Multiple security vulnerabilities have been identified in the PostgreSQL software shipped with Debian Linux. These vulnerabilities may allow a remote authenticated user with certain privileges to gain extra privileges via a table with a crafted index function. Further vulnerabilities may allow man-in-the-middle attacks on SSL based PostgreSQL servers by substituting malicious SSL certificates for trusted ones. New releases are available now.

An unauthenticated remote attacker could cause the KDC to crash due to a null pointer dereference. Legitimate requests can also cause this crash to occur, meaning a Denial-of-Service. A workaround is described in the advisory. The upcoming krb5-1.7.1 release will contain a fix for this vulnerability.

The Sun Microsystems Directory Proxy Server provided with Directory Server Enterprise Edition 6 is subject to Denial-of-Service (DoS) and may allow unauthorized access to certain data. Patches address this issue.

Aria2 is a high speed download utility, which is prone to a buffer overflow in the DHT routing code, which might lead to the execution of arbitrary code. Updated software is available now.

Multiple security vulnerabilities have been identified in the PostgreSQL software shipped with Solaris. These vulnerabilities may allow a remote authenticated user with certain privileges to gain extra privileges via a table with a crafted index function. Further vulnerabilities may allow man-in-the-middle attacks on SSL based PostgreSQL servers by substituting malicious SSL certificates for trusted ones. New releases are available now.

Several vulnerabilities were found in the Drupal third-party modules Frequently Asked Questions (faq) and Automated Logout. Updated software is available now. Please be aware that Drupal core is not affected.

Several vulnerabilities were found in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Fixed packages are available now.

The DNS resolver component in BIND doesn't properly check DNS records contained in additional sections of DNS responses, leading to a cache poisoning vulnerability. This vulnerability is only present in resolvers which have been configured with DNSSEC trust anchors.
Several vulnerabilities have been discovered in kvm, a full virtualization system. They might lead to Denial-of-Service (DoS) and maybe further consequences.
Unbound is a DNS resolver. It doesn't properly check cryptographic signatures on NSEC3 records. As a result, zones signed with the NSEC3 variant of DNSSEC lose their cryptographic protection.
Fixed packages are available now.

A potential security vulnerability has been identified in proftpd, a common FTP server included in Mandriva Linux. This vulnerability is the well known in SSL and TLS leading to attackers remotely injecting unauthorized data or creating a Denial-of-Service (DoS). A software update addresses this issue.

An update fixes several security issues and various bugs in the SuSE Linux Enterprise 10 SP 2 kernel. Exploiting these vulnerablities might lead to the execution of arbitrary code or commands, increased privileges or Denial-of-Service (DoS).

Several vulnerabilities have been found in Firefox, the well known web browser. Versions before 3.0.16 and 3.5.6 might allow remote execution of code or give attackers the ability to crash the browser. Please use the latest versions only.

A security update was released for the Adobe Flash Player 10. Specially crafted Flash (SWF) files can cause overflows in flash-player. Attackers could potentially exploit that to execute arbitrary code. Fixed packages for Adobe Flash Player 9 will hopefully be released in the new year.

A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. Exploiting this ssl based vulnerability might allow attackers to remotely to inject unauthorized data or to create a Denial-of-Service (DoS). Temporary software updates are available now.

Condor is a specialized workload management system for compute-intensive jobs. A flaw has been found in the way Condor manages jobs. This could allow a user that is authorized to submit jobs into Condor to queue a job as if it were submitted by a different local user, potentially leading to unauthorized access to that user's account. An updated package is available now.

Security vulnerabilities have been discovered and fixed in pdf processing code embedded in koffice package. So it's recommended to update to the latest patchlevel.

A TLS/SSL weakness exists in multiple implementations of the Transport Layer Security (TLS) protocol, including SSLv3. SSLv2 is not affected. The vulnerability is possible when the rarely used TLS handshake recognition is configured. It allows a man-in-the-middle attack by injecting HTTP requests in a HTTPS session without being noticed. An update addresses this issue by disabling the TLS handshake recognition.

