A vulnerability has been discovered in Avahi before 0.6.24, which allows remote attackers to cause a Denial-of-Service (DoS, crash) via a crafted mDNS packet with a source port of 0. Version 0.6.24 remedies this problem.

A security vulnerability has been identified with HP Select Access running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to allow cross site scripting (XSS). A patch to fix this problem is available now.

A security vulnerability in the Solaris ip(7P) kernel module's IP-in-IP packet processing may allow a local unprivileged user to cause a system panic, resulting in a Denial of Service (DoS).
A heap-based buffer overflow in the Samba client (SMBCLIENT(1)) may allow a remote unprivileged user to execute arbitrary code using a crafted SMB response.
Patches are available now.

Several vulnerabilities have been discovered in the Linux kernel of openSUSE 11.0. An updated Linux Kernel fixes this problem.

It was discovered that Red Hat Certificate System uses insecure default file permissions on certain configuration files and stores plain text passwords in multiple debug log files with insufficient access restrictions. Fixed software is available now.

A flaw was discovered in the way the ntpd daemon checked the return value of the OpenSSL EVP_VerifyFinal function. On systems using NTPv4 authentication, this could lead to an incorrect verification of cryptographic signatures, allowing time-spoofing attacks. Fixed packages are available now.

It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks. Another cross-site scripting vulnerability was discovered in the antispam feature. Fixed packages are available now.

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases over the Web. Two differen Cross-Site Request Forgery (CSRF) attacks were found, leading to SQL injection and unauthorized action, respectively. Please update your systems.

An insufficient validation security vulnerability in the Solaris IPv6 implementation (ip6(7p)) may allow a remote privileged user to panic the system using a crafted packet. This is a type of Denial-of-Service (DoS). A workaround as well as a patch is available now.

A security vulnerability in Sun Java System Access Manager may allow a remote unprivileged user to determine the existence of "guessed" usernames. Updated software remedies this potential problem.

It has been discovered that an integer overflow in the "Probe Request" packet parser of the Ralinktech wireless drivers might lead to remote Denial-of-Service or the execution of arbitrary code. Updated packages are available now.

The Autonomy Ultraseek search engine contains an URL redirection vulnerability. The destination URL can be obsfucated in the redirect by using URL encoding techniques. To exploit this issue, an attacker would need to get a user to click on a link or browse to a website. Updated software seems to be available.

Multiple vulnerabilities have been discovered in php. They can be patched now by installing the latest version.

A security vulnerability in the Solaris "autofs" kernel module may allow a local unprivileged user to cause "autofs" mounts to break, which is a type of Denial-of-Service (DoS). In rare occurrences, this may allow an unprivileged user to execute code as a root user. A patch is available now.

The CA Anti-Virus engine contains multiple vulnerabilities that can allow a remote attacker to evade detection by the Anti-Virus engine by creating a malformed archive file in one of several common file archive formats. CA has released a new Anti-Virus engine to address the vulnerabilities.

Multiple security risks exist in Apache Tomcat as included with CA Cohesion Application Configuration Manager. CA has issued an update to address the vulnerabilities. Please refer to the advisory to get a full list of the CVE identifiers ranging from 2005 to 2008.

The programs above show vulnerabilities which should be fixed now using the latest patches.

A race condition security vulnerability in the Solaris pseudo-terminal driver (pty(7D)) module may allow a local unprivileged user to panic the system causing a Denial-of-Service (DoS). A patch is available now.

A security vulnerability in IKE packet handling in the libike library shipped with Solaris may allow a remote unprivileged user to crash the in.iked(1M) daemon, which is a type of Denial-of-Service (DoS). A patch is available now.

Several remotely exploitable vulnerabilities have been discovered in the TYPO3 web content management framework. Fixed packages are available now.

A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC AutoStart. The specific flaw exists within the Backbone service (ftbackbone.exe) which listens by default on TCP port 8042. The process trusts a DWORD value from incoming packets which it arbitrarily calls. Exploitation of this issue leads to code execution under the context of the SYSTEM user. EMC AutoStart 5.3 SP2 addresses this issue.

