Potential security vulnerabilities have been discovered in HP OpenView Storage Data Protector on Windows. These vulnerabilities can be exploited to execute arbitrary code. HP has made software upgrades available to fix these vulnerabilities.

In the kernel of SUSE Linux Enterprise 11 Service Pack 1 several vulnerabilities have been found. Exploiting them might allow local attackers to gain increased privileges. Additionally, attackers might be able to initialize a Denial-of-Service (DoS). Updated kernel packages (2.6.32.36) are available now.

For VMware ESX, VMware ESXi and VMware ESX Server different security updates are available. Some vulnerabilities, of which the most serious may lead to denial of service and the possibility of execution of arbitrary code via network are fixed. This affects the versions of VMware ESX 4.1, VMware ESX 4.0, VMware ESX 3.5, VMware ESX 3.0.3 and VMware ESXi 4.1 such as VMware ESXi 4.0.

Network Security Services (NSS) is a collection of libraries that support the development of safety-critical client and server applications. Updated nss packages that fix several vulnerabilities are now available for Red Hat Enterprise Linux 4, 5 and 6.

Updated firefox, thunderbird, seamonkey, iceweasel, icedove and iceape packages that fix several security issues are now available for several systems. Please update your software.

Several vulnerabilities have been found in the Drupal third-party modules Node Reference URL and Save Draft, allowing remote administrative access by deploying a Cross-Site Scripting (XSS) vulnerability. Fixed software is available now. Please be aware that Drupal core is not affected.

The Cisco Unified Communications Manager contains the following vulnerabilities: Three Denial of Service vulnerabilities affect the Session Initiation Protocol (SIP) services. A directory transversal vulnerability and two SQL injection vulnerabilities. Cisco has released free software updates for affected versions of Cisco Unified Communications Manager to eliminate the vulnerabilities.
The Cisco Wireless LAN Controller product family is prone to a Denial of Service (DoS) vulnerability, which allows an unauthenticated attacker to restart a device by loading a series of ICMP packets. Cisco has released free software updates for this vulnerability.

There are vulnerabilities in CA Arcot WebFort Versatile Authentication Server. The vulnerabilities are caused by a lack of protection of request parameters to the Arcot management console. An attacker who can convince a user to follow a URL can perform cross-site scripting attacks. These vulnerabilities only affect the administrative console. Administrators should access the administrative console using a bookmark and not via external links.

A vulnerability in numerous versions of the Adobe Acrobat and Reader has been found. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page, or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an E-Mail attachment, targeting the Windows platform. Opening this file with a vulnerable version leads to a crash of the application and potentially allows an attacker to take control of the affected system. Adobe recommends to install an updated version that is available now.

Potential security vulnerabilities have been discovered in Ca Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities.

The CA Support Technologies has informed customers about a security risk in the CA SiteMinder. There is a vulnerability that may allow a malicious user to impersonate another user. CA Technologies has released patches for the vulnerability.

ISC Dhclient does not escape certain shell metacharacters from DHCP responses (such as hostname) before passing it to the dhclient-script. This can enable to run malicious code on the client. Updated packages or workarounds are available.

Vulnerabilities were found in HP SiteScope. These vulnerabilities can be exploited via Cross Site Scripting (XSS) and HTML-injection. The vulnerability can be solved by installing the hotfix SS1110110412 in HP SiteScope v11.1.

A potential vulnerability has been identified in HP Network Automation for Linux, Solaris and Windows. This vulnerability can be exploited to expose information. HP has released a hotfix to close this gap.

A potential security vulnerability has been discovered in HP Virtual Server Environment for Windows. The vulnerability could be exploited over the network to extend privileges of users. HP has released HP Virtual Server Environment v6.3 to fix the vulnerability.

Several potential security vulnerabilities have been identified in the HP Insight Control performance management for Windows. The vulnerabilities could be exploited remotely resulting in Cross-Site Request Forgery (CSRF).
HP has provided HP Insight Control performance management v6.3 to resolve these vulnerabilities.

Potential security vulnerabilities have been discovered in HP OpenView Storage Data Protector. These vulnerabilities can be exploited to execute arbitrary code. HP has made software upgrades available to fix these vulnerabilities.

