AERAsec - Network Security - Current Security Messages

Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!

This is some information you send:
Your Browser	CCBot/2.0
Your IP address	ec2-54-234-42-16.compute-1.amazonaws.com [54.234.42.16]
Your referer	(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen message with ID ae-200806-049

System:	Mandriva Linux
Topic:	Vulnerabilities in nasm and freetype2
Links:	MDVSA-2008:119, CVE-2008-2696
ID:	ae-200806-049

An off-by-one error was found in nasm 2.02 that allowes context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.
Multiple vulnerabilities were discovered in FreeType's Printer Font Binary (PFB) font-file format parser. If a user were to load a carefully crafted font file with a program linked against FreeType, it could cause the application to crash or potentially execute arbitrary code.
Fixed packages are available now.