet for 5.2.

A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to create a Denial-of-Service (DoS). Vulnerable are HP OV NNM 6.41, 7.01, 7.51 running on HP-UX B.11.00, B.11.11, and B.11.23, Solaris, Windows, and Linux. Patches are available now.

A format string vulnerability exists in iPhoto 7.1.2. By enticing a user to subscribe to a maliciously-crafted photocast, a remote attacker may cause arbitrary code execution. An update addresses the issue through improved handling of format strings when processing photocast subscriptions.

Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes multiple ActiveX controls. The YMP Datagrid ActiveX control contains multiple stack buffer overflows while the Yahoo! MediaGrid ActiveX control contains only one stack buffer overflow. By convincing a user to view a specially crafted HTML document, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user on a vulnerable system. An upgrade should be installed immediately.

The hack-local-variable function in Emacs 22 prior to version 22.2, when enable-local-variables is set to ':safe', did not properly search lists of unsafe or risky variables, which could allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration. Additionally, a stack-based buffer overflow in emacs could allow user-assisted attackers to cause an application crash or possibly have other unspecified impacts via a large precision value in an integer format string specifier to the format function.
An updated package solves these problems.

The Poppler PDF library shows some vulnerabilities which might lead to the execution of arbitrary code if a malformed PDF file is opened. CherryPy is an object-oriented web development framework. A directory traversal vulnerability might lead to a Denial-of-Service by deleting files through malicious session IDs in Cookes. It has been discovered that malformed cache update replies against the Squid WWW proxy cache could lead to the exhaustion of system memory, resulting in potential Denial-of-Service. The SNMP agent in net-snmp before 5.4.1 allows remote attackers to cause a Denial-of-Service via a GETBULK request with a large max-repeaters value. Gnatsweb, a web interface to GNU GNATS, doesn't correctly sanitize the database parameter in the main CGI script. This could allow the injection of arbitrary HTML, or javascript code.
Fixed packages are available now.

The MPlayer package is vulnerable to an arbitrary pointer dereference vulnerability, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused by the MPlayer libmpdemux library not properly sanitizing certain tags on a MOV file before using them to index an array on the heap. This can be exploited to execute arbitrary commands by opening a specially crafted file. The same might happen due to a buffer overflow attack, which can be exploited by malicious remote attackers. The vulnerability is due to MPlayer not properly sanitizing certain tags on a FLAC file before using them to index an array on the stack. Security patches solve these problems.

IBM Corp.'s Informix Dynamic Server is an online transaction processing data server. When the SQLIDEBUG environment variable is set, several set-uid binaries will log debugging information to the specified file. Local users might exploit a a file creation vulnerability to elevate privileges to root. The "onedcu" command requires six parameters to be specified when it is executed. The second parameter is a "Trace" file that this program will open and write to with elevated privileges. Also in this case, local users might get elevated privileges. Version 10.00.xC8 of Informix Dynamic Server solves these problems.

Liferay Portal is an open source enterprise portal solution using Java, J2EE, and Web 2.0 technologies. Some vulnerabilities can be closed by installing the latest update. Most of the vulnerabilities found affect local users only, leading to Cross-Site Scripting or Cross-Site Request Forgery. So please install the latest update as soon as possible.

Several security vulnerabilities has been identified with HP-UX Apache. These vulnerabilities could be exploited remotely to execute arbitrary code. A patch is available now.

Lifelink Enterprise Content Management (ECM) up to version 9.7.0 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. The vendor released an update to address this issue.

The boost library doesn't properly perform input validation on regular expressions. An attacker might exploit this by sening a specially crafted regular expression to an application linked against boost and cause a Denial-of-Service via an application crash. An updated package is available now.
A format string vulnerability in Ruby-GNOME 2 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.

Vaious software is using an ActiveX control for uploading images and photos. Because user-supplied data are not sufficiently checked, so a buffer vulnerability might be exploited to execute arbitrary code. Vulnerable are Aurigma Image Uploader 4.5.70.0, Facebook ImageUploader4.1.ocx 4.5.57 as well as MySpaceUploader 1.0.0.4 and 1.0.0.5 and the Aurigma ImageUploader. Please refer to the software publishers to get an update.

SwiftView is software used to view or print PCL, HPGL, and TIFF files. The SwiftView ActiveX control and plug-in contain a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. To do so, it is necessary that a user opens a specially crafted HTML file. This issue is addressed in version 8.3.5 of the SwiftView and SwiftSend software.

WordPress is an easy to use web software which is going to be installed on a web server with an underlying data base. The WordPress plugins AdServe and WassUp are prone to SQL-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Updated packages solve these problems.

Chilkat Email 7.8 ActiveX control is prone to a vulnerability that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer). An upgrade to the appropriate version is recommended.

IBM AIX 4.3 is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a Denial-of-Service. An upgrade to the appropriate version is recommended.

A vulnerability was found in xdg-open and xdg-email commands, which allows remote attackers to execute arbitrary commands if the user is tricked into trying to open a maliciously crafted URL. Fixed packages are available now.

Updated kernel packages that fix various known security issues and several bugs in the Red Hat Enterprise Linux 4 kernel are now available.