Several vulnerabilities were found in the IBM 1.5.0 Java release. Fixed packages are available now.

Two vulnerabilities have been found in the kernel of RHEL. The macro SOCKOPS_WRAP doesn't initialize the sendpage operation in the proto_ops structure correctly. Local unprivileged users might use this flaw to cause a local Denial-of-Service (DoS) or escalate their privileges. The same effect can be reached due to a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. Updated kernel packages are available now.

A security vulnerability in the Solaris print service (see in.lpd(1M)) may allow a local or remote unprivileged user to cause the system to slow down and become unresponsive. This is a type of Denial-of-Service (DoS). A patch is available now.

The Ajax Table module lacks access checks, which makes it possible for any user to delete arbitrary users and nodes. Further on, a Cross-Site-Scripting (XSS) Attack is possible here. The Go - url redirects (gotwo) module offers also XSS, but also arbirtrary PHP code execution. Updated software is available now and should be installed immediately when these modules are used. Please be aware that Drupal core is not affected.

The Cisco Unified Communications Manager contains multiple Denial-of-Service (DoS) vulnerabilities that if exploited could cause an interruption to voice services. The Session Initiation Protocol (SIP) and Skinny Client Control Protocol (SCCP) services are affected by these vulnerabilities. Cisco has released free software updates.

The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. An update is available now.

Incorrect handling of invalid URLs could be used for spoofing the location bar and the SSL certificate status of a web page. For the stable distribution (lenny) this problem has been fixed now. Several vulnerabilities have been discovered in the Network Security Service libraries (nss). They might lead to the execution of arbitrary code or man-in-the-middle attacks. Also for these problems a patch is available now.

Multiple security vulnerabilities in Adobe Reader and Acrobat versions prior to 9.1.2, 8.1.6, and 7.1.3 may allow a remote unprivileged user to execute arbitrary code with the privileges of the user running Adobe Reader or crash the Adobe Reader application, thereby causing a Denial-of-Service (DoS) condition. Please update to the latest version.

A security vulnerability involving xscreensaver(1) and Assistive Technology Support may allow a local user with physical access to a system to be able to unlock an X display which has been locked using xscreensaver(1) and thus gain unauthorized access to the system. Patches are available now.

Autonomy KeyView SDK is a commercial SDK that provides many file format parsing libraries. It supports a large number of different document formats, one of which is the Microsoft Excel 97 (XLS) format. It's used by several popular vendors for processing documents. Remote exploitation of an integer overflow vulnerability in Autonomy's KeyView SDK allows attackers to execute arbitrary code with the privileges of the targeted application. The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. All versions of the KeyView SDK that include the "xlssr.dll" filter module are suspected to be vulnerable. They are used in e.g. IBM Lotus Notes or Symantec Mail Security for MS Exchange. One option is to disable this library. A second option is to install an update, as far as it's available.

Neon before 0.28.6, when expat is used, doesn't properly detect recursion during entity expansion, which allows context-dependent attackers to cause a Denial-of-Service via a crafted XML document containing a large number of nested entity references. Further on, when using OpenSSL, a NUL character in the domain name isn't handled correctly so a man-in-the-middle attack is possible. A patch is available now.

A security vulnerability in Solaris pollwakeup(9F) may allow a local unprivileged user to panic the system and thereby cause a Denial-of-Service (DoS). Patches are available now.

Several vulnerabilities have been discovered in the Linux kernel 2.6 that may lead to Denial-of-Service, privilege escalation or a leak of sensitive memory. Updated kernel packages are available now.

Two vulnerabilities have been found in the kernel of RHEL. The macro SOCKOPS_WRAP doesn't initialize the sendpage operation in the proto_ops structure correctly. Local unprivileged users might use this flaw to cause a local Denial-of-Service (DoS) or escalate their privileges. The same effect can be reached due to a flaw in the udp_sendmsg() implementation in the Linux kernel when using the MSG_MORE flag on UDP sockets. Updated kernel packages are available now.