GTK+ is a multi-platform toolkit for creating graphical user interfaces. An update fixes a crasher issue in gtk2 involving out of process windows. Side effects of the bug are sporadic panel crashes, and occasional crashes in gnome-screensaver when typing an invalid password. It's recommended to use this latest version only.

It was discovered that ganeti, a virtual server cluster manager, doesn't validate the path of scripts passed as arguments to certain commands, which allows local or remote users to execute arbitrary commands on a host acting as a cluster master.
Further on, it has been found out that acpid, the Advanced Configuration and Power Interface event daemon, creates its log file with weak permissions. Due to this, sensitive information might be exposed or abused by a local user to consume all free disk space on the same partition of the file.
Fixed packages are available now.

Critical vulnerabilities have been identified in Adobe Flash Media Server (FMS) 3.5.2 and earlier versions. The vulnerabilities might allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities.

A vulnerability has been identified in the NetScaler and Access Gateway Enterprise Edition appliance firmware that could result in a limited denial of service. Fixed software is available now.

MPlayer allows remote attackers to cause a denial of service via a malformed AAC file or a malformed Ogg Media (OGM) file. Fixed packages are available now.

Multiple buffer overflow vulnerabilities exist in the Cisco WebEx Recording Format (WRF) Player. In some cases, exploitation of the vulnerabilities could allow a remote attacker to execute arbitrary code on the system of a targeted user. Fixed software is available now.

A buffer overflow flaw was discovered in Xpdf's Type 1 font parser. A specially-crafted PDF file with an embedded Type 1 font could cause Xpdf to crash or, possibly, execute arbitrary code when opened. Also affected are the gpdf and kdegraphics packages. Fixed packages are available now.

Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services.
It was discovered that network-manager-applet, a network management framework, lacks some dbus restriction rules, which allows local users to obtain sensitive information.
Fixed packages are available now.

A critical vulnerability was discovered in Adobe Reader and Acrobat that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Fixed software is not available yet. Workarounds are discribed in the advisory.

Several vulnerabilities have been discovered in the Linux kernels of Red Hat Enterprise Linux. Updated kernel packages are available now.

Several vulnerabilities were found in the Mozilla Firefox browser, Thuderbird and Seamonkey. Fixed software is available now.

It was discovered that firefox-sage, a lightweight RSS and Atom feed reader for Firefox, does not sanitise the RSS feed information correctly, which makes it prone to a cross-site scripting and a cross-domain scripting attack.
Several vulnerabilities have been discovered in asterisk, an Open Source PBX and telephony toolkit.
An error was discovered in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library.
Fixed packages are available now.

An integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. Fixed packages are available now.

Several vulnerabilities were found in the kernel of SuSE Linux and OpenSUSE Linux. Exploiting these vulnerabilities might have security impact, e.g. local users getting privileged access to the system. Fixed kernel packages are available now.

When a local user logs out of a Sun Ray desktop session, the session may log the user back in again.
A security vulnerability in the generation of encryption keys for Sun Ray firmware may allow a remote unprivileged user, who is able to intercept network traffic, to predict the private key and decrypt the mouse, keyboard, and display traffic between the Sun Ray DTU and the Sun Ray Server.
Patches are available now.

It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments or execute arbitrary commands on a system that uses php-net-ping.
Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+.
Updated software is available now.

A cross-site scripting vulnerability exists with CA Service Desk, that can allow a remote attacker to potentially gain sensitive information. Patches are available now.

A security vulnerability in the Sun Ray Server Software Authentication Manager may allow a remote unprivileged user to cause a Denial of Service (DoS) to Sun Ray services or to run arbitrary code with root privileges.
A security vulnerability in the generation of encryption keys for Sun Ray firmware may allow a remote unprivileged user, who is able to intercept network traffic, to predict the private key and decrypt the mouse, keyboard, and display traffic between the Sun Ray DTU and the Sun Ray Server.
Patches are available now.