The kdelibs packages provide libraries for the K Desktop Environment (KDE). An error was found in the manner kdelibs reviewd the specified host name against the hostname in the server SSL certificate. A man-in-the-middle attacker could exploit this flaw to move an application that uses kdlibs to the acceptance of a false certificate. Moreover, there is a cross-site scripting (XSS) vulnerability.
The kdenetwork packages contain networking applications for the K Desktop Environment (KDE). A directory traversal vulnerability was found in KGet, a download manager. An attacker could exploit this flaw to create a specially crafted file that, when they open, it allows all the files of the running user to overwrite.
Users should upgrade this updated packages. The desktop must be restarted in both cases, so that the fix is active.

Asterisk is a free software implementation of a telephone private branch exchange (PBX). Several vulnerabilities have been discovered in Asterisk, which can lead to serious denial-of-service and execution of arbitrary code. We recommend that you upgrade your asterisk packages. Libmodplug renders mod music files into raw audio data in order to play or convert. It was discovered a buffer overflow in the code to handle Tracker S3M files in the Modplug tracker music library, which can lead to the execution of arbitrary code. Updated libmodplug packages are available.

X.Org is an open source implementation of the X Window System. Certain variables are not properly filtered by the xrdb helper program of the xorg-x11 package. So remote attackers might be able to to execute arbitrary code with root privileges. Updated xorg-x11 packages are available now.

A vulnerability in numerous versions of the Adobe Acrobat and Reader has been found. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page, or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an E-Mail attachment, targeting the Windows platform. Opening this file with a vulnerable version leads to a crash of the application and potentially allows an attacker to take control of the affected system. Adobe recommends to install an updated version that is available now.

Several potential security vulnerabilities have been identified in the HP Systems Insight Manager (SIM) for HP-UX, Linux and Windows. The vulnerabilities could be exploited remotely resulting in Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), execution of arbitrary code, or a Denial-of-Service (DoS). Most of them are reasoned by the integrated Flash Player.
HP has provided HP SIM v6.3 to resolve these vulnerabilities.

Several potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. The vulnerabilities could be exploited remotely resulting in unauthorized access, execution of arbitrary code, and Denial-of-Service (DoS).
HP has provided HP System Management Homepage v6.3 to resolve the vulnerabilities.

Potential security vulnerabilities have been identified with HP Proliant Support Pack running on Linux and Windows. They could be exploited remotely resulting in cross site scripting (XSS), URL redirection, and information disclosure.
HP has provided HP Proliant Support Pack 8.7 to resolve the vulnerabilities.

A potential vulnerability has been identified with HP Performance Insight running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to access sensitive information.
HP has made a hotfix available to resolve the vulnerability.

Potential security vulnerabilities have been identified with Insight Control for Linux (IC-Linux). They could be exploited remotely to allow unauthorized elevation of privilege, execution of arbitrary code, encryption downgrade, information disclosure, and Denial-of-Service (DoS).
HP has made Insight Control for Linux (IC-Linux) v6.3 or subsequent available to resolve the vulnerabilities.

The JBoss Seam 2 framework is an application framework for building web applications in Java. JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. It has been found that JBoss Seam 2 doesn't properly block access to JBoss Expression Language (EL) constructs in page exception handling, allowing arbitrary Java methods to be executed. A remote attacker could use this flaw to execute arbitrary code via a specially-crafted URL provided to certain applications based on the JBoss Seam 2 framework.
An updated version is available now.

It has been discovered that incorrect ACL processing in TinyProxy, a lightweight, non-caching, optionally anonymizing http proxy could lead to unintended network access rights. Doctrine is a PHP library for implementing object persistence. It contains SQL injection vulnerabilities. The exact impact depends on the application which uses the Doctrine library. Further on, several security vulnerabilities were discovered in OpenJDK, an implementation of the Java platform.
Updated packages address these issues.

The mountd(8) daemon services NFS mount requests from other client machines. While parsing the exports(5) table, a network mask in the form of "-network=netname/prefixlength" results in an incorrect network mask being computed if the prefix length is not a multiple of 8. When using a prefix length which is not multiple of 8, access would be granted to the wrong client systems. An upgrade remedies this problem.