Several vulnerabilities have been discovered in wordpress, weblog manager. They might allow many kinds of attacks which also are remotely exploitable. Updated packages are available now.

Several vulnerabilities have been found in the products of VMware. Exploiting them remote and unauthenticated, might lead to the execution of arbitrary code, Cross-Site Scripting (XSS) or a Denial-of-Service (DoS). Please check your installation for updates addressing these vulnerabilities.

A vulnerability has been found in xmltok_impl.c (expat) that with specially crafted XML could be exploited and lead to a Denial-of-Service (DoS) attack. A patch is available now.

Several vulnerabilities were found in the kernel of SuSE Linux. Exploiting these vulnerabilities might have security impact, e.g. local users getting privileged access to the system. Fixed kernel packages are available now.

Libgadu before 1.8.2 allows remote servers to cause a Denial-of-Service via a contact description with a large length, which triggers a buffer over-read. A vulnerability in GnuTLS before 2.8.2 might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Updated packages are available now.

A security vulnerability in the Solaris sendfile(3EXT) and sendfilev(3EXT) extended library functions may allow a local unprivileged user to panic the system, causing a Denial-of-Service (DoS). Patches are available now.

A security vulnerability in the Solaris kernel related to the interaction of the filesystem and virtual memory subsystems may allow a local unprivileged user to cause the system to slow down and eventually cease operating, thereby resulting in a Denial-of-Service (DoS). Patches are available now.

An important vulnerability has been identified within template files contained in the Flex 3.3 SDK and earlier versions. This vulnerability could allow an attacker to execute a reflected cross-site scripting (XSS) attack on web sites using the affected code. Adobe recommends all users of Flex 3.3 SDK and earlier versions update to the newest version, Flex 3.4 SDK.

Several security issues have been discovered in kdegraphics, the graphics apps from the official KDE release. They might lead to the execution of arbitrary code. Updated packages are available now.

A vulnerability exists in the Cisco Firewall Services Module (FWSM) for the Catalyst 6500 Series Switches and Cisco 7600 Series Routers. The vulnerability may cause the FWSM to stop forwarding traffic and may be triggered while processing multiple, specially crafted ICMP messages. Cisco has released free software updates that address this vulnerability.

A security vulnerability in Sun Virtual Desktop Infrastructure (VDI) Software 3.0 may allow a remote privileged user to be able to view client LDAP requests for VDI configuration data. A patch is available now.

A vulnerability exists in the CA Host-Based Intrusion Prevention System, named in the kmxIds.sys driver which doesn't handle malformed packets not correctly. It might allow a remote attacker to cause a Denial-of-Service (DoS). A DoS can also be initiated by local users due to a vulnerability in the CA Internet Security Suite. This is reasoned by an insufficient verification of IOCTL calls by the vetmonnt.sys driver. CA has issued patches to address these vulnerabilities.

SuSE has found a vulnerability in wget which can be corrected now by installing the latest patch.

An insufficient input validation flaw was found in the way libvorbis processes the codec file headers (static mode headers and encoding books) of the Ogg Vorbis audio file format (Ogg). A remote attacker might provide a specially-crafted Ogg file that would cause a Denial-of-Service (DoS) or the execution of arbitrary code. Updated packages are available now.

Pidgin (formerly named Gaim) is one among many multi-platform instant messaging clients, based on a library named libpurple. A remote arbitrary-code-execution vulnerability has been found in Libpurple, which can be triggered by a remote attacker by sending a specially crafted MSNSLP packet with invalid data to the client through the MSN server. Updated packages address this issue.

A potential vulnerability has been identified with HP Network Node Manager (NNM) Remote Console running on Windows. The vulnerability could be exploited by a local user to execute arbitrary code or to create a Denial-of-Service (DoS). Due to the file permissions required, only trusted users should be given access to the system running HP Network Node Manager (NNM) Remote Console 7.5x.

The Acer AcerCtrls.APlunch ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary commands on a vulnerable system. Updated software isn't available yet, so if possible disable this ActiveX control.

