Symantecs IM Manager Administration console is susceptible to a code injection which could result in remote code execution leading to possible compromise of the Symantec IM Manager application. An update addresses this vulnerability.

A potential vulnerability has been identified with HP OpenView Performance Insight Server. The vulnerability could be exploited remotely to execute arbitrary code. HP has made a hotfix available to resolve the vulnerability for HP OpenView Performance Insight Server v5.4 and v5.41.

Pcscd is a middleware to access a smart card via PC/SC. It shows a buffer overflow which might lead to the execution of arbitrary code by local attackers. Updated packages are available now.

Fix Pack 9 and Fix Pack 10 for DB2 V9.1 are now available. They include fixes for some security vulnerabilities and HIPER APARs. These fixes, where applicable, are also available in Fix Pack 6a for DB2 Version 9.5 and Fix Pack 2 for DB2 Version 9.7. IBM recommends that you review the APAR descriptions and deploy one of the above fix packs to correct them on your affected DB2 installations.

Several vulnerabilities have been found in the kernel of Debian GNU/Linux. Due to security reasons it's recommended to install updated kernel packages.
Exim is a mail transport agent (MTA) for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause exim to execute arbitrary commands as the root user.
Two buffer overflows were found in the Freetype font library, which could lead to the execution of arbitrary code.
Updated packages are available now.

FreeBSD is vulnerable to a Denial-of-Service, caused by a NULL pointer dereference. By making repeated attempts, a local attacker could exploit this vulnerability to cause the kernel to crash and force a rebbot of the system. A patch isn't available yet.

The Huawei routers could provide weaker than expected security, caused by an error related to weak ciphers. An attacker could exploit this vulnerability using the MAC address to generate WEP and WPA keys. An improvement isn't available yet.

No further comment due to legal reasons

Syslog-ng could allow a local attacker to gain elevated privileges on the system, caused by insecure permissions (777) being set on a log file and making it world-writable. A local attacker could exploit this vulnerability to modify, create, or delete files within the folder. Patches are available now.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer SP. This is due to flaw within the vidplin.dll module. A buffer is allocated according to the user supplied length value. User supplied data is then copied into the allocated buffer, without verifying length, allowing the data to be written past the bounds of the previously allocated buffer. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the user running RealPlayer. RealNetworks has issued an update to correct this vulnerability.

The Intel Alert Management System (AMS2) is used in Symantec AntiVirus Corporate Edition Server (SAVCE), Symantec System Center (SSC), and Symantec Quarantine Server. AMS2 listens on TCP Port 38292 and allows SAVCE Administrators to send messages(i.e. email) if a user-specified event occurs. Symantec was notified of multiple instances of failure to properly handle user input in the Third Party Intel Alert Management System(AMS2) which could result in arbitrary code execution. Symantec has released an update to address this problem.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. This is due to a flaw within the gwwww1.dll module responsible for parsing VCALENDAR data within E-Mail messages. Novell has issued an update to correct this vulnerability.

A vulnerability exists within the Access Point process (ZfHIPCnd.exe) which listens by default on TCP port 2400. The problem occurs due to the application copying arbitrary sized data from a packet into a statically sized buffer. Due to the application not accommodating for the variable sized data during initialization of this buffer a buffer overflow will occur. This can lead to code execution under the context of the application. Novell has issued an update to correct this vulnerability.

The Third Party extension Media [DAM] shows a vulnerability allowing a Cross-Site Scripting (XSS) attack. An updated version 1.1.8 is available from the TYPO3 extension manager. This should be installed as soon as possible.

Pango is a library used for the layout and rendering of internationalized text. An input sanitization flaw, leading to a heap-based buffer overflow, has been found in the way Pango displays font files when using the FreeType font engine back end. If a user loads a malformed font file with an application that uses Pango, it could cause the application to crash or execute arbitrary code with the privileges of the user running the application. Updated packages are available now.

The EMC Networker uses a RPC library to provide a portmapper service within nsrexecd. The portmapper restricts access for service commands to the localhost. However, the UDP protocol allows malicious users to spoof the source address of the network packet making it appear it originated from the localhost. This potentially may allow a remote malicious user to unregister existing NetWorker RPC services or register new RPC services, meaning a Denial-of-Service. EMC strongly recommends all customers apply the latest patches which contain the resolution to this issue.

Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for HP printers and multifunction peripherals, and tools for installing, using, and configuring them. A flaw has been found in the way certain HPLIP tools discover devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them.
Updated packages are available now.

When the DHCPv6 server code processes a message for an address that was previously declined and internally tagged as abandoned it can trigger an assert failure resulting in the server crashing. This could be used to crash DHCPv6 servers remotely, leading to a Denial-of-Service (DoS). This issue only affects DHCPv6 servers. DHCPv4 servers are unaffected. Upgrading to 4.1.2-P1, 4.1-ESV-R1, or 4.2.1b1 remedies this problem.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell GroupWise. This is due to a flaw within the gwwww1.dll module responsible for parsing VCALENDAR data within E-Mail messages. Novell has issued an update to correct this vulnerability.

Bugzilla is a Web-based bug-tracking system used by a large number of software projects. Multiple security vulnerabilities have been found in bugzilla, including a way to initiate a Cross-Site Scripting (XSS) attack, a Cross-Site Request Forgery (XSRF) attack or even unauthorized access and the possibility to execute arbitrary code. So it's recommended to upgrade to one of the following versions: 3.2.10, 3.4.10, 3.6.4, and 4.0rc2.

The libuser library implements a standardized interface for manipulating and administering user and group accounts. It has been discovered that libuser doesn't set the password entry correctly when creating new LDAP users. If an administrator didn't assign a password to an LDAP based user account, an attacker could use this flaw to log into that account with a default password string that should have been rejected. Updated packages are available now.

A new SUSE Security Summary reports about vulnerabilities in the packages ed, evince, hplip, libopensc2/opensc, libsmi, libwebkit, perl, python, sssd, sudo, and wireshark. Updated packages are available now and should be installed on vulnerable systems.

IBM Java 6 SR9 has been released. This version fixes a lot of security issues, so it should be installed immediately.

A kernel update for the SUSE Linux Enterprise 10 SP3 kernel fixes has been published. It fixes several security issues and bugs, so it should be installed in time.

A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to create a Denial-of-Service (DoS). HP has provided software patches to resolve this vulnerability.

The JBoss Web Framework Kit combines popular open source web frameworks into a single solution for Java applications. The spring2 packages shipped as part of JBoss Web Framework Kit 1.0.0 are vulnerable to a security flaw that could allow a remote attacker to execute arbitrary code via a specially-crafted HTTP request. An update removes the JBoss Web Framework Kit 1.0.0 packages because they should be used no longer.

Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code. Fixed software is available now.

A service policy bypass vulnerability exists in the Cisco Content Services Gateway - Second Generation (CSG2), which runs on the Cisco Service and Application Module for IP (SAMI). Under certain configurations this vulnerability could allow customers to access sites without being charged or to bypass restriction policies. Further on, Cisco IOS Software Release 12.4(24)MD1 on the Cisco CSG2 contains two vulnerabilities that can be exploited by a remote, unauthenticated attacker to create a Denial-of-Service condition that prevents traffic from passing through the CSG2.
Cisco has released free software updates that address these vulnerabilities.

WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform. This software shows several memory corruption flaws, index errors and multiple use-after-free flaws leading to e.g. remote code execution. Users of WebKitGTK+ should upgrade to these updated packages, which contain WebKitGTK+ version 1.2.6, and resolve these issues.

Updated java-1.6.0-openjdk packages that fix two security issues are now available for Red Hat Enterprise Linux 5. These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. Exploiting these vulnerabilities might allow remote attackers to read restricted system files or even to bypass security restrictions.

SunScreen Firewall could allow a local attacker to gain elevated privileges on the system, caused by insecure setting of LD_LIBRARY_PATH to a zero-length directory name by the SunScreen firewall component. By persuading a victim to launch an application located in the same directory as specially-crafted library, an attacker could exploit this vulnerability to gain elevated privileges. Currently, no patch is available.

DATEV Grundpaket Basis CD23.20 de could allow a remote attacker to execute arbitrary code on a vulnerable system. The application doesn't directly specify the fully qualified path to a dynamic-linked library (DVBSKNLANG101.dll and DvZediTermSrvInfo004.dll) when running on Microsoft Windows. By persuading a victim to open a specially-crafted file from a WebDAV or SMB share using a vulnerable application, a remote attacker might exploit this vulnerability via a specially-crafted library to execute arbitrary code on the system. Please refer to DATEV Web site for patch, upgrade or suggested workaround information.