A potential cross-site scripting vulnerability has been identified in RSA Adaptive Authentication (On-Premise) that could be exploited in certain circumstances. This is due to an input validation error in a Flash Shockwave file provided by the Adaptive Authentication system.
EMC has made hot fixes available to resolve this vulnerability.

EMC NetWorker contains a potential security vulnerability that can be exploited to execute malicious code with elevated privileges on the affected system. This is due to an unspecified file in EMC NetWorker contains incorrect permissions.
EMC has made patches available to resolve this vulnerability.

In the kernel of openSUSE 11.2 several vulnerabilities have been found. Exploiting them might allow local attackers to gain increased privileges. Additionally, attackers might be able to initialize a Denial-of-Service (DoS). Updated kernel packages are available now.

A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized access to NNMi processes.
HP has made patches available to resolve this vulnerability.

PolicyKit is a toolkit for defining and handling authorizations. A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Updated packages are available now.

Request Tracker is an issue tracking system. Several vulnerabilities have been found. If they are exploited, remote code execution is possible as well as a read-only access to data. A local user might be able to access confidential data.
Mojolicious is a Perl Web Application Framework. Here, a directory traversal vulnerability has been found.
Updated packages address these issues.

A new SUSE Security Summary reports about vulnerabilities in the packages NetworkManager, OpenOffice_org, apache2-slms, dbus-1-glib, dhcp/dhcpcd/dhcp6, freetype2, kbd, krb5, libcgroup, libmodplug, libvirt, mailman, moonlight-plugin, nbd, openldap2, pure-ftpd, python-feedparser, rsyslog, telepathy-gabble, and wireshark. Updated packages are available now and should be installed on vulnerable systems.

Oracle has published a Critical Patch Update, fixing multiple security vulnerabilities in Oracle products. Affected are Oracle Database, Oracle Fusion Middleware, Oracle Enterprise Manager and further Oracle Applications as well as the Oracle Sun Products Suite. It's strongly recommended to update affected systems.

The XML Security Library xmlsec allows remote attackers to create or overwrite arbitrary files through specially crafted XML files using the libxslt output extension and a ds:Transform element during signature verification. Updated packages address this problem.

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files. A heap-based buffer overflow flaw has been found in the way libtiff processes certain TIFF image files that are compressed with the JPEG compression algorithm. An attacker could use this flaw to create a specially-crafted TIFF file that, when opened, would cause an application linked against libtiff to crash or, possibly, execute arbitrary code. Updated packages are available now.

Apple iTunes is a program for the administration of multimedia data. A man-in-the-middle attack may lead to an unexpected application termination or arbitrary code execution while browsing the iTunes Store via iTunes. iTunes 10.2.2 is now available and addresses this security problem.

Wireshark is a mighty tool for analyzing network traffic and troubleshooting. Wireshark has been published in version 1.4.5. This release fixes some vulnerabilities. The NFS dissector on Windows as well as the X.509if dissector might crash when analyzing data. Further on, a buffer overflow in the DECT dissector might lead to remote code execution. So an upgrade to version 1.4.5 is recommended.

A vulnerability in numerous versions of the Adobe Flash Player has been found. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a malicious Web page, or a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an E-Mail attachment, targeting the Windows platform. Opening this file with a vulnerable version leads to a crash of the application and potentially allows an attacker to take control of the affected system. Adobe recommends to install an updated version, being available now.

As reported for other systems before, several fraudulent SSL certificates were issued by a Comodo affiliate registration authority. This may allow a man-in-the-middle attacker to redirect connections and intercept user credentials or other sensitive information. This issue is now addressed by blacklisting the fraudulent certificates.

Using the web browser Apple Safari 5.0.4 and earlier might result in security risks. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This is due to an integer overflow in the handling of nodesets and a use after free issue in the handling of text nodes, respectively. Version 5.0.5 is available now, solving these issues.

From now on, the Apple iOS 4.3.2 Software Update as well as the Apple iOS 4.2.7 Software Update is available. Please use this latest version to be protected against many security related problems.

Several vulnerabilities have been found in CA Total Defense Suite. Exploiting them might lead to unauthorized access as well as remote and unauthenticated execution of arbitrary code on a vulnerable system running Windows 7, Windows Server 2003 or 2008. A patch is available now.