Cisco IOS XR will reset a Border Gateway Protocol (BGP) peering session when receiving a specific invalid BGP update. The vulnerability manifests when a BGP peer announces a prefix with a specific invalid attribute. On receipt of this prefix, the Cisco IOS XR device will restart the peering session by sending a notification. The peering session will flap until the sender stops sending the invalid/corrupt update. Cisco is preparing to release free software maintenance upgrade (SMU) that address this vulnerability. A workaround is described in the advisory.

Critical vulnerabilities have been identified in ColdFusion v8.0.1 and earlier versions, and JRun 4.0. These vulnerabilities could lead to the potential compromise of user accounts or the affected system. Further on, Cross-Site Scripting (XSS) may be possible as remote code execution is. Adobe recommends affected ColdFusion and JRun customers update their installations.

Several vulnerabilities were found in the kernel of Red Hat Enterprise Linux 4. Avaya appliances are based on it, so they show the same vulnerablities as reported for RH EL in June 2009. Fixed kernel packages are available now.

An Integer Overflow in a function might allow attackers to create a Denial-of-Service (DoS) or even the execution of arbitrary code via a specially crafted JPEG file. Fixed packages are available now.

Zope is a web application written in Python. Some vulnerabilities might lead to arbitrary code execution in the worst case. Updated packages are available now.

An issue has been found with how the sendpage function is initialized in the proto_ops structure. Local users can exploit this vulnerability to gain elevated privileges due to this vulnerability in Kernel 2.6. Updated kernel packages are available now.

Potential security vulnerabilities have been identified with Insight Control Suite For Linux (ICE-LX). The vulnerabilities could be remotely exploited to allow Cross Site Request Forgery (CSRF) , Remote Execution of Arbitrary Code, Denial-of-Service (DoS) and other vulnerabilities. An updated product kit is available now.

A SUSE Security Summary reports about vulnerabilities in the packages memcached, libtiff/libtiff3, nagios, libsndfile, gaim/finch, open-, strong, freeswan, libapr-util1, websphere-as_ce, and libxml2. Updated packages are available now and should be installed on vulnerable systems.

cURL is a tool for getting files from FTP, HTTP, Gopher, Telnet, and Dict servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL is affected by the previously published "null prefix attack", caused by incorrect handling of NULL characters in X.509 certificates. Due to this, a man-in-the-middle attack is possible. New packages are available now, fixing this potential problem.

Updated kernelt packages that fix some security issues and various bugs are now available for Red Hat Enterprise Linux 4. These vulnerablities allow Denial-of-Service (DoS), privilege escalation as well as execution of arbitrary code. Due to these facts, this update should be installed as soon as possible.

Fetchmail is a remote mail retrieval and forwarding utility. It's vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. It allows an attacker to perform undetected man-in-the-middle attacks. Fixed packages are available now.

A potential security vulnerability has been identified with Mac OS X running the BIND server. The vulnerability could be remotely exploited to create a Denial-of-Service (DoS). An updated version is available now.

Netscape Portable Runtime (NSPR) provides platform independence for non-GUI operating system facilities. Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. In these packages some vulnerabilities have been found. Based on a heap overflow in a regular expression parser used by browsers it's possible to execute arbitrary code on the system. Problems with NULL charackters in a certificate might allow man-in-the-middle attacks. New versions are available now, also having disabled MD2 and MD4 by default.

A potential security vulnerability has been identified in Samba running on the Internet Express for Tru64 UNIX. The vulnerability could be exploited remotely to disclose information on the Samba server. A first Early Release Patch is available now.

Two vulnerabilities have been found in ruby 1.8 and ruby 1.9. The return value from the OCSP_basic_verify function was not checked properly, allowing continued use of a revoked certificate. Additionally, an issue in parsing BigDecimal numbers can result in a Denial-of-Service (DoS) condition. Updated packages are available now.