A stack-based buffer overflow was discovered in gmetad, the meta-daemon for the ganglia cluster monitoring toolkit, which could be triggered via a request with long path names and might enable arbitrary code execution. Fixed packages are available now.

CUPS before 1.3.8 allows local users, and possibly remote attackers, to cause a Denial-of-Service (DoS) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy. CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow. CUPS shipped with Mandriva Linux also allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file. Fixed packages are available now.

The OpenSSL certificate checking routines EVP_VerifyFinal can return negative values and 0 on failure. In some places negative values are not checked and considered successful verification. Prior to the latest update it has been possible to bypass the certification chain checks of openssl.

A security vulnerability in the sun4v kernel for Sun UltraSPARC T2 and UltraSPARC T2+ systems may allow a local unprivileged user to panic the system, which is a type of Denial of Service (DoS). A patch is available now.

A security vulnerability in Sun Java System Application Server may allow a remote unprivileged user to read Web Application configuration files in WEB-INF and META-INF directories. Patches are available now.

Several vulnerabilities were found in xine-lib. Fixed packages are available now.

Several vulnerabilities have been discovered in the Linux kernel of openSUSE 10.3. An updated Linux Kernel fixes this problem.

Several vulnerabilities were found in Apple QuickTime and in the QuickTime MPEG-2 Playback Component. Fixed software is available now.

Cisco Unified Communications Manager, formerly Cisco CallManager, contains a denial of service (DoS) vulnerability in the Certificate Authority Proxy Function (CAPF) service. Exploitation of this vulnerability could cause an interruption in voice services. Cisco has released free software updates that address this vulnerability.

Cisco Security Manager contains a vulnerability when it is used with Cisco IPS Event Viewer (IEV) that results in open TCP ports on both the Cisco Security Manager server and IEV client. An unauthenticated, remote attacker could leverage this vulnerability to access the MySQL databases or IEV server. Cisco has released free software updates that address this vulnerability.

It was discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation. Fixed packages are available now.

Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability. A workaround is described in the advisory.

A Security Vulnerability in the vncviewer(1) RFB Protocol Validation May Allow Execution of Arbitrary Code and Lead to a Denial of Service (DoS). A patch is available now.

A security vulnerability in the Sun Java System Access Manager may allow unauthorized access to resources by revealing passwords to remote users who have privileges to access the administration console. A security vulnerability in Sun Java System Access Manager may allow a sub-realm administrator to escalate their privileges and access the root realm as an administrator. Patches are available now.

Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to allow execution of arbitrary code. A patch to fix this problem is available now.

Several vulnerabilities have been discovered in the Linux kernel of openSUSE 11.0. An updated Linux Kernel fixes this problem.

A SUSE Security Summary reports about vulnerabilities in the packages wireshark, mysql, imap, rsyslog, courier-authlib, nfs-utils, libxml2, python, jhead, git, samba, vinagre, and opera. Updated packages are available now and should be installed on vulnerable systems.

A flaw was found in Dovecot's ACL plug-in. The ACL plug-in treated negative access rights as positive rights, which could allow an attacker to bypass intended access restrictions. A password disclosure flaw was found with Dovecot's configuration file. If a system had the "ssl_key_password" option defined, any local user could view the SSL key password. Fixed packages are available now.

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 5. Fixed kernel packages are available now.

SquirrelMail is a webmail package written in PHP. The Red Hat SquirrelMail packages provided by the RHSA-2009:0010 advisory introduced a session handling flaw. Users who logged back into SquirrelMail without restarting their web browsers were assigned fixed session identifiers. A remote attacker could make use of that flaw to hijack user sessions. Updated packages solve this vulnerability.

Several vulnerabilities have been found in gitweb, the web interface for the Git version control system. Remote attackers might use specially crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality. Additionally, local users with write access to the configuration of a Git repository served by gitweb could cause gitweb to execute arbitrary shell commands with the permission of the web server. Updated packages are available now.