A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows running Java. The vulnerability could be remotely exploited to create a Denial-of-Service (DoS).
Further potential security vulnerabilities have been identified with HP Network Node Manager i (NNMi). One vulnerability could be exploited by a local user to gain unauthorized access to files. The other vulnerability could result in remote cross site scripting (XSS).
HP has made patches available to resolve the vulnerabilities.

The password-changing capability of the MIT krb5 administration daemon (kadmind) has a bug that can cause it to attempt to free() an invalid pointer under certain error conditions. This can cause the daemon to crash (Denial-of-Service) or induce the execution of arbitrary code. kadmind in MIT releases krb5-1.7 and later is vulnerable. A workaround as well as a patch have been published.

The rhev-hypervisor package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. Various vulnerabilities have been found in this package. Exploiting them might lead to a Denial-of-Service (DoS). It's recommended to install updated packages, that are available now.

X.Org is an open source implementation of the X Window System. Certain variables are not properly filtered by the xrdb helper program of the xorg-x11 package. So remote attackers might be able to to execute arbitrary code with root privileges. Updated xorg-x11 packages are available now.

There are vulnerabilities in the versions of the Apache Tomcat Web server, which some BlackBerry Enterprise Server components use to manage administration pages. These problems may cause Denial of Service (DoS) and influence the functioning of the affected components. There is also the possibility of disclosure of information or cross-site scripting (XSS) on the affected components. These gaps have no effect on BlackBerry messaging services. RIM has released updates that address these vulnerabilities in the affected versions of the BlackBerry Enterprise Server.

BIND is an open-source software package to implement a domain name system server. There was a potential security issue on HP-UX found in Bind. This vulnerability could be exploited to cause a Denial of Service (DoS) attack. HP has made upgrades to correct this vulnerability.

A potential security vulnerability has been found in NFS/ONCplus on HP-UX. The vulnerability can lead to Denial of Service (DoS). HP has released an upgrade to resolve this vulnerability.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of RealNetworks RealPlayer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. RealNetworks has issued an update to correct this vulnerability.

In the kernel of Red Hat Enterprise Linux 5 several vulnerabilities have been found. Exploiting them might allow local attackers to gain increased privileges. Additionally, attackers might be able to initialize a Denial-of-Service (DoS) or to gain unauthorized access.
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. A flaw was found in the way the Avahi daemon (avahi-daemon) processes Multicast DNS (mDNS) packets with an empty payload. An attacker on the local network could use this flaw to cause avahi-daemon on a target system to enter an infinite loop via an empty mDNS UDP packet (DoS).
Updated packages are available now.

It has been discovered that the MP4 decoder plugin of vlc, a multimedia player and streamer, is vulnerable to a heap-based buffer overflow. This has been introduced by a wrong data type being used for a size calculation. An attacker could use this flaw to trick a victim into opening a specially crafted MP4 file and possibly execute arbitrary code or crash the media player.
Updated packages are available now.

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

No further comment due to legal reasons

On some HP Photosmart printers potential security vulnerabilities have been discovered. These vulnerabilities can be exploited to carry out cross-site scripting (XSS) or gain unauthorized access to data or printer configuration information. In the CVEs a workaround to the particular vulnerability is described.

There exists a vulnerability within a servlet of Novell Zenworks, which provides functions for uploading files. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Novell Zenworks Asset Management. Authentication is not required to exploit this vulnerability. Novell has released an update to correct this vulnerability.

X. Org is an open source implementation of the X Window System. The xorg-x11-server-utils package contains a collection of tools to modify and query the runtime configuration of X.Org server. Certain variables are not properly filtered when you start a graphical session, which could allow an attacker to execute arbitrary code with root privileges. Updated xorg-x11 and xorg-x11-server-utils packages are now available and resolve several vulnerabilities in Red Hat Enterprise Linux. Red Hat Network Satellite (RHN Satellite) is a management tool for Linux-based IT infrastructures. It enables the deployment, management and monitoring of multiple Linux systems with a single tool. Updated packages fix several security vulnerabilities and are now available for Red Hat Network Satellite 5.3 and 5.4 available.