Safari 4.0.3 is now available and addresses quite many security related vulnerabilities. An update is recommended.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

Security vulnerabilities in Sun Java System Access Manager Policy Agent 2.2 (Web Agents) may allow a local or remote user to cause a Denial-of-Service (DoS) to the Policy Agent in the form of a program crash or an infinite loop, or possibly to execute arbitrary code by sending crafted XML documents. New versions of the agent solve this problem.

A potential security vulnerability have been identified with HP-UX programs using the ttrace(2) system call. The vulnerability could be exploited locally to create a Denial-of-Service (DoS). A patch remedies this problem.

The Apache HTTP Server is a popular Web server. The httpd package shipped with Red Hat Enterprise Linux 3 contains embedded copies of the Apache Portable Runtime (APR) libraries. Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in the way the Apache Portable Runtime (APR) manages memory pool and relocatable memory allocations. An attacker could use these flaws to issue a specially-crafted request for memory allocation, which would lead to a Denial-of-Service (DoS) or, potentially, execute arbitrary code with the privileges of an application using the APR libraries. Further on, a DoS flaw was found in the Apache mod_deflate module. This module continued to compress large files until compression was complete, even if the network connection that requested the content was closed before compression completed.
Updated packages are available now.

Subversion (SVN) is a concurrent version control system. Multiple heap overflow flaws in Subversion (server and client) have been found when parsing binary deltas. A malicious user with commit access to a server could use these flaws to cause a heap overflow on that server. A malicious server could use these flaws to cause a heap overflow on a client when it attempts to checkout or update. These heap overflows can result in a crash or, possibly, arbitrary code execution.
Updated packages address this issue.

Libxml is a library for parsing and manipulating XML files. A Document Type Definition (DTD) defines the legal syntax (and also which elements can be used) for certain types of files, such as XML files. A stack overflow flaw has been found in the way libxml processes the root XML document element definition in a DTD. Further on, multiple use-after-free flaws were found in the way libxml parses the Notation and Enumeration attribute types. Both issues might allow remote attackers to provide a specially crafted XML file, which once opened by a local, unsuspecting user, would lead to Denial-of-Service (DoS). Updated packages are available now.

Several vulnerabilities have been discovered in the imagemagick image manipulation programs which can lead to the execution of arbitrary code, exposure of sensitive information or cause a Denial-of-Service (DoS). Updated packages are available now.

A vulnerability in EMC Replication Manager Client allows remote attackers to execute arbitrary code on vulnerable installations. The flaw exists within the irccd.exe process which listens by default on a TCP port around 6700. The XML-based protocol this service communicates over accepts a RunProgram message. By supplying a malicious payload and requesting this functionality a remote attacker can execute arbitrary code on the remote system. Fixes are available now.

A security risk has been found with CA Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, and Unicenter Patch Management. The release of Tomcat as included with the products is potentially susceptible to a cross-site scripting (XSS) vulnerability. CA has issued a solution to address the issue.

Products like e.g. CA Software Delivery use the Data Transport Services. They show a vulnerability that enable remote attackers to execute arbitrary code with privileged access on a vulnerable system. This is due to insufficient bounds checking in the dtscore library. CA has issued patches to address the issue.

A potential security vulnerability has been identified with HP NonStop Servers with Telco CLIMs. The vulnerability could be exploited remotely to execute arbitrary code or to create a Denial-of-Service (DoS). Until an update is available to resolve this vulnerability, it can be avoided by disabling the Partial Reliable Stream Control Transmission Protocol (PR-SCTP).

A potential security vulnerability has been identified with Tru64 UNIX running the BIND server. The vulnerability could be remotely exploited to create a Denial-of-Service (DoS). An updated version is available now.

Subversion performs insufficient input validation of svndiff streams. Malicious servers could cause heap overflows in clients, and malicious clients with commit access could cause heap overflows in servers, possibly leading to arbitrary code execution in both cases.
The Debian Mantis package, a web based bug tracking system, installed the database credentials in a file with world-readable permissions onto the local filesystem. This allows local users to acquire the credentials used to control the Mantis database.
CamlImages is an open source image processing library. It suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of JPEG and GIF Images.
Fixed packages are available now.