A vulnerability in Symantec AppStream Client has been found. An attacker can exploit this issue by luring a user to download and execute code via a malicious webpage. This could result in a browser crash or allow unauthorized access to add, modify, overwrite or corrupt existing files on the targeted system. Unauthorized access to the vulnerable LaunchObj ActiveX control could result in possible arbitrary code execution in the context of the client. An updated version is available now.

A security vulnerability in the libxml2 library bundled with Solaris 9 and Solaris 10 may allow a local or remote unprivileged user who provides a specially crafted XML file to cause a Denial-of-Service (DoS) to the application which is using the libxml2 library. A patch is available now.

A security vulnerability in Solaris related to the Apache HTTP server may affect the Apache 1.3 web server bundled with Solaris 8, 9 and 10. The vulnerability, a Denial-of-Service(DoS) in the "RunPerl.pm" component of the mod_perl(3) Apache server module, may allow a remote unprivileged user to cause a Denial-of-Service to the Apache "httpd" process. A patch is available now.

The third-party i18n module enables users to make a translation of an existing item of content (a node). In that process the existing node's content is copied into the new node. The module contains a flaw that allows a user with the 'translate node' permission to potentially bypass normal viewing access restrictions, for example allowing the user to see the content of unpublished nodes even if they don't have permission to view unpublished nodes.
A user triggering the cron processing of the Notify module may end up getting logged in as another user when the Notify operations do not complete succesfully.
Updates solve these potential problems. Please be aware that Drupal core is not affected.

The programs above show vulnerabilities which should be fixed now using the latest patches.

Multiple vulnerabilities have been discovered in Drupal Core. Fixed software is available and should be installed now. Please don't use versions of Drupal below 5.15 or 6.9, respectively.

Security vulnerabilities in the Solaris lpadmin(1M) and the ppdmgr(1M) print utilities may, under specific circumstances, allow local unprivileged users to cause a Denial-of-Service (DoS) to certain system services or to the system as a whole. A patch solves this problem.

A security vulnerability relating to the posix_fallocate(3C) system call may allow a local unprivileged user to panic the system, which is a type of Denial-of-Service (DoS). A patch remedies this problem.

Two separate Cisco IOS Hypertext Transfer Protocol (HTTP) cross-site scripting (XSS) vulnerabilities have been reported to Cisco by two independent researchers. Further information is provided in the advisory. As a workaround, the HTTP server can be disabled, but also fixed versions are available now.

IronPort PXE Encryption is an e-mail encryption solution that is designed to secure e-mail communications without the need for a Public Key Infrastructure (PKI) or special agents on receiving systems. The IronPort PXE Encryption solution is affected by two vulnerabilities that could allow unauthorized individuals to view the contents of secure e-mail messages. Further on, the IronPort Encryption Appliance devices contain two vulnerabilities that could allow unauthorized users to gain access to the IronPort Encryption Appliance administration interface and modify other users' settings. Cisco has released free software updates that address these vulnerabilities.

The Cisco ONS 15300 series Edge Optical Transport Platform, the Cisco ONS 15454 Optical Transport Platform, the Cisco ONS 15454 SDH Multiservice Platform, and the Cisco ONS 15600 Multiservice Switching Platform contains a vulnerability when processing TCP traffic streams that may result in a reload of the device control card. Cisco has released free software updates that address this vulnerability, which is a Denial-of-Service (DoS).

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The consequences might be e.g. integer overflows, publishing sensitive data, but also the possibility to run arbitrary JavaScript code. An updated package solves these problems.

Several vulnerabilities have been discovered in ffmpeg, related to the execution of DTS generation code and incorrect handling of DCA_MAX_FRAME_SIZE value.
A vulnerability in KDM allowed a local user to cause a denial of service via unknown vectors.
Fixed packages are available now.

It was discovered that Red Hat Certificate System uses insecure default file permissions on certain configuration files and stores plain text passwords in multiple debug log files with insufficient access restrictions. Fixed software is available now.

It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This could lead to the execution of arbitrary code.
It was discovered that integer overflows in the code the Amarok media player uses to parse Audible files may lead to the execution of arbitrary code.
Fixed packages are available now.

