Red Hat Network Proxy Server as well as Red Hat Network Satellite Server version 4.2.3 is available now. The update includes fixes for a number of security issues in Red Hat Network Proxy Server, Satellite Server and in Red Hat Network Satellite Server Solaris client components.

A XSS vulnerability has been found in phpMyAdmin. Cross-Site Scripting can be carried out when the PHP installation itself is insecure, e.g. register_globals is set to "on". It's recommended to upgrade to version 2.11.7.

A security vulnerability in the Sun Solstice Enterprise SNMP-DMI mapper subagent daemon (snmpXdmid(1M)) running on Solaris may allow a local or remote unprivileged user to kill the daemon process by sending malformed packets, leading to a Denial-of-Service (DoS). A patch is available now.

The Sun Java System Access Manager may not securely process XSLT stylesheets which are contained inside XSLT Transforms in XML Signatures. A remote user who is able to create such an XML Signature which is viewed locally with Access Manager may be able to execute arbitrary code with the privileges of the Access Manager application. Fixed software is available now.

Some time ago, two different vulnerabilities in bzip2 have been found. One of them may allow a user access to files when logs are rotated, if those logs are in a world writable directory. Log rotation is normally performed at a predictable time by root. Now fixes are available for Sun Solaris, too.

A bug exists in the ASN1 parser used in Squid's SNMP library of version 3.x, which has been fixed for earlier versions some years ago. The Squid code fails to fully validate certain fields in SNMP queries. A specially-crafted message may contain negative values, which Squid passes to the malloc() function. This may lead to a segmentation violation and cause Squid to restart. It's strongly recommended to upgrade Squid.

Microsoft Internet Explorer 6 is vulnerable to a cross-domain scripting violation, which can allow a remote, unauthenticated attacker to access the content of a web page in a different domain. Fixed software is not available yet.

Multiple security vulnerabilities in the Adobe Reader may allow remote unprivileged users to execute arbitrary code with the permissions of the local user. A patch is not available yet.

It was discovered that DBus, a simple interprocess messaging system, performs insufficient validation of security policies, which might allow local privilege escalation. Fixed packages are available now.

Several vulnerabilities were found in the Apache HTTP server. Fixed packages are available now.

Cisco Unified Communications Manager (CUCM), formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Computer Telephony Integration (CTI) Manager service that may cause an interruption in voice services and an authentication bypass vulnerability in the Real-Time Information Server (RIS) Data Collector that may expose information that is useful for reconnaissance. A software update remedies these problems.

Two buffer overflows were discovered in Imlib's image loaders for PNM and XPM images, which could possibly result in the execution of arbitrary code. Fixed packages are available now.

Adobe Reader and Acrobat contain an unspecified flaw in a JavaScript method, which can allow a remote, unauthenticated attacker to execute code on a vulnerable system. Fixed software is available now.

Updated kernel packages that fix various known security issues and several bugs in the Red Hat Enterprise Linux 5 and 4 kernels are now available.

Several vulnerabilities were found in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Fixed packages are available now.

It was discovered that certain sblim libraries had an RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. This RPATH pointed to a sub-directory of a world-writable, temporary directory. A local user could execute arbitrary code with the privileges of the user running an application that used sblim. Fixed packages are available now.

An off-by-one error was found in nasm 2.02 that allowes context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.
Multiple vulnerabilities were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code.
Fixed packages are available now.

Multiple vulnerabilities in Ruby may lead to a denial of service (DoS) condition or allow execution of arbitrary code. Fixed software is available now.

A flaw was found in exiv2 that would cause exiv2, or applictions linked to libexiv2, to crash on image files with certain metadata in the image. Fixed packages are available now.

Several vulnerabilities in the kernel of openSUSE 10.2 and 10.3 have been found. They should be fixed now by intstalling the appropriate update.

Multiple flaws were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user loaded a carefully crafted font-file with a program linked against FreeType, it could cause the application to crash, or possibly execute arbitrary code. Users of freetype should upgrade to updated packages which are available now.

Multiple security vulnerabilities in the FreeType2 library for Printer Font Binary (PFB) or TrueType Font (TTF) format font files may lead to a denial of service (DoS) or allow execution of arbitrary code. A patch is not available yet.

Several vulnerabilities were found in Apple Safari for Windows. Fixed software is available now.

A flaw in fetchmail was discovered that allowed remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed message with long headers. Fixed packages are available now.

It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to denial of service and potentially the execution of arbitrary code. Fixed packages are available now.

The Novell iPrint Client ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. A patch is available now.

The Deterministic Network driver contains a privilege escalation vulnerability, which can allow a local attacker to execute code with kernel privileges. DNE is packaged with multiple applications, including the Cisco VPN Client. A patch is available now.

A cross-site scripting vulnerability has been identified in code used by the Flex 3 History Management feature. Please note that this also affects applications that have been built using Flex. Fixed software is available now.

Certain Cisco IPS platforms contain a denial of service vulnerability in the handling of jumbo ethernet frames. When a specific series of jumbo Ethernet frames is received on a gigabit network interface of a vulnerable Cisco IPS platform that is deployed in inline mode, a kernel panic may occur that results in the complete failure of the platform and causes a network denial of service condition. Cisco has made free upgrade software available to address these vulnerabilities for affected customers.

Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the information in the advisory.

Several vulnerabilities were found in the Tomcat and Java JRE software, that is part of VMare ESX Server. Patches are available now.