Lomtec ActiveWeb Professional 3.0 web content management server, running on ColdFusion. It allows unauthenticated users to upload arbitrary files. By accessing the "getImagefile" section of the EasyEdit module, a remote attacker could upload an executable server-side script (e.g., an .asp shell on a Microsoft Internet Information Server platform) and execute arbitrary commands with the privileges of the web content management server. A patch isn't available yet, so access to the server should be restricted.

A vulnerability has been identified in the RSA Key Manager (RKM) C client 1.5. It may expose the product to SQL Injection attack has been addressed. An attacker having access to encrypted data could have leveraged this vulnerability to alter the RKM C Client 1.5 cache. A fix is available now.

Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for HP printers and multifunction peripherals, and tools for installing, using, and configuring them. A flaw has been found in the way certain HPLIP tools discover devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them.
Updated packages are available now.

An error in ccid_serial.c in libccid in the USB Chip/Smart Card Interface Devices (CCID) driver, as used in pcscd in PCSC-Lite 1.5.3 and possibly other products, allows physically proximate attackers to execute arbitrary code via a smart card with a crafted serial number that causes a negative value to be used in a memcpy operation, which triggers a buffer overflow leading to a Denial-of-Service (DoS). A Stack-based buffer overflow in the ATRDecodeAtr function in the Answer-to-Reset (ATR) Handler (atrhandler.c) for pcscd in PCSC-Lite 1.5.3, and possibly other 1.5.x and 1.6.x versions, allows physically proximate attackers to cause a denial of service (crash) and possibly execute arbitrary code via a smart card with an ATR message containing a long attribute value.
Updated packages are available now.

A potential security vulnerability has been identified with HP Business Availability Center (BAC) and Business Service Management (BSM). The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS). HP has provided software patches to resolve this vulnerability.

It was discovered that Request Tracker, an issue tracking system, stored passwords in its database by using an insufficiently strong hashing method. If an attacker would have access to the password database, he could decode the passwords stored in it. Fixed packages are available now.

Sybase EAServer is a solution for distributed and web-enabled PowerBuilder applications. Two vulnerabilities have been reported in the Sybase EAServer.
Remote exploitation of a design vulnerability in Sybase EAServer could allow an attacker to install arbitrary web services. This condition can result in arbitrary code execution. This is due to a design error which allows a user to install or uninstall web services via a certain web application. This web application is installed by default on the EAServer HTTP Server and doesn't require authentication.
Further on, remote exploitation of a directory traversal vulnerability in Sybase EAServer could allow an attacker to read arbitrary files, leading to information disclosure. This is due to a failure by the Sybase EAServer HTTP Server to restrict directory traversals. As a result, sensitive file path locations outside the configured HTTP Server restricted directory can be accessed by an attacker. No authentication is required to access the HTTP Server.
Sybase has released patches which address these issues.

The communication between the CollabNet ScrumWorks Basic Server and CollabNet ScrumWorks Desktop Client is transmitting credential information in plaintext. The CollabNet ScrumWorks Basic Server communicates with the CollabNet ScrumWorks Desktop Client using unencrypted java objects. These unencrypted java objects contain the username and password of the active user or (by calling specific functions) all users on the CollabNet ScrumWorks Basic Server. An additional vulnerability exists in CollabNet ScrumWorks where the ScrumWorks Basic Server stores unencrypted client username and passwords in its internal database. So an attacker could view the credentials of the active client or all of the authenticated client's username and password hashs using a packet capturing tool. CollabNet points out that the client passwords are encrypted in CollabNet ScrumWorks Pro, and there are no plans for adding an encryption feature into CollabNet ScrumWorks Basic. CollabNet ScrumWorks Basic should not be used for sensitive data.

Some potential security vulnerabilities have been identified on HP-UX running Kerberos. These vulnerabilities could be exploited remotely by an unauthorized user to modify data, prompts, or responses. HP has provided web updates and patches to resolve the vulnerabilities.

A vulnerability in Citrix Provisioning Services allows attackers to execute arbitrary code. A flaw in the streamprocess.exe component, listening by default on TCP port 6095, is responsible for this. When handling a packet of type 0x40020010 the process blindly copies user supplied data into a fixed-length buffer on the stack. So a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. Oracle has issued an update to correct this vulnerability.

