MD5 is a widely used hash algorithm. A new paper points out a weakness in the MD5 algorithm than might result in collision attacks, at least in principle. In 2008, researchers demonstrated the practical vulnerability of Public Key Infrastructures (PKI) to such attacks, including the construction of an SSL certificate that allows an attacker to impersonate a trusted root Certificate Authority (CA). Most operating systems bundle a collection of trusted CA certificates, including some that use the MD5 signing algorithm, providing obvious targets for attackers to spoof. A workaround is not known until now, so it's recommended not to use MD5 any more.

An IP spoofing security vulnerability in mid-range Sun Fire Server's Firmware may allow unauthorized access to system controllers. This might lead to Root compromize as well as inappropriate access as well as Denial-of-Service (DoS). New releases of the firmware and patches solve this problem.

A security vulnerability in the management of Solaris Kerberos (see kerberos(5)) credential renewal may allow a local unprivileged user to prevent other users from authenticating to the Kerberos server. This is a type of Denial-of-Service (DoS). Patches are available now.

A security vulnerability in the X Inter Client Exchange library (libICE) may allow a local or remote unprivileged user to crash an application that dynamically links to libICE. The ability to crash an application is a type of Denial-of-Service (DoS). For some systems a patch is available.

An insecure temporary file vulnerability in the Sun Simple Network Management Protocol (SNMP) Management Agent may allow a local unprivileged user to overwrite any system file or gain root privileges. The Sun SNMP Management Agent ("SUNWmasf") 1.5.5 or later solves this potential problem.

Php-xajax is a library to develop Ajax applications. URLs are not sufficiently sanitised, so it allows attackers to perform cross-site scripting attacks by using malicious URLs. Phppgadmin is a tool to administrate PostgreSQL database over the web. Several remote exploitable vulnerabilities have been found. They allow attackers to inject arbitrary web script or HTML as well as to exploit a directory traversal vulnerability. Updated packages are available now.

The Trend Micro HouseCall ActiveX control contains two vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. An updated version of this control remedies this problem.

Some versions of Microsoft SQL Server contain a vulnerability in the "sp_replwriterovarbin" stored procedure. The vulnerability could allow an attacker to modify heap memory and potentially execute arbitrary code. Exploit code is publicly available for this vulnerability. A patch isn't available yet, but a workaround is described in the advisory.

Ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) server that is shipped with the FreeBSD base system. The ftpd(8) server splits long commands into several requests. This may result in the server executing a command which is hidden inside another very long command, leading to a Cross-Site request forgery (XSRF) attack.
The FreeBSD kernel provides support for a variety of different types of communications sockets. Some function pointers for netgraph and bluetooth sockets are not properly initialized. Due to this a local user can cause the FreeBSD kernel to execute arbitrary code, including a root exploit.
Updated packages are available for download now.

Two Denial-of-Service (DoS) vulnerabilities have been found in avahi, a multicast DNS implementation. DoS can be triggered by UDP packets with source port 0 or via an empty TXT record over D-Bus. Several remote vulnerabilities have been discovered in Moodle, an online course management system. The issues are ranging from cross site scripting to remote code execution. Updated packages are available now.

A change in boot architecture introduced when installing Solaris 10 kernel patches 137137-09 (SPARC) and 137138-09 (x86) may cause systems to run out of space in the root filesystem and become unbootable. Please refer to the advisory for more information.

A security vulnerability in the Solaris name service cache daemon (nscd(1M)) may allow local unprivileged users to gain access to unauthorized information and gain elevated privileges. A patch remedies this problem.

Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA. Patches are available to fix all vulnerabilities mentioned in MS08-070 up to MS08-078.

Two SQL injection vulnerabilities have been found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used. A similar issue affects the PostgreSQL database interface.
Further on, the FTP server ProFTPD is vulnerable to Cross-Site request forgery (XSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
Updated packages are solving these problems.

A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter. A patch is available now, fixing this vulnerability. It can also be fixed by a new version.

A security vulnerability in the Solaris 10 IP tunnel parameter processing may allow a local unprivileged user the ability to panic the system or execute arbitrary commands with all (super-user) privileges. The ability to panic a system is a type of Denial-of-Service (DoS). A patch remedies this problem.

Several vulnerabilities were found in the BEA WebLogic JRockit JRE and SDK. Affected are the packages java-1.6.0-bea, java-1.5.0-bea, and java-1.4.2-bea. Fixed packages are available now.