Several vulnerabilities were found in the packages cups, krb5, openssh, and samba of Turbolinux. Fixed packages are available now.

A SUSE Security Summary reports about vulnerabilities in the packages Mozilla Thunderbird, Mozilla xulrunner181, tkimg, cups, qemu, gstreamer010, pna, and libxslt. Updated packages are available now and should be installed on vulnerable systems.

Several vulnerabilities were found in Sun Solaris. Affected are the vent Port Implementation, Kernel, and Fibre Channel Device Drivers. Patches are available now.

A heap overflow flaw in the OpenOffice memory allocator. If a carefully crafted file was opened by a victim, an attacker could use the flaw to crash OpenOffice.org or, possibly, execute arbitrary code. Fixed packages are available now.

Because of a not sufficiently secure default value of the TYPO3 configuration variable fileDenyPattern, authenticated backend users could upload files that allowed to execute arbitrary code as the webserver user.
Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server).
Fixed packages are available now.

A flaw was found in Perl's regular expression engine. A specially crafted regular expression with Unicode characters could trigger a buffer overflow, causing Perl to crash, or possibly execute arbitrary code with the privileges of the user running Perl. Fixed packages are available now.

Multiple vulnerabilities were found in the X.org and XFree86 X servers. Fixed software is available now.

Two buffer overflows were discovered in Imlib's - a powerful image loading and rendering library - image loaders for PNM and XPM images, which may result in the execution of arbitrary code. Fixed packages are available now.

A flaw was found in the way various SNMP implementations check an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Fixed software is available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

A SUSE Security Summary reports vulnerabilities in the packages xine, xemacs, emacs, opensuse-updater, libvorbis, vorbis-tools, pdns-recursor, and openswan. Updated packages are available now and should be installed on vulnerable systems.

A flaw was found in the way Net-SNMP checked an SNMPv3 packet's Keyed-Hash Message Authentication Code (HMAC). An attacker could use this flaw to spoof an authenticated SNMPv3 packet. Fixed packages are available now.

It was discovered that the Host Manager web application performed insufficient input sanitising, which could lead to cross-site scripting. Fixed packages are available now.

Two vulnerabilities have been discovered in the Linux kernel 2.6. Fixed kernel packages are available now.

With Certain Solaris 10 patches installed, svccfg(1M) may remove External Dependencies and leave the system Unbootable. A patch is available now.

A potential security vulnerability has been identified in HP StorageWorks Storage Mirroring (SWSM) Software. This vulnerability could allow remote execution of arbitrary code. HP has made an update available, so this problem can be solved.

Several security vulnerabilities have been identified with ActiveX controls in HP Instant Support HPISDataManager.dll running on Microsoft Windows. The vulnerabilities could be remotely exploited to allow remote execution of arbitrary code. Fixed software is available now.

A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust Secure Content Manager. Fixed software is available now.

Multiple vulnerabilities were found in Sun Java System Active Server Pages. Fixed software is available now.

Local exploitation of a stack-based buffer overflow in Kaspersky Lab's Internet Security could allow an attacker to execute arbitrary code in the context of the kernel. Fixed software is available now.

Multiple vulnerabilities were found in VMware products. Fixed software is available now.

Several vulnerabilities were found in Sun Solaris. Affected are the Flash Player, rpc.ypupdated, Service Tag Registry, and inet_network() library function. Patches are available now.

During pedantic SIP processing the From header value is passed to the ast_uri_decode function to be decoded. In two instances it is possible for the code to cause a crash as the From header value is not checked to be non-NULL before being passed to the function.
The ooh323 channel driver provided in Asterisk Addons used a TCP connection to pass commands internally. The payload of these packets included addresses of memory which were to be freed after the command was processed. By sending arbitrary data to the listening TCP socket, one could cause an almost certain crash since the command handler would attempt to free invalid memory. This problem was made worse by the fact that the listening TCP socket was bound to whatever IP address was specified by the "bindaddr" option in ooh323.conf
Fixed software is available now.

An integer overflow flaw leading to a heap buffer overflow was discovered in the Portable Network Graphics (PNG) decoding routines used by the CUPS image converting filters "imagetops" and "imagetoraster". An attacker could create a malicious PNG file that could possibly execute arbitrary code as the "lp" user if the file was printed. Fixed packages are available now.

Multiple vulnerabilities exist in the Cisco ASA 5500 Series Adaptive Security Appliances and Cisco PIX Security Appliances. Four of them may lead to a denial of service (DoS) condition and the fifth vulnerability may allow an attacker to bypass control-plane access control lists (ACL). Cisco has made free upgrade software available to address these vulnerabilities for affected customers.

A flaw was found in the way Evolution parsed iCalendar timezone attachment data. If the Itip Formatter plug-in was disabled and a user opened a mail with a carefully crafted iCalendar attachment, arbitrary code could be executed as the user running Evolution. Additionaly a heap-based buffer overflow flaw was found in the way Evolution parsed iCalendar attachments with an overly long "DESCRIPTION" property string. If a user responded to a carefully crafted iCalendar attachment in a particular way, arbitrary code could be executed as the user running Evolution. Fixed packages are available now.

In rare cases, small appending writes to a file located on a Sun Cluster filesystem may result in some data that was written to be lost and replaced with random data. A patch is available now.

The ISC has published the DNS server BIND in version 9.5.0. This release also fixes some security related problems, so only this version should be used from now on.