A vulnerability in Oracle Business Intelligence One allows attackers to execute arbitrary code. A flaw in the emagent.exe component, listening by default on TCP port 3938, is responsible for this. When handling an HTTP request in oranmemso.dll the function nmehl_getURIParams blindly copies user supplied data into a fixed-length buffer on the stack. So a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. Oracle has issued an update to correct this vulnerability.

Updated java-1.5.0-ibm packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 and 6 Supplementary.

The libuser library implements a standardized interface for manipulating and administering user and group accounts. It has been discovered that libuser doesn't set the password entry correctly when creating LDAP users. If an administrator didn't assign a password to an LDAP based user account, an attacker could use this flaw to log into that account with a default password string that should have been rejected. Updated packages are available now.

It was discovered that dbus, a message bus application, is not properly limiting the nesting level when examining messages with extensive nested variants. This allows an attacker to crash the dbus system daemon due to a call stack overflow via crafted messages. Fixed packages are available now.

A vulnerability was found in the Drupal third-party module Janrain Engage (formerly RPX), allowing a remote Cross-Site Scripting (XSS) attack as well as the execution of arbitrary code and commands. Fixed software is available now. Please be aware that Drupal core is not affected.

A potential security vulnerability has been identified with HP OpenView Storage Data Protector. The vulnerability could be remotely exploited to execute arbitrary code. HP has provided software patches to resolve this vulnerability.

Multiple vulnerabilities exist in Cisco ASA 5500 Series Adaptive Security appliances version 8.x that if exploited by remote users, could cause a Denial-of-Service (DoS), permit access to sensitive information or bypass restrictions. These issues are caused by errors related to SIP inspection, ACLs, Mobile User Security (MUS) service, multicast traffic, LAN-to-LAN (L2L) IPsec sessions, ASDM, Neighbour Discovery (ND), EIGRP traffic, TELNET, IPsec traffic, emWEB, device startup, Online Certificate Status Protocol (OCSP) connections, CIFS, SMTP inspection, and LDAP authentication. Updates are available and should be applied.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Beehive. Authentication is not required to exploit this vulnerability. Oracle has issued an update to correct this vulnerability now.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GoldenGate Veridata. The reason is a problem in parsing XML soap requests used for authorization to the management site. Oracle has issued an update to correct this vulnerability now.

A vulnerability in Oracle Database 11g allows remote attackers to execute arbitrary code on vulnerable systems. Authentication is not required to exploit this vulnerability. Oracle has issued an update now.

A flaw exists within the av component of Oracle Audit Vault which listens by default on TCP port 5700. When handling an action.execute request the process evaluates code provided as a parameter without proper validation. This allows for creation of arbitrary objects. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the oracle user. Oracle has issued an update to correct this vulnerability.

A vulnerability in Oracle Real User Experience Insight allows remote attackers to inject arbitrary SQL on vulnerable systems. Authentication is not required to exploit this vulnerability. Oracle has issued an update to correct this vulnerability.

When forming an outgoing SIP request while in pedantic mode, a stack buffer can be made to overflow if supplied with carefully crafted caller ID information. Exploiting this vulnerability in the SIP channel driver might lead to the execution of arbitrary code. A fix is available now.

Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 4.

Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 5.

Updated java-1.4.2-ibm packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.

Libpng shows a vulnerability in the rgb-to-gray transform function has been found. Exploiting this vulnerability might allow an attacker to execute arbitrary code on a vulnerable system. The latest version of libpng, 1.5.1beta01 or later, remedies this problem.

Exim is a mail transport agent (MTA) for use on UNIX systems connected to the Internet. A privilege escalation flaw was discovered in Exim. If an attacker were able to gain access to the "exim" user, they could cause exim to execute arbitrary commands as the root user.
Hewlett-Packard Linux Imaging and Printing (HPLIP) provides drivers for HP printers and multifunction peripherals, and tools for installing, using, and configuring them. A flaw has been found in the way certain HPLIP tools discover devices using the SNMP protocol. If a user ran certain HPLIP tools that search for supported devices using SNMP, and a malicious user is able to send specially-crafted SNMP responses, it could cause those HPLIP tools to crash or, possibly, execute arbitrary code with the privileges of the user running them.
Updated packages are available now.