The Sun Java JRE /JDK 5 was updated to Update 20 fixing various security issues. These issues also affect openSuSE as well as SLES and SLED, respectively.

Fetchmail is a remote mail retrieval and forwarding utility. It's vulnerable to the "Null Prefix Attacks Against SSL/TLS Certificates" recently published at the Blackhat conference. It allows an attacker to perform undetected man-in-the-middle attacks.
Memcached is a memory object caching system. It is vulnerable to several heap-based buffer overflows due to integer conversions when parsing certain length attributes. An attacker can use this to execute arbitrary code on the system running memcached
Fixed packages are available now.

Critical vulnerabilities have been identified in the current versions of Adobe Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat v9.x for Windows, Macintosh and UNIX operating systems. These vulnerabilities might cause the application to crash and could potentially allow an attacker to take control of the affected system. Adobe recommends users of Adobe Flash Player 9.x and 10.x and earlier versions update to Adobe Flash Player 9.0.246.0 and 10.0.32.18. Adobe recommends users of Adobe AIR version 1.5.1 and earlier versions update to Adobe AIR 1.5.2. Adobe recommends users of Adobe Reader 9 and Acrobat 9 and earlier versions update to Adobe Reader 9.1.3 and Acrobat 9.1.3.

A password security vulnerability exists on Tivoli Key Lifecycle Manager V1. Change the Administrator password to resolve the issue.

A security vulnerability in Sun VirtualBox 3.0 may allow a local unprivileged user inside of a VirtualBox virtual machine to be able to reboot the host operating system, which is a type of Denial of Service (DoS). Patches are available now.

A security vulnerability in Sun Java System Access Manager related to the CDCServlet component may result in policy advice being presented to the wrong client. A security vulnerability in Sun Java System Access Manager may disclose clear text passwords in debug files when the debug flag is enabled. Patches are available now.

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) allow remote attackers to cause a Denial-of-Service or execute arbitrary code. Fixed packages are available now.

Several vulnerabilities were found in the Java packages of Red Hat Enterprise Linux. Affected are java-1.6.0-ibm, java-1.5.0-sun, java-1.6.0-sun, and java-1.6.0-openjdk. Fixed packages are available now.

It has been discovered that gst-plugins-bad, the GStreamer plugins from the "bad" set, are prone to an integer overflow, when processing a MED file with a crafted song comment or song name. Fixed packages are available now.

The Apple Security Update 2009-003 describes many vulnerabilities that can be fixed now by installing Mac OS X v10.5.8, which is now available. Other version should not be used any more.

A vulnerability allowing cross-site scripting (XSS) was found in the Third-Party Drupal module "Webform report". Updated software is available now. Please be aware that Drupal core is not affected.

Openssl fuctions in Ruby do not properly check the return value from the OCSP_basic_verify function, which might allow remote attackers to successfully present an invalid X.509 certificate, possibly involving a revoked certificate. Fixed packages are available now.

Several security vulnerabilities were found in the Sun Java Runtime Environment. Fixed software is available now.

Updated kernelt packages that fix several security issues and various bugs are now available for Red Hat Enterprise Linux 5. These vulnerablities allow Denial-of-Service (DoS) as well as execution of arbitrary code. So the update should be installed as soon as possible.

Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug. Fixed packages are available now.

Several security vulnerabilities have been identified with HP Serviceguard Manager B8325BA (Stand alone). These vulnerabilities can be exploited remotely to allow execution of arbitrary code and to create a Denial of Service (DoS). Fixed software is available now.

An information leak was found in Bugzilla, a Web-based bug-tracking system. The names of all products are exposed on show_bug.cgi to any user who can edit bugs, even products that are normally invisible to that user. Fixed software is available now.

A security vulnerability in Solaris Trusted Extensions when parsing labeled packets may allow a remote privileged user to be able to panic the system which is a type of Denial of Service (DoS). Patches are available now.

It was discovered that znc, an IRC proxy, did not properly process certain DCC requests, allowing attackers to upload arbitrary files.
It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation.
Fixed packages are available now.