The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. Cisco has released free software updates that address this vulnerability.

Oracle has published a Critical Patch Update for many different products. The October advisory addresses 41 security related problems. So it's recommended to update vulnerable systems as soon as possible.

No further comment due to legal reasons

Several vulnerabilities were found in the IBM Java releases. Affected are the packages java-1.6.0-ibm and java-1.5.0-ibm. Fixed packages are available now.

A SUSE Security Summary reports about vulnerabilities in the packages wireshark, mysql, imap, rsyslog, courier-authlib, nfs-utils, libxml2, python, jhead, git, samba, vinagre, and opera. Updated packages are available now and should be installed on vulnerable systems.

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 4. Fixed kernel packages are available now.

It has been discovered that NTP, an implementation of the Network Time Protocol, does not properly check the result of an OpenSSL function for verifying cryptographic signatures, which may ultimately lead to the acceptance of unauthenticated time information. Fixed software is available now.

Several vulnerabilities were found in squirrelmail.
A denial of service flaw was discovered in avahi-daemon. A remote attacker on the same local area network (LAN) could send a specially-crafted mDNS (Multicast DNS) packet that would cause avahi-daemon to exit unexpectedly due to a failed assertion check.
Fixed packages are available now.

It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection.
An array index error in zaptel, a set of drivers for telephony hardware, could allow users to crash the system or escalate their privileges by overwriting kernel memory.
It was discovered that Lasso, a library for Liberty Alliance and SAML protocols performs incorrect validation of the return value of OpenSSL's DSA_verify() function.
Fixed packages are available now.

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 2.1. Fixed kernel packages are available now.

The Cisco Application Control Engine Global Site Selector (GSS) contains a vulnerability when processing specific Domain Name System (DNS) requests that may lead to a crash of the DNS service on the GSS. Cisco has released free software updates that address this vulnerability.

A flaw was discovered in the way BIND checked the return value of the OpenSSL DSA_do_verify function. On systems using DNSSEC, a malicious zone could present a malformed DSA certificate and bypass proper certificate validation, allowing spoofing attacks. Fixed software is available now.

Several vulnerabilities were found in xen.
A buffer overflow flaw was discovered in the GNOME virtual file system when handling data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could use this flaw to execute arbitrary code on the victim's machine.
A denial-of-service flaw was discovered in the system for sending messages between applications. A local user could send a message with a malformed signature to the bus causing the bus to abort.
Multiple insufficient input validation flaws were discovered in LittleCMS. An attacker could use these flaws to create a specially-crafted image file which could cause an application using LittleCMS to crash, or, possibly, execute arbitrary code when opened.
A flaw was found in the xterm handling of Device Control Request Status String (DECRQSS) escape sequences. An attacker could create a malicious text file (or log entry, if unfiltered) that could run arbitrary commands if read by a victim inside an xterm window.
Fixed packages are available now.

A flaw was discovered in the way OpenSSL checkes the verification of certificates. An attacker in control of a malicious server, or able to effect a "man in the middle" attack, could present a malformed SSL/TLS signature from a certificate chain to a vulnerable client and bypass validation. Fixed software is available now.

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 2.1. Fixed kernel packages are available now.

An insecure temporary file vulnerability in the Sun Simple Network Management Protocol (SNMP) Management Agent may allow a local unprivileged user to overwrite any system file or gain root privileges. A patch remedies this problem.

The FreeBSD kernel provides support for a variety of different types of communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, link-layer, netgraph(4), and bluetooth sockets. Some function pointers for netgraph and bluetooth sockets are not properly initialized. Due to this, a local user can cause the FreeBSD kernel to execute arbitrary code. An update and a patch solve this problem, respectively.

Xterm is a terminal emulator for the X Window System. It places arbitrary characters into the input buffer when displaying certain crafted escape sequences. Ruby, a scripting language, contains a memory leak which can be triggered remotely under certain circumstances, leading to a Denial-of-Service condition. Both vulnerabilities can be avoided by installing the corresponding updates.