A critical vulnerability has been identified in Adobe Flash Player for Linux that could allow an attacker who successfully exploits this potentialr vulnerability to take control of the affected system. A specially formed SWF must be loaded in Flash Player for Linux by the user for an attacker to exploit this potential vulnerability. Fixed software is available now.

Multiple vulnerabilities have been discovered in several Drupal third-party modules. Fixed software is available and should be installed now.

A SUSE Security Summary reports about vulnerabilities in the packages clamav, IBM Java, freeradius, and squirrelmail. Updated packages are available now and should be installed on vulnerable systems.

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 3. Fixed kernel packages are available now.

Multiple vulnerabilities were found in the Mozilla Firefox browser. Also affected are Thunderbird and Seamonkey. Fixed software is available now.

Apple has published the security update 2008-008 for Mac OS X. It fixes multiple vulnerabilities in ATS, BOM, CoreGraphics, CoreServices, CoreTypes, Flash Player, Kernel, Libsystem, Managed Client, network_cmds, Podcast Producer, and UDF. It's recommended to install this update.

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 5. Fixed kernel packages are available now.

Several vulnerabilities were found in Pidgin, a multi-protocol Internet Messaging client.
Several vulnerabilities were found in CUPS, the Common UNIX® Printing System.
Updated packages are available now.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a Denial-of-Service or privilege escalation. The Linux Kernel 2.6.24 fixes these problems.

Several buffer overflows have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF. Fixed packages are available now.

A buffer overflow has been discovered in the HTTP parser of the No-IP.com Dynamic DNS update client, which may result in the execution of arbitrary code. Fixed packages are available now.

Uw-imap is an IMAP implementation. Now, two vulnerabilities have been found. It has been discovered that several buffer overflows can be triggered via a long folder extension argument to the tmail or dmail program. This could lead to arbitrary code execution. Additionally, it has been discovered that a NULL pointer dereference could be triggered by a malicious response to the QUIT command leading to a Denial-of-Service (DoS). Upgrading to the latest version solves these problems.

A serious vulnerability has been identified in Microsoft Internet Explorer 6, 7, and 8, which is currently being exploited in the wild. Workarounds are descriped in the advisory. A patch is available now.

A security vulnerability in the Sun Java Web Console components of the Sun Java System Portal Server may allow a remote unprivileged user to gain unauthorized access to certain local files within the Portal Server installation. As a result, any user may be allowed to view the configuration information of the Portal Server. Patches are available now.

An insecure temporary file creation security vulnerability in Sun xVM VirtualBox may allow a local unprivileged user to create or overwrite arbitrary files, with the access privileges of the user running the VirtualBox. Patches are available now.

A security vulnerability has been identified with HP-UX running DCE. The vulnerability could be exploited remotely to create a Denial of Service (DoS). Patches are available now.

Multiple vulnerabilities and weaknesses were discovered in Drupal. Fixed software is available and should be installed now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. Fixed packages are available now.

A SUSE Security Summary reports about vulnerabilities in the packages squirrelmail, gnutls, rubygem-activerecord, rubygem-actionpack, samba, dbus-1, pdns, php5, and pam_krb5. Updated packages are available now and should be installed on vulnerable systems.

Multiple buffer overflows involving HTTP header and playlist parsing have been discovered in streamripper. Fixed packages are available now.

It was discovered that SquirrelMail, a webmail application, did not sufficiently sanitise incoming HTML email, allowing an attacker to perform cross site scripting through sending a malicious HTML email. Fixed packages are available now.

ClamAV is an anti-virus solution. ClamAV contains a Denial-of-Service condition in its JPEG file processing because it doesn't limit the recursion depth when processing JPEG thumbnails. Updated packages are available now.

Several further vulnerabilities have been discovered in the Linux kernel of SuSE Linux 9, that may lead to a Denial-of-Service. An updated Linux Kernel fixes this problem.

In versions of TWiki 4.2.3 and older, a shell metacharacter vulnerability was discovered in the way that the SEARCH TWikiVariable handles the "date" keyword. User input is passed to the perl "eval" command without first being properly sanitized. Arbitrary code execution is tedious due to some input filtering that takes place. So it's recommended to install the latest version 4.2.4 or to apply the corresponding hotfix.

