Multiple vulnerabilities was discovered in python. Exploiting them might lead to a Denial-of-Service (DoS) or other unspecified impacts.
Further on, several vulnerabilities have been found in php. They also might lead to a Denial-of-Service (DoS), e.g. by providing a very long e-mail address.
Updated packages are available now.

A vulnerability regarding XSS and CSRF was found in the Drupal third-party module Watcher. Fixed software is available now. Please be aware that Drupal core is not affected.

The Common UNIX Printing System (CUPS) provides a portable printing layer for UNIX operating systems. Updated cups packages that fix two security issues are now available for Red Hat Enterprise Linux 5.

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.8.612 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities might allow an attacker to run malicious code on the affected system. Adobe recommends to update to Adobe Shockwave Player 11.5.9.615.

A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. A patch is under development.

Several vulnerabilities were discovered in the java-1.5.0-ibm packages. Fixed software is available now.

A potential vulnerability has been identified with HP LoadRunner Web Tours 9.10. The vulnerability could be remotely exploited to cause a Denial-of-Service. An update is available now.

A potential security vulnerability has been identified with HP Storage Essentials using LDAP authentication. This vulnerability could be exploited to allow remote unauthenticated access. Updated software is available now.

Symantecs IM Manager administration console is susceptible to multiple SQL injection issues which could result in a compromise of the Symantec IM Manager database by an authorized but unprivileged network user. An update to Symantec IM Manager 8.4.16 remedies these problems.

CiscoWorks Common Services for both Oracle Solaris and Microsoft Windows contains a vulnerability that could allow a remote unauthenticated attacker to execute arbitrary code on a host device with privileges of a system administrator. Cisco has released free software updates that address this vulnerability.

Client programs using the openssl library to open and process SSLv3 and TLSv1 connections may crash or execute arbitrary code if the server provides a specially crafted SSL key that can inject arbitrary code. A patch is available now.

A potential security vulnerability has been identified with Palm webOS Doc Viewer. This vulnerability could be exploited to execute arbitrary code. Another vulnerability has been identified with a Palm webOS service API. This vulnerability could be exploited by a local user on the device, who already has gained the ability to issue privileged webOS service calls, to execute arbitrary code. Further on, a vulnerability has been identified with the webOS camera application. This vulnerability could be exploited by a local user on the device to overwrite arbitrary files on the filesystem. Upgrading to webOS version 1.4.5 solves these problems.

HP Operations Orchestration is vulnerable to Cross-Site scripting, caused by improper validation of user-supplied input. A fix is available now.

A potential security vulnerability has been identified in HP Version Control Repository Manager (VCRM) for Windows. The vulnerability could be exploited remotely resulting in Cross-Site scripting (XSS). An update is available now.

Potential security vulnerabilities have been identified in HP Insight Control virtual machine management for Windows. The vulnerabilities could be exploited remotely resulting in Cross-Site scripting (XSS), privilege escalation, or Cross-Site request forgery (CSRF). HP has provided HP Insight Control virtual machine management v6.2 to resolve the vulnerabilities.

A potential security vulnerability has been identified in HP Virtual Server Environment for Windows. The vulnerability could be exploited remotely to download arbitrary files. A patch is available now.

Potential security vulnerabilities have been identified in HP Insight Control Power Management for Windows. The vulnerabilities could be exploited remotely resulting in Cross-Site Scripting (XSS) or Cross-Site request forgery (CSRF). HP has provided HP Insight Control Power Management v6.2 or subsequent to resolve the vulnerabilities.

Potential security vulnerabilities have been identified in HP Insight Control Server Migration for Windows. The vulnerabilities could be exploited remotely resulting in Cross-Site scripting (XSS), privilege escalation, or unauthorized access. HP has provided HP Insight Control Server Migration v6.2 or subsequent to resolve the vulnerabilities.

Multiple vulnerabilities have been reported in IBM WebSphere Application Server. Exploitation of these vulnerabilities could result in Cross-Site Scripting attacks, cross-site request forgery attacks or URL injection attacks. A patch is available now.

A critical vulnerabilitys was found in the Mozilla Firefox browser, Thuderbird and Seamonkey. Fixed software is available now.

A new SUSE Security Summary reports about vulnerabilities in the packages OpenOffice_org, acroread/acroread_ja, cifs-mount/samba, dbus-1-glib, festival, freetype2, java-1_6_0-sun, krb5, libHX13/libHX18/libHX22, mipv6d, mysql, postgresql, and squid3. Updated packages are available now and should be installed on vulnerable systems.

The rds_page_copy_user() function in the Linux kernel Reliable Datagram Sockets (RDS) protocol implementation was missing sanity checks. A local, unprivileged user could use this flaw to escalate their privileges. Fixed software is available now.

IBM solidDB is vulnerable to a denial of service, caused by an error in the solid.exe database server. A remote attacker could exploit this vulnerability to reference an unallocated memory region and cause the service to crash. Fixed software is not available yet.

A security vulnerability has been identified in HP Virtual Connect Enterprise Manager (VCEM) for Windows. The vulnerability could be exploited remotely to download arbitrary files. Fixed software is available now.

A buffer overflow was discovered in libsmi when long OID was given in numerical form. This could lead to arbitraty code execution. Updated software is available now.

A critical vulnerability exists in Adobe Shockwave Player on the Windows and Macintosh operating systems. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. Fixed software is not available yet.

Several security vulnerabilities have been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. Fixed software is available now.

A security vulnerability has been identified in HP AssetCenter and HP AssetManager for AIX, HP-UX, Linux, Solaris and Windows. The vulnerability could be exploited remotely resulting in cross site scripting (XSS). Fixed software is available now.