Several security vulnerabilities have been identified with the HP OpenView Network Node Manager. Patches are available now.

A security vulnerability has been identified with the Hewlett-Packard Application Recovery Manager. Patches are available now.

A security vulnerability has been identified with HP-UX running VRTSweb version 5.0. The vulnerability could be exploited remotely to execute arbitrary code or increase privilege. Patches are available now.

Several vulnerabilities were found in the Adobe Flash Player.
Users in guest operating systems could leverage a flaw in 'kvm' to cause large latencies on SMP hosts that could lead to a local denial of service on the host operating system.
Several vulnerabilities were found in the JBoss Enterprise Application Platform (JBEAP).
Fixed packages are available now.

A potential security vulnerability has been identified with HP-UX running sendmail. This vulnerability could allow a remote user to cause a Denial-of-Service (DoS). An upgrade to sendmail 8.13.3 should be done.

No further comment due to legal reasons

Several vulnerabilities were found in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Fixed packages are available now.

A flaw has been found in the way GNU Libtool's libltdl library looks for modules to load. It's possible for libltdl to load and run modules from an arbitrary library in the current working directory. If a local attacker could trick a local user into running an application (which uses libltdl) from an attacker-controlled directory containing a malicious Libtool control file (.la), the attacker could possibly execute arbitrary code with the privileges of the user running the application. Updated software is available now.

A flaw in NTP allows to build an effective and easy exploitable Denial-of-Service (DoS) attack. The reson is that unexpected mode 7 responses are not dropped as they should. Further on, mode 7 packets originated from port 123/udp are not dropped. An update is available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

A security vulnerability has been identified with HP OpenView Data Protector Application Recovery Manager version 5.5 and 6.0. The vulnerability could be exploited remotely to create a denial of service (DoS). A software update is available now.

Several vulnerabilities were found in the IBM Java 2 Runtime Environment and the IBM Java 2 Software Development Kit. Fixed packages are available now.

Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 sequences when processing XML files. A specially-crafted XML file could cause applications using Expat to crash while parsing the file.
It was discovered that acpid could create its log file ("/var/log/acpid") with random permissions on some systems. A local attacker could use this flaw to escalate their privileges if the log file was created as world-writable and with the setuid or setgid bit set.
Fixed packages are available now.

It was discovered that Shibboleth, a federated web single sign-on system is vulnerable to script injection through redirection URLs. Fixed packages are available now.

Two security vulnerabilities have been found in the GNU tar gtar(1) archiving program bundled with Solaris 9, Solaris 10 and OpenSolaris. The first issue is a directory traversal vulnerability that may allow a local or remote unprivileged user who provides a specially crafted archive to overwrite arbitrary files which the user executing gtar(1) has permission to modify. The second issue is a buffer overflow which may allow a local or remote unprivileged user who provides a specially crafted tar archive to execute arbitrary commands with the privileges of the user executing gtar(1) or to cause gtar(1) to crash. The ability to cause a program crash is a type of Denial-of-Service (DoS).
A security vulnerability in the wget(1) command shipped with Solaris may allow a local or remote unprivileged user who provides a specially crafted certificate signed by a legitimate Certification Authority to intercept encrypted HTTP (HTTPS) communication between the wget(1) client and a web server using a man-in-the-middle (MITM) attack.
Updated packages address these issues.

Multiple security vulnerabilities in the XML library bundled with Sun Management Center 3.6.1 and 4.0 may allow a local or remote unprivileged user to execute arbitrary code with the privileges of the SunMC application or crash the SunMC application causing a Denial-of-Service (DoS) by providing a specially crafted XML file. The SunMC application runs with root privileges.
Multiple security vulnerabilities have been identified in Sun Solaris 10 libexpat, a library for parsing XML files. These vulnerabilities may allow a local or remote unprivileged user to create a crafted XML file that may cause an application linked with libexpat to crash, resulting in a Denial-of-Service (DoS) condition.
Updated packages are available now.