Three security issues were found in Tor, an anonymizing overlay network for TCP, during a security audit. A heap overflow allowed the execution of arbitrary code, a denial of service vulnerability was found in the zlib compression handling and some key memory was incorrectly zeroed out before being freed. Fixed packages are available now.

A vulnerability has been identified in the NT4 authentication component of Access Gateway Enterprise, and the NTLM authentication component of Access Gateway Standard Edition that, when exploited, could allow an attacker to subvert the authentication process. In some cases, this could result in the attacker being able to execute commands on the appliance in the context of the root user. The use of the vulnerable authentication methods has been deprecated in the Access Gateway product line, and support for these methods has also been removed from the latest versions of these products. So it's recommended to change the authentication method.

A buffer overflow has been discovered in the OID parser of libsmi, a library to access SMI MIB data. MyDMS is an open-source document management system based on PHP and MySQL. It shows a vulnerability allowing directory traversal. Further on, pimd, a multicast routing daemon, creates files with predictable names upon the receipt of particular signals.
Fixed packages are available now.

Several vulnerabilities have been found in the kernel of SuSE Linux Enterprise 11. Due to security reasons it's recommended to install updated kernel packages.

Several vulnerabilities have been discovered in the MySQL database server. Exploiting them might lead to a number of Denial-of-Service (DoS). A new version fixes these issues.

Objectivity/DB comes with several administration tools for database maintenance. By design, these tools do not require authentication. An attacker can emulate the functionality of the administration tools with a custom script as well. So an unauthenticated remote attacker can run commands on the database server. A patch is not available, so it's recommended to use firewalls to block access to port 6779/tcp as well as 6780/tcp.

IBM WebSphere MQ is vulnerable to a buffer overflow, caused by improper bounds checking during message handling. By sending a message contain a specially-crafted header field, a remote attacker could overflow a buffer and execute arbitrary code on the system with MQM privileges or cause the application to crash, leading to a Denial-of-Service (DoS). The latest Fix packs solve this problem.

A potential vulnerability has been identified with HP LoadRunner 9.52. The vulnerability could be remotely exploited to allow execution of arbitrary code. It can be resolved by closing ports 5001 and 5002.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in QEMU-KVM isn't initialized properly before being copied to user-space. A privileged host user with access to "/dev/kvm" could use this flaw to leak kernel stack memory to user-space. Updated packages are available now.

ICQ is a famous tool for Instant Messaging (IM). ICQ 7 doesn't verify the origin of automatic updates which may allow a remote attacker to execute arbitrary code with the privileges of the user. Until now, a solution isn't available.

Google Chrome stable channel versions prior to 8.0.552.237 contain multiple memory corruption vulnerabilities. These vulnerabilities include a stack corruption vulnerability in the PDF renderer component, two memory corruption vulnerabilities in the Vorbis decoder, and a video frame size error resulting in a bad memory access. By convincing a user to view a specially crafted HTML document, PDF file, or video file, an attacker can cause the application to crash or possibly execute arbitrary code. So an update is recommended.

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 5. This is the sixth regular update.
Updated gcc and python packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5.

A vulnerability was found in the Drupal third-party module Panels, allowing a remote Cross-Site Scripting (XSS) attack. Fixed software is available now. Please be aware that Drupal core is not affected.

The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. All current versions of the Shibboleth 2 IdP are vulnerable to a bug where, under certain situations, more than one user may be given the same transient ID. This in turn may lead to attribute queries for each user mapped to the same ID returning the attributes for user most recently mapped. This problem is not there when session IP address checking is turned on, as it is by default. Shibboleth IdP 2.2.1 contains a fix for this issue that does not require re-enabling Session IP address checking.

Symantecs Web Gateway 4.5 management GUI is susceptible to a blind SQL injection attack which could result in injection of arbitrary code into the backend database. In a normal installation, the affected management interface should not be accessible external to the network. This issue is resolved in data base update 4.5.0.376 which is currently available.