The Linksys WVC54GC wireless video camera insecurely sends initial configuration information over the network, which can allow a remote, unauthenticated attacker to intercept video streams, access wireless network authentication credentials, modify the device firmware, or cause a Denial-of-Service (DoS) to the video camera. Further on, the Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control contains a stack buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Firmware 1.25 has been published, solving these problems.

A buffer overflow has been found in the libsamplerate library versions prior to 0.1.4 that could possibly lead to the execution of arbitrary code via a specially crafted audio file. An update is available now.

Some vulnerabilities have been discovered in the Linux kernel that may lead to a Denial-of-Service. A patch updates the SUSE Linux Enterprise 10 SP1 kernel.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a Denial-of-Service or privilege escalation. The Linux Kernel 2.6.24 fixes these problems.

The Java Runtime Environment (JRE) contains the software and tools that users need to run applets and applications written using the Java programming language. A vulnerability was found in in Java Web Start. If a user visits a malicious website, an attacker could misuse this flaw to execute arbitrary code. Additionally, new packages fix several other critical vulnerabilities.

The Red Hat Application Stack is an integrated open source application stack, that includes Red Hat Enterprise Linux 5 and JBoss Enterprise Application Platform (EAP) 4.2. Three vulnerabilities have been found in the Application Stack, leading to remote control of the web server, Cross-Site Scripting atttack as well as Cross-Site Request Forgery. Red Hat Application Stack v2.2 is available now, closing the vulnerabilities.

An important update for Sun JRE and JDK remedies more than 20 different security related vulnerabilites. These can lead to local exploits as well as Denial-of-Service (DoS) or information leakage. Remote execution of arbitrary code is possible too, so the update should be installed soon.

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It has been reported that an earlier update didn't fix a Denial-of-Service vulnerability in the WEBrick. Here, a remote attacker can send a specially crafted HTTP request to cause the server to use excessive CPU time. Updated packages are available now.

ClamAV is an anti-virus solution. It suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution. ClamAV contains also a Denial-of-Service condition in its JPEG file processing because it doesn't limit the recursion depth when processing JPEG thumbnails. Updated packages are available now.

Several vulnerabilities were found in the vim editor, including input sanitization flaws and format string flaw. Further on, vulnerabilities affect the handling of TAR archives, ZIP archives and plugins for vim. Vulnerabilities can be fixed by installing updated packages now.

The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. Several vulnerabilities have been found in CUPS, but they can be fixed by installing updated packages.

Storm (SpeedTech Organization and Resource Manager) is a project management application for Drupal. It allows users with access to the storm projects to enter input values which are then used directly in SQL queries without being sanitized, enabling SQL injection attacks. Fixed software is available and should be installed now.

A security vulnerability has been identified with HP-UX. The vulnerability might be exploited by local users to create a Denial-of-Service (DoS). A patch is available now.

Updated VMware Hosted products and patches for ESX and ESXi resolve two security issues. The first is a critical memory corruption vulnerability in virtual device hardware. The second is an updated bzip2 package for the Service Console. Updates are relevant for many programs like e.g. VMware Workstation, VMware Player, VMware server as well as VMware ESXi and ESX.

A vulnerability in the File::Path::rmtree function of Perl has been found. It's possible to exploit a race condition to create setuid binaries in a directory tree or remove arbitrary files when a process is deleting this tree. This vulnerability has been patched before, but was re-introduced later. Further on, a cross-site scripting vulnerability in awstats, a log file analyzer, has been found. Updated packages are available now.

Flamethrower uses predictable and therefore insecure names for temporary files, so a Denial-of-Service (DoS) is possible via symlinks. An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker might trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. Updated packages are available now.

DATAC RealWin is SCADA server software that includes a Human Machine Interface (HMI) componant and runs on Microsoft Windows 2000 or XP. RealWin contains a stack overflow in the way malicious "FC_INFOTAG/SET_CONTROL" packets are processed. A patch isn't available yet, please contact DATAC for more information.

PhpMyAdmin is a web-based administration interface for MySQL. It insufficiently sanitises input allowing a remote attacker to gather sensitive data through cross site scripting, provided that the user uses the Internet Explorer web browser. An update is available now.

A buffer overflow exists in the DWUpdateService ActiveX control service bundled with the BlackBerry Desktop Software, which could potentially be exploited to execute arbitrary commands with the privileges of the user when a client visits a malicious web page that invokes this control. A workaround in described in the advisory, an update is available now.