A vulnerability was found in Drupal. Fixed software is available now.

Several vulnerabilities were found in phpMyAdmin. Fixed software is available now.

A vulnerability was found in how ffmpeg handled STR file demuxing. If a user were tricked into processing a malicious STR file, a remote attacker could execute arbitrary code with user privileges via applications linked against ffmpeg Fixed packages are available now.

Several vulnerabilities have been found in the kernel of SUSE Linux Enterprise 10 have been found. Fixed kernel packages are available now.

Oracle Weblogic Server and Weblogic Express applicaiton servers can be integrated with the Apache webserver using the Weblogic Apache connector plugin (mod_wl). A buffer overflow exists in Weblogic Server and Weblogic Express due to the way that the Apache connector plugin handles specially crafted POST requests. A remote, unauthenticated attacker may be able to execute arbitrary code. Fixed software is available now.

Serveral vulnerabilities were found in the VMware ESX Service Console. Fixed packages are available now.

A vulnerability has been identified with HP OpenView Internet Services running Probe Builder. The vulnerability could be exploited remotely to create a Denial of Service (DoS). A successful exploit could cause the system running HP OpenView Internet Services to crash. Patches are available now.

NetApp Data ONTAP contains multiple vulnerabilities. The most severe of these vulnerabilities may allow an attacker to execute commands, view sensitive data, or cause a system to crash. Fixed maintenance releases are available now.

A flaw was discovered in how libpng handles zero-length unknown chunks in PNG files, which could lead to memory corruption in applications that make use of certain functions. Fixed packages are available now.

Several vulnerabilities were found in the RealNetworks RealPlayer. RealNetworks has published a new version of the RealPlayer.

Regarding the vulnerabilities in DNS, Debian also has updated their packet refpolicy. Several vulnerabilities have been discovered and fixed in the interpreter for the Ruby language, which may lead to Denial-of-Service or the execution of arbitrary code. Further on, several vulnerabilities have been fixed in the interpreter for the Python language.

Several vulnerabilities in the kernel of openSUSE 11.0 have been found. They should be fixed now by intstalling the appropriate update.

Several vulnerabilities were found in the linux kernel of Red Hat Enterprise Linux 4.
A race condition was discovered in nss_ldap, which affected certain applications that make LDAP connections, such as Dovecot. This could cause nss_ldap to answer a request for information about one user with the information about a different user.
Several vulnerabilities were found in the 'mysql' packages.
The coreutils packages were found to not use the pam_succeed_if Pluggable Authentication Module (PAM) correctly in the configuration file for the "su" command. Any local user could use this command to change to a locked or expired user account if the target account's password was known to the user running "su".
Fixed packages are available now.

A vulnerability was discoveredin the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. Fixed packages are available now.

An integer underflow vulnerability was discovered in the rdesktop. If an attacker could convince a victim to connect to a malicious RDP server, the attacker could cause the victim's rdesktop to crash or, possibly, execute an arbitrary code.
The version of vsftpd as shipped in Red Hat Enterprise Linux 3 and 4 when used in combination with Pluggable Authentication Modules (PAM) had a memory leak on an invalid authentication attempt.
Fixed packages are available now.

Updated kernel packages that fix various known security issues and several bugs in the Red Hat Enterprise Linux 4 kernels are now available.

Several vulnerabilities were found in the Adobe Acrobat Reader. Fixed packages are available now.

It was discovered that new revocations, performed while a Certificate Revocation List (CRL) was being generated, could potentially cause revoked certificates at the upper end of the serial number range to not appear on the CRL for a period of time. Fixed software is available now.

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code.
Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation.
Fixed packages are available now.

A security vulnerability exists in the PDF distiller of some released versions of the BlackBerry Attachment Service. This vulnerability could enable a malicious individual to send an email message containing a specially crafted PDF file, which when opened for viewing on a BlackBerry smartphone, could cause memory corruption and possibly lead to arbitrary code execution on the computer that the BlackBerry Attachment Service runs on. Patches are available now.

A security vulnerability in the System Management Agent (SMA) SNMP daemon (snmpd(1M)) that ships with Solaris may allow a local or remote unprivileged user to execute arbitrary code with the privileges of the SNMP daemon, or crash the SNMP daemon, which is a type of Denial of Service (DoS). A patch is available now.

A SUSE Security Summary reports about vulnerabilities in the packages moodle, clamav, zypper, mercurial, and poppler. Updated packages are available now and should be installed on vulnerable systems.

Several security vulnerabilities have been identified with HP Select Identity Active Directory Bidirectional LDAP Connector . The vulnerabilities could be exploited to allow remote unauthorized access. Patches are available now.

Multiple vulnerabilities have been discovered in X.Org. A source code patch is available now.

It was discovered that afuse, an automounting file system in user-space, does not properly escape meta characters in paths. This allows a local attacker with read access to the filesystem to execute commands as the owner of the filesystem. Fixed packages are available now.

Multiple vulnerabilities were found in the Mozilla Firefox browser. Also affected are Thunderbird and Seamonkey. Fixed software is available now.

A critical patch update for Oracle products is available now. This update includes no less than 45 patches for products from Oracle. 13 of them affect the Oracle Database Server, including version 11g. Please refer to the advisory for more information and how to get this patch update.

Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the information in the advisory.