The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters. So an attacker who can intercept a TCP connection being used for SSL or TLS can cause the initial session negotiation to take the place of a session renegotiation leading to a man-in-the-middle attack.
The run-time link-editor, rtld, links dynamic executable with their needed libraries at run-time. When running setuid programs rtld will normally remove potentially dangerous environment variables. Due to recent changes in FreeBSD environment variable handling code, a corrupt environment may result in attempts to unset environment variables failing. An unprivileged user who can execute programs on a system can gain the privileges of any setuid program which he can run, mostly root.
When downloading updates to FreeBSD via 'freebsd-update fetch' or 'freebsd-update upgrade', the freebsd-update(8) utility copies currently installed files into its working directory. A local user can read files which have been updated by freebsd-update(8), even if those files have permissions which would normally not allow users to read them.
Patches address these issues.

Request-tracker is a trouble-ticket system. It's prone to an attack where an attacker with access to the same domain can hijack a user's RT session.
Gforge is a collaborative development tool. Local users are able to perform a Denial-of-Service (DoS) by overwriting aritrary files via a symlink attack.
Belpic is the belgian eID PKCS11 library. Due to a not sufficient checking of the result of an OpenSSL function for verifying cryptographic signatures, the certification verification can be bypassed.
Updated software is available now.

For MRG Realtime for RHEL 5 Server updated kernel-rt packages are available now. They are fixing security issues as well as some bugs. It's recommended to install this update.

Java for Mac OS X 10.6 Update 1 and 10.5 Update 6 has been published now. Many vulnerabilities regarding Java are fixed in these updates. Exploiting them could lead to Denial-of-Service, the execution of arbitrary code as well as further effects leading to reduced security.

Mozilla Firefox (webnavi) is an open-source web browser. A new version of the Turbolinux Client solves many of security problems with this software.

It has been discovered that OpenLDAP, a free implementation of the Lightweight Directory Access Protocol, when OpenSSL is used, does not properly handle a special character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. Updated software is available now.

The TLS/SSLv3 protocol as implemented in openssl isn't able to associate already sent data to a renegotiated connection. This allows a man-in-the-middle attack by injecting HTTP requests in a HTTPS session without being noticed. An update of Sun Java Enterprise System and sun-nss addresses this issue which affects not only Sun Solaris, but also RHEL, HP-UX and Microsoft Windows.

Multiple Cross-Site Scripting (XSS) security vulnerabilities exist in Sun Java System Portal Server's Gateway that may allow remote users to execute arbitrary JavaScript code in a user's web browser. A patch remedies this issue.

A potential vulnerability has been identified with the HP NonStop Servers. The vulnerability could be exploited locally resulting in an unauthorized access to data, Denial-of-Service (DoS), or execution of arbitrary code. A software update is available now.

Several vulnerabilities were found in the kernel of SuSE Linux and OpenSUSE Linux. Exploiting these vulnerabilities might have security impact, e.g. local users getting privileged access to the system. Fixed kernel packages are available now.

The BIND DNS server was updated to close a possible cache poisoning vulnerability which allowed to bypass DNSSEC. This problem can only happen after the other spoofing/poisoning mechanisms have been bypassed already (the port and transaction id randomization). Also this can only happen if the server is setup for DNSSEC. An update addresses this issue.

Asterisk is a free software for telephones. An attacker sending a valid RTP comfort noise payload containing a data length of 24 bytes or greater can remotely crash Asterisk. Fixed software is available now.

A flaw was found in the way the Apache Xerces2 Java Parser processed the SYSTEM identifier in DTDs. A remote attacker could provide a specially-crafted XML file, which once parsed by an application using the Apache Xerces2 Java Parser, would lead to a denial of service.
A flaw was found in the Python module search path used in dstat. If a local attacker could trick a local user into running dstat from a directory containing a Python script that is named like an importable module, they could execute arbitrary code with the privileges of the user running dstat.
Fixed packages are available now.