Remote exploitation of a command injection vulnerability in HP's Network Node Manager 7.5.1 and 7.5.3 might allow an attacker to execute arbitrary commands with the privileges of the affected service. The vulnerability exists within CGI scripts provided with the NNM HTTP Server. These scripts don't effectively sanatize a particular parameter. It is possible for an attacker to supply a parameter containing a specially crafted command line string. The command line string will be executed on the affected NNM HTTP Server. HP has released patches which address this issue. These also fix further vulnerabilities allowing the execution of arbitrary code under the context of the user running the web server.

If a BlackBerry device user browses to a malformed web page, the BlackBerry browser application consumes sufficient resources to make the BlackBerry device appear unresponsive. This issue results in a temporary, partial Denial-of-Service (DoS). RIM has issued a software update that resolves this issue in BlackBerry Device Software versions later than 5.0.0, versions later than 6.0.0 are unaffected.

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux 6. Fixed kernel packages are available now.

A new SUSE Security Summary reports about vulnerabilities in the packages finch/pidgin, libmoon-devel/moonlight-plugin, libmsi, openssl, perl-CGI-Simple, supportutils, and wireshark. Updated packages are available now and should be installed on vulnerable systems.

No further comment due to legal reasons

No further comment due to legal reasons

In libpng-1.5.0 a vulnerability in the rgb-to-gray transform function has been found. Exploiting this vulnerability might allow an attacker to initiate a Denial-of-Service (DoS) or even the execution of arbitrary code on a vulnerable system. A fix is available now.

An array index error, leading to a stack-based buffer overflow, was found in the Wireshark ENTTEC dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Fixed packages are available now.

Microsoft Internet Explorer 8 is susceptible to a use-after-free vulnerability in the mshtml.dll library. The use-after-free vulnerability is triggered when handling circular memory references. Full details of the crash can be found in the advisories. An attacker can cause the browser to crash and may be able to execute arbitrary code as the user of the IE. A solution isn't available yet, a workaround is described in the Vulnerbility Note.

Mac OS X v10.6.6 is now available and addresses many vulnerabilities, which could be exploited locally or remote. It's strongly recommended to install this update.

A flaw was discovered in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session.
It was discovered that the dpkg-source component of dpkg, the Debian package management system, doesn't correctly handle paths in patches of source packages, which could make it traverse directories.
Fixed packages are available now.

Several vulnerabilities were found in the DeVice Independent (DVI) renderer implementation of the document viewer 'evince'. Fixed packages are available now.

A vulnerability has been found in Apache mod_fcgid. A stack overflow could allow an untrusted FCGI application to cause a server crash or possibly to execute arbitrary code as the user running the web server. This problem can be solved by installing a patch that is available now.

Many vulnerabilities have been found in Mozilla Firefox, Mozilla Thunderbird, and Seamonkey. These partly well known vulnerabilities can be avoided by installing the latest updates. Mozilla Firefox was updated to version 3.6.13 to fix several security issues. Further on, also Mozilla Thunderbird and Seamonkey can and should be updated on openSUSE.

Several vulnerabilities have been found in the kernels of openSUSE 11.2 and 11.3. Due to security reasons it's recommended to install updated kernel packages.

VMware ESX third party updates for Service Console packages glibc, sudo, and openldap are available now for ESX 4.0. They fix some vulnerabilities that might lead to a Denial-of-Service (DoS), a root compromize or remote code execution. A patch is still pending for ESX 4.1.

Several vulnerabilities have been found in the NOvell iPrint Client prior to 5.56. Exploiting them might allow remote and unauthenticated attackers to execute arbitrary code on a vulnerable system.

Microsoft Windows contains a stack-based buffer overflow vulnerability within the shimgvw.dll library when parsing thumbnail bitmaps containing a negative "biClrUsed" value. Exploit code for this vulnerability is publicly available. By convincing a user to view a specially crafted file containing a malicious thumbnail bitmap value, an attacker may be able to execute arbitrary code with the privileges of the user. To reduce the risk, Microsoft recommends to modify the Access Control List (ACL) on shimgvw.dll.

A security risk with CA ARCserve D2D has been found. A vulnerability exists due to default vulnerabilities inherent in the Tomcat and Axis2 3rd party software components. A remote attacker can exploit the implementation to execute arbitrary code. CA has issued an Information Solution to address the vulnerability. A permanent solution will be posted soon at their web site.

Several vulnerabilities have been found in the kernel of Red Hat Enterprise Linux. Due to security reasons it's recommended to install updated kernel packages.