Several vulnerabilities were found in php. Fixed packages are available now.

Several local/remote vulnerabilities have been discovered in lighttpd, a fast webserver with minimal memory footprint.
It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code.
Fixed packages are available now.

Several vulnerabilities were found in the Java Runtime Environment (JRE). Fixed packages are available now.

Multiple integer overflows leading to a heap overflow were discovered in the array- and string-handling code used by Ruby. An attacker could use these flaws to crash a Ruby application or, possibly, execute arbitrary code with the privileges of the Ruby application using untrusted inputs in array or string operations. Fixed packages are available now.

An input validation flaw was found in the Bluetooth Session Description Protocol (SDP) packet parser used by the Bluez Bluetooth utilities. A Bluetooth device with an already-established trust relationship, or a local user registering a service record via a UNIX socket or D-Bus interface, could cause a crash, or possibly execute arbitrary code with privileges of the hcid daemon. Fixed software is available now.

It was discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, nor would it (under proper conditions) prevent two databases from using the same paths for data or index files. This permits an authenticated user with authorization to create tables in one database to read, write or delete data from tables subsequently created in other databases, regardless of other GRANT authorizations. Fixed packages are available now.

Microsoft Snapshot Viewer is a viewer for snapshots created with Microsoft Access. It's available as an ActiveX control, which is provided by snapview.ocx, or as a stand-alone application. A race condition might allow a remote, unauthenticated attacker to download arbitrary files to arbitrary locations on a vulnerable system. It's recommended to set the corresponding kill bit for the ActiveX Control.

Multiple vulnerabilities have been found in the Ruby interpreter and in Webrick, the webserver bundled with Ruby. They e.g. allow directory traversal as well as the execution of arbitrary code due to integer overflows.
An integer overflow in Pidgin's MSN protocol handler might allow the execution of arbitrary code if a user received a malicious MSN message.
A Denial-of-Service vulnerability has been discovered in the way the OpenLDAP slapd daemon processes certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon.
These vulnerabilities can be patched by installing updated packages.

Remote exploitation of a heap buffer overflow vulnerability in Novell Inc.'s eDirectory could allow an attacker to execute arbitrary code with the privileges of the affected service. Fixed software is available now.

A specially crafted URL could be used to create a cross-site scripting attack on RoboHelp Server 6 and RoboHelp Server 7 installations. Patches are available now.

A vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to gain unauthorized access to data. Patches are available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

It was discovered that poppler, a PDF rendering library, did not properly handle embedded fonts in PDF files, allowing attackers to execute arbitrary code via a crafted font object. Fixed packages are available now.

A denial of service flaw was found in the way the OpenLDAP slapd daemon processed certain network messages. An unauthenticated remote attacker could send a specially crafted request that would crash the slapd daemon.
An integer overflow flaw was found in Pidgin's MSN protocol handler. If a user received a malicious MSN message, it was possible to execute arbitrary code with the permissions of the user running Pidgin.
Fixed packages are available now.

Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. Effective attack techniques against these vulnerabilities have been demonstrated. Fixed software is available now.

Several vulnerabilities in the kernel of SUSE Linux Enterprise 10 SP1 have been found. They should be fixed now by intstalling the appropriate update.

A SUSE Security Summary reports about vulnerabilities in the packages sudo, courier-authlib, gnome-screensaver, clamav, php5, ImageMagick, mtr, bind, pcre, tomcat, squid, and freetype2. Updated packages are available now and should be installed on vulnerable systems.

Several remote vulnerabilities have been discovered in Wordpress, the weblog manager.
It was discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution.
Fixed packages are available now.

A number of vulnerabilities have been found in PHP. Fixed packages are available now.

Several vulnerabilities were found in the Linux kernel of SUSE SLES 9, Novell Linux Desktop 9, and Novell Linux POS 9. Fixed packages are available now.

A flaw was found in the way Red Hat Certificate System handled Extensions in the certificate signing requests (CSR). All requested Extensions were added to the issued certificate even if constraints were defined in the Certificate Authority (CA) profile. Fixed software is available now.

Several vulnerabilities were found in the Red Hat Application Stack which includes JBoss Enterprise Application Platform (EAP). Fixed packages are available now.

Multiple vulnerabilities were found in the Mozilla Firefox browser. Also affected are Thunderbird and Seamonkey. Fixed software is available now.

A security vulnerability has been identified with HP System Management Homepage (SMH) for Linux and Windows. This vulnerability could by exploited remotely to allow cross site scripting (XSS). Patches are available now.

Several vulnerabilities were found in the Tomcat JSP/Servlet container. A patch is available now.

It was discovered that sympa, a modern mailing list manager, would crash when processing certain types of malformed messages. Fixed packages are available now.

Apple has published the security update for Mac OS X. It fixes multiple vulnerabilities in Alias Manager, CoreTypes, c++filt, Dock, Launch Services, Net-SNMP, Ruby, SMB File Server, System Configuration, Tomcat, VPN, and WebKit. It's recommended to install this update.

When using Safari, visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution due to a memory corruption issue in WebKit's handling of JavaScript arrays. Safari 3.1.2 is now available for Mac OS X v10.4.11 and addresses this issue.

A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely execute arbitrary code or to create a Denial-of-Service (DoS). HP has made archive files and patches available to resolve the vulnerability.