'larn' uses the setgid privileges in an inproper way.
The netsmb filesystem kernel module was incorrectly checking buffer limits, thus enabling a regular user to cause the kernel to allocate large internal buffers to handle the request, which leads to memory exhaustion.
Fixed software is available now.

Several Multiple NULL pointer dereference flaws were found in the way Pidgin handled Base64 decoding and the Pidgin MSN protocol plug-in. Fixed packages are available now.

Several vulnerabilities were discovered in Java for Mac OS X. Fixed software is available now.

A stack-based buffer overflow flaw and multiple NULL pointer dereference flaws were found in the Quagga bgpd daemon. Fixed packages are available now.

Several vulnerabilities were discovered in the java-1.4.2-ibm packages. Fixed packages are available now.

It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. Fixed software is available now.

A vulnerability within the install_jar procedure allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is required in that a user must have the ability to connect to the database. Fixed software is available now.

Updated kernel packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise Linux 4.

Several vulnerabilities were found in the Mozilla Firefox browser, Thuderbird and Seamonkey. Fixed software is available now.

Several remote vulnerabilities have been discovered in TYPO3. Fixed packages are available now.

Several buffer overflow vulnerabilities were found in IBM Informix Dynamic Server. Fixed software is available now.

A vulnerability was found in Rational Quality Manager and Rational Test Lab Manager, that allows remote attackers to execute code. Fixed software is available now.

TWiki is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the view and login scripts. A remote attacker could exploit this vulnerability using the rev or origurl parameter in a specially- crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. Fixed software is available now.

The openSUSE 11.3 kernel was updated to fix various bugs and some security issues.

A code injection flaw was found in the way Cobbler processed templates for kickstart files. A remote, authenticated user, that has the Configuration Administrator role privilege, could use this flaw to create a specially-crafted kickstart template file containing embedded Python code that could, when processed by Cheetah, execute arbitrary code with root privileges on the Red Hat Network Satellite Server. Fixed packages are available now.

A vulnerability was found in the Drupal third-party module Views. Fixed software is available now. Please be aware that Drupal core is not affected.

A security vulnerability has been identified in HP Systems Insight Manager (SIM) for HP-UX, Linux, and Windows. The vulnerability could be exploited remotely to download arbitrary files. Fixed software is available now.

A security vulnerability has been identified in HP ProCurve Access Points, Access Controllers, and Mobility Controllers. The vulnerability could be remotely exploited resulting in a privilege escalation. Fixed software is available now.

A flaw was found in the way Apache Qpid handled the receipt of invalid AMQP data. A remote user could send invalid AMQP data to the server, causing it to crash, resulting in the cluster shutting down. A flaw was found in the way Apache Qpid handled a request to redeclare an existing exchange while adding a new alternate exchange. If a remote, authenticated user issued such a request, the server would crash, resulting in the cluster shutting down. Fixed packages are available now.

Updated kernel-rt packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise MRG 1.3. This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Several vulnerabilities were discovered in the java-1.6.0-sun packages. Fixed packages are available now.

Security vulnerabilities exist in the specified versions of IBM Tivoli Storage Manager FastBack, which has the potential to crash the IBM Tivoli Storage Manager FastBack Mount process or to allow malicious code injection. Fixed software is available now.

The SUSE Linux Enterprise Server/Desktop 11 SP1 kernel was updated to fix various bugs and some security issues.

A new SUSE Security Summary reports about vulnerabilities in the packages samba, libgdiplus0, libwebkit, bzip2, php5, and okular. Updated packages are available now and should be installed on vulnerable systems.

Several vulnerabilities were discovered in the java-1.6.0-openjdk packages. Fixed packages are available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

The glob(3) function allows denial of service attacks. Affected are sftp(1) and ftp(1). Fixed software is available now.

Two vulnerabilities were discovered in the Poppler PDF rendering library, which may lead to the execution of arbitrary code if a malformed PDF file is opened.
It was discovered that PostgreSQL, a database server software, does not properly separate interpreters for server-side stored procedures which run in different security contexts. As a result, non-privileged authenticated database users might gain additional privileges.
Fixed packages are available now.

Several critical vulnerabilities have been identified in Adobe Reader and Adobe Acrobat.These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. Fixed software is available now.

It was discovered that the mod_dav_svn module of subversion, a version control system, is not properly enforcing access rules which are scope-limited to named repositories. If the SVNPathAuthz option is set to "short_circuit" set this may enable an unprivileged attacker to bypass intended access restrictions and disclose or modify repository content. Fixed packages are available now.

Several vulnerabilities were found in 'xpdf'. Also affected are 'gpdf', 'kdegraphics', 'cups', and 'poppler'. Fixed packages are available now.

A flaw was discovered in the apr_brigade_split_line() function in apr-util. A remote attacker could send crafted http requests to cause a greatly increased memory consumption in Apache httpd, resulting in a denial of service. Fixed packages are available now.

Several vulnerabilities were found in 'FreeType'. Fixed software is available now.

The flaw exists within Novell's eDirectory Server's NCP implementation. This vulnerability allows attackers to deny services on vulnerable installations of Novell eDirectory. Authentication is not required in order to trigger this vulnerability. Fixed software is available now.

Several vulnerabilities were found in the VMware ESX Service Console. Fixed software is available now.

There is a flaw in BIND where the wrong ACL is applied. This flaw could allow access to a cache via recursion even though the ACL disallowed it. This bug is primarily a risk to operators running both authoritative and recursive DNS on the same BIND server in the same view. Fixed software is available now.