A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions, Adobe Flash Player 10.2.156.12 and earlier versions, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an E-Mail attachment, targeting the Windows platform. Currently an update is planned, at least at the next quarterly update this problem will be solved.

A vulnerability allows unauthenticated remote attackers to execute arbitrary code on vulnerable installations of McAfee Firewall Reporter. This is due to a flaw within the code responsible for authenticating users. The GernalUtilities.pm file contains code to validate sessions by parsing cookie values without sanitization. The faulty logic simply checks for the existence of a particular file, without verifying its contents. By using a directory traversal technique an attacker can point the cgisess cookie value to an arbitrary file that exists on the server and thus bypass authentication. This problem is solved in McAfee Firewall Reporter version 5.1.0.13.

Gitolite, an SSH-based gatekeeper for Git repositories, is vulnerable to directory traversal attacks, when admin defined commands (ADC) will be processed. This allows an attacker to execute arbitrary commands with the privileges of the gitolite-server. Please note that this only affects systems where ADC is enabled (not default on Debian). We recommend that you update your gitolite packages.

As reported before (ae-201104-022), it was found out, that the DHCP client daemon dhclient is not sufficiently filtering certain options in the responses of the DHCP server. A malicious DHCP server could send such a package with a specially crafted value to a DHCP client, which can then lead to arbitrary code execution with the privileges of the process. All users of dhclient should upgrade the packages.

Ikiwiki, a wiki compiler, does not validate input data when the htmlscrubber plugin is enabled or alternative style sheets are added. This allows an attacker who is able to upload custom stylesheets, to thereby perform cross-site scripting attacks. We recommend that you upgrade your ikiwiki package.

It was found that in the x11-xserver-utils, a collection of utilities to optimize and configure the X server, host names are not filtered properly. This allows an attacker to execute arbitrary code with root privileges. We recommend that you update your x11-xserver-utils packages.

In the kernel of Red Hat Enterprise Linux 6 several vulnerabilities have been found. Exploiting them might allow local attackers to gain increased privileges. Additionally, attackers might be able to initialize a Denial-of-Service (DoS) or to gain unauthorized access. Updated kernel packages are available now.

The Simple Protocol for Independent Computing Environments (SPICE) is a remote display protocol used in Red Hat Enterprise Linux for viewing virtualized guests running on the Kernel-based Virtual Machine (KVM) hypervisor, or on Red Hat Enterprise Virtualization Hypervisor. The spice-xpi package provides a plug-in that allows the SPICE client to run from within Mozilla Firefox. An uninitialized pointer use flaw was found in the SPICE Firefox plug-in. If a user were tricked into visiting a malicious web page with Firefox while the SPICE plug-in was enabled, it could cause Firefox to crash or, possibly, execute arbitrary code with the privileges of the user running Firefox. Further on, it was found that the SPICE Firefox plug-in uses a predictable name for one of its log files. A local attacker could use this flaw to conduct a symbolic link attack, allowing them to overwrite arbitrary files accessible to the user running Firefox.
Updated packages are available now.

A malicious packet containing nested RFC 3173 - IP Payload Compression Protocol (IPComp) headers can cause a panic due to kernel stack exhaustion in a kernel with option IPSEC enabled. Under certain conditions, kernel memory may get overwritten. In kernels with option FAST_IPSEC a sufficient quantity of such packets may cause a Denial-of-Service.
Updated packages are available now.

A vulnerability was found in the Drupal third-party module Node Quick Find, allowing unauthorized access for unauthenticated users. Fixed software is available now. Please be aware that Drupal core is not affected.

Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS.
It was discovered that Postfix doesn't flush the received SMTP commands buffer after switching to TLS encryption for an SMTP session. A man-in-the-middle attacker could use this flaw to inject SMTP commands into a victim's session during the plain text phase. This would lead to those commands being processed by Postfix after TLS encryption is enabled, possibly allowing the attacker to steal the victim's mail or authentication credentials. Further on, it was discovered that Postfix doesn't properly check the permissions of users' mailbox files. A local attacker able to create files in the mail spool directory could use this flaw to create mailbox files for other local users, and be able to read mail delivered to those users.
Updated packages are available now.

A regression in the fix for CVE-2011-1088 meant that security constraints were ignored when no login configuration was present in the web.xml and the web application was marked as meta-data complete. Changes introduced to the HTTP BIO connector to support Servlet 3.0 asynchronous requests did not fully account for HTTP pipelining. As a result, when using HTTP pipelining a range of unexpected behaviours occurrs including the mixing up of responses between requests.
It's expected that vendors who support Apache Tomcat will be providing updates soon.

VLC is a multimedia player and streamer. Due to missing input santising the execution of arbitrary code is possible if a user is tricked into opening a malformed media file.
tmux is a terminal multiplexer. It's not properly dropping group privileges, so a user with an existing account may gain increased privileges.
Updated packages are available now.

Subversion (SVN) is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. It has been found out that HTTP-based Subversion servers crash when processing lock requests on repositories which support unauthenticated read access. This Denial-of-Service (DoS) can be avoided by updating the affected packages.

After installing bos.rte.security 6.1.6.4 fileset, an LDAP user will be able to log in with an incorrect password. This occurs only when authtype is set to ldap_auth. Under specific conditions, non-LDAP users can also log in with incorrect passwords. IBM has assigned an APAR to solve this problem.

A new SUSE Security Summary reports about vulnerabilities in the packages apache2-mod_php5/php5, cobbker, envince, gdm, kdelibs4, orts, and quagga. Updated packages are available now and should be installed on vulnerable systems.

dhclient doesn't strip or escape certain shell meta-characters in dhcpd responses, allowing a rogue server or party with with escalated privileges on the server to cause remote code execution on the client. Updated software is available now.

The root password hash along with other users' password hashes may be contained in the back-out patch files. In some instances, these files may be readable by unprivileged users. An unprivileged user can extract the password hashes from the file and perform a brute force attack on the password hashes in an attempt to recover the password. It's recommended to install the concerning patch.

A potential vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in information disclosure. HP has made a hotfix available to resolve this vulnerability.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell File Reporter Agent. Authentication is not required to exploit this vulnerability. The flaw exists within the NFRAgent.exe component which listens by default on TCP port 3037. When handling the content of an XML tag the process blindly copies user supplied data into a fixed-length buffer on the stack. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. Updated software is available now.

The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies.
It has been discovered that the seunshare utility doesn't enforce proper file permissions on the directory used as an alternate temporary directory mounted as /tmp/. A local user could use this flaw to overwrite files or, possibly, execute arbitrary code with the privileges of a setuid or setgid application that relies on proper /tmp/ permissions, by running that application via seunshare.
Updated packages are available now.

xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification. A buffer overflow in LibTIFF allows remote attackers to execute arbitrary code or cause a Denial-of-Service via a crafted TIFF image with JPEG encoding. Further on, a heap-based buffer overflow in the thunder (aka ThunderScan) decoder in tif_thunder.c in LibTIFF 3.9.4 and earlier allows remote attackers to execute arbitrary code via crafted THUNDER_2BITDELTAS data in a .tiff file that has an unexpected BitsPerSample value.
A race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place. The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name. Finally, the writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a Denial-of-Service (DoS) via special characters in a log filename.
rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a Denial-of-Service (DoS) or possibly execute arbitrary code via malformed data.
Updated packages are available now.

Layer Four Traceroute (LFT) is an alternative traceroute command. Given a specific set of command line arguments, Layer Four Traceroute (lft) will produce a segmentation fault leading to a possible privilege escalation vulnerability. An upgrade to Layer Four Traceroute 3.3 or later is recommended.

The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.
Some vulnerabilities have been found in glibc. Exploiting them might lead to the execution of arbitrary code or commands, increased privileges, also to modify arbitrary files and finally a Denial-of-Service (DoS). Updated packages are available now.

A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. The reason is the solid.exe process which listens by default on TCP ports 1315, 1964 and 2315. The authentication protocol allows a remote attacker to specify the length of a password hash. By specifying a minimum length the attacker can force the process to validate only the first several bytes of the password hash. This can be abused to bypass authentication to the database. IBM has issued an update to correct this vulnerability.

TIFF is the widely used Tag Image File Format. The library being responsible for TIFF manipulation and conversion shows some vulnerabilities. Exploiting them might lead to a Denial-of-Service (DoS) or the execution of arbitrary code. This can be done by a crafted TIFF image with JPEG encoding, a crafted TIFF Internet Fax Image or a TIFF file that has an unexpected BitsPerSample value. Updated packages address these issues.

Apache is a famous and widely use web server. Potential security vulnerabilities have been identified with HP-UX Apache Web Server. These vulnerabilities could be exploited remotely to disclose information, allow Cross-Site Scripting (XSS), or create a Denial-of-Service (DoS). The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Updated packages are available now, it's recommended to install them.

A potential security vulnerability have been identified with HP-UX B.11.23 and B.11.31. The vulnerability could be exploited locally to create a Denial-of-Service (DoS). It's recommended to install a patch which is available now.

A potential and longer known security vulnerability has been identified with HP-UX running XNTP. The vulnerability might be exploited remotely create a Denial-of-Service (DoS). Updated packages are available now.

Potential security vulnerabilities have been identified in HP Operations for UNIX. The vulnerabilities could be exploited remotely resulting in Cross-Site Scripting (XSS) or unauthorized access. HP has provided a hotfix to resolve the vulnerabilities.

A new SUSE Security Summary reports about vulnerabilities in the packages hplip, perl, subversion, t1lib, bind, tomcat 5/6, avahi, gimp, aaa_base, build, libtiff, krb5, nbd, clamav, flash-player, pango, openssl, postgresql, logwatch, libxml2, quagga, and fuse / util-linux. Updated packages are available now and should be installed on vulnerable systems.

A double free in tgt, the Linux SCSI target user-space tools, might lead to a Denial-of-Service. Updated packages are available now.

Juniper Networks Secure Access could allow a remote attacker to bypass security restrictions, caused by an error in the Network Connect Credential Provider. An attacker could exploit this vulnerability to bypass the authentication process on Microsoft Windows. It's recommended to upgrade to the latest version of Networks Secure Access (6.5R9, 7.0R4, or 7.1R1 or later), available from the Juniper Networks Web site.

RealPlayer 14.0.2.633 is vulnerable to a buffer overflow, caused by improper bounds checking when processing malicious files. By persuading a victim to open a specially-crafted .avi file, a remote attacker could overflow a buffer and execute arbitrary code on the system. A patch is not yet available.

FFmpeg offers a collection of free programs and libraries to record, send and convert video and audio files. Several well known vulnerabilities can be fixed now by installing the latest packages.

The IP Payload Compression Protocol (IPComp) is a protocol intended to provide compression of ip datagrams, and is commonly used alongside IPSec. For compression, mostly the DEFLATE algorithm is used. Some network stack implementations, particularly those incorporating the KAME project or NetBSD project IPComp and IPsec implementations, may fail to check for stack overflow in their recursive handling of nested IPComp-encapsulated payloads. Exploitation of this vulnerability could allow a remote attacker to cause kernel memory corruption. Please check the advisory to find out if your system is affected, and also please check if an update is available.

A potential security exposure with IBM WebSphere Application Server on z/OS has been found. Unauthorized users might be granted unintended access to WebSphere applications. This only occurs when WebSphere is configured with a Local OS user registry or a Federated Repository configured with RACF (Resource Access Control Facility) adapter. Both the Local OS user registry and the Federated Repository configuration with RACF adapter use SAF (System Authorization Facility) implementation which means both RACF usage and equivalent product usage are affected. Patches are available now.

It has been discovered that the Quagga routing daemon contains two Denial-of-Service vulnerabilities in its BGP implementation. A crafted Extended Communities attribute triggers a NULL pointer dereference which causes the BGP daemon to crash. The crafted attributes are not propagated by the Internet core, so only explicitly configured direct peers are able to exploit this vulnerability in typical configurations. Further on, the BGP daemon resets BGP sessions when it encounters malformed AS_PATHLIMIT attributes, introducing a distributed BGP session reset vulnerability which disrupts packet forwarding. Such malformed attributes are propagated by the Internet core, and exploitation of this vulnerability is not restricted to directly configured BGP peers. Updated packages are available now.