|
|
Colapse all |
Post message
MDKSA-2005:232 - Updated gstreamer-ffmpeg packages fix buffer overflow vulnerability 2005-12-15 Mandriva Security Team (security mandriva com) MDKSA-2005:231 - Updated ffmpeg packages fix buffer overflow vulnerability 2005-12-15 Mandriva Security Team (security mandriva com) MDKSA-2005:230 - Updated mplayer packages fix buffer overflow vulnerability 2005-12-15 Mandriva Security Team (security mandriva com) MDKSA-2005:229 - Updated xmovie packages fix buffer overflow vulnerability 2005-12-15 Mandriva Security Team (security mandriva com) MDKSA-2005:228 - Updated xine-lib packages fix buffer overflow vulnerability 2005-12-15 Mandriva Security Team (security mandriva com) MDKSA-2005:227 - Updated ethereal packages fix vulnerability 2005-12-14 Mandriva Security Team (security mandriva com) [SECURITY] [DSA 922-1] New Linux 2.6.8 packages fix several vulnerabilities 2005-12-14 joey infodrom org (Martin Schulze) [ GLSA 200512-06 ] Ethereal: Buffer overflow in OSPF protocol dissector 2005-12-14 Thierry Carrez (koon gentoo org) Re: [ GLSA 200512-04 ] Openswan, IPsec-Tools: Vulnerabilities in ISAKMP Protocol implementation 2005-12-14 Thierry Carrez (koon gentoo org) VANHULLEBUS Yvan wrote: > On Tue, Dec 13, 2005 at 09:49:40PM +0100, Paul Wouters wrote: > >>On Mon, 12 Dec 2005, Thierry Carrez wrote: >> >> [...] >>>Impact >>>====== >>> >>>A remote attacker can create a specially crafted packet using 3DES with >>>an invalid key length, resulting in a Denial of S [ more ] [ reply ] iDefense Security Advisory 12.14.05: Trend Micro PC-Cillin Internet Security Insecure File Permission Vulnerability 2005-12-14 labs-no-reply (at) idefense (dot) com [email concealed] (labs-no-reply idefense com) Trend Micro PC-Cillin Internet Security Insecure File Permission Vulnerability iDefense Security Advisory 12.14.05 www.idefense.com/application/poi/display?id=351&type=vulnerabilities December 14, 2005 I. BACKGROUND Trend Micro PC-Cillin Internet Security is antivirus protection software for ho [ more ] [ reply ] Re: Re: Re: [KAPDA::#16] - SMF SQL Injection 2005-12-13 grudge securityfocus com, simplemachines securityfocus com,org securityfocus com Remember, SMF only shows database syntax errors to administrators anyway, so they would not even see the query string itself. All the average user trying this gets is "A database error has occured". Either way securityfocus have kindly removed the advisory so we're happy. [quote] mphhh, correct... [ more ] [ reply ] Secunia Research: Microsoft Internet Explorer Keyboard ShortcutProcessing Vulnerability 2005-12-13 Secunia Research (vuln secunia com) [USN-230-1] ffmpeg vulnerability 2005-12-14 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-230-1 December 14, 2005 ffmpeg vulnerability CVE-2005-4048 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) The [ more ] [ reply ] CodeCon submission deadline reminder 2005-12-13 Len Sassaman (rabbi abditum com) Here's a reminder that the deadline for submissions to CodeCon 2006 is this week. Feel free to forward this to project developers who might not otherwise see it. --Len. -- CodeCon 2006 February 10-12, 2006 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of [ more ] [ reply ] SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:068) 2005-12-14 Marcus Meissner (meissner suse de) RLA ("Remote LanD Attack") 2005-12-14 Synister Syntax (synistersyntaxlist gmail com) Below is a copy of my RLA exploit submission in ASCII. Attached is a MSWord (.doc) version with rich formatting, created with ease of view in mind. Regards... ---------- RLA ("Remote LanD Attack") 2005 As discovered by: Justin M. Wray (jayizkool (at) gmail (dot) com [email concealed]) Devices/Vendors Vulnerable: - Micr [ more ] [ reply ] [ GLSA 200512-05 ] Xmail: Privilege escalation through sendmail 2005-12-14 Thierry Carrez (koon gentoo org) SUSE Security Announcement: php4, php5 (SUSE-SA:2005:069) 2005-12-14 Ludwig Nussel (ludwig nussel suse de) [SECURITY] [DSA 921-1] New Linux 2.4.27 packages fix several vulnerabilities 2005-12-14 joey infodrom org (Martin Schulze) Re: IMOEL CMS Sql password discovery 2005-12-14 Steven M. Christey (coley mitre org) Hello, >IMOEL CMS has the weakness to download the plain text sql password in >the setting.php file > >*/************************************* >$setting['host']['username'] = 'sqlusername'; >$setting['host']['password'] = 'sqlpassword'; > >*************************************** >so u can download [ more ] [ reply ] Bypass XSS filter in PHPNUKE 7.9=>x 2005-12-14 max jestsuper pl -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [Bypass XSS filter in PHPNUKE 7.9=>x cXIb8O3.21] Author: Maksymilian Arciemowicz ( cXIb8O3 ) Date: 14.12.2005 from SECURITYREASON.COM - --- 0.Description --- PHP-Nuke is a Web Portal System, storytelling software, news system, online community or what [ more ] [ reply ] Disclosure timelines from vendors - a promising practice? 2005-12-14 Steven M. Christey (coley mitre org) I was just browsing the Red Hat bug report for the mod_imap XSS issue (CVE-2005-3352). In it, they included a disclosure timeline (possibly from Apache, this is not clear). I've only seen a handful of disclosure timelines by a vendor. But in my opinion, it should be more widely adopted by those [ more ] [ reply ] Business Objects WebIntelligence 6.5x Account Lockout and System DoS 2005-12-14 mkemp4 csc com Computer Sciences Corporation Security Advisory December 14, 2005 Summary: CSC have discovered an issue that could impact upon the availability and security of servers operating Business Objects WebIntelligence software. If a remote malicious attacker is able to access authentication mechanisms (o [ more ] [ reply ] Countering Trusting Trust through Diverse Double-Compiling 2005-12-12 David A. Wheeler (dwheeler ida org) (1 replies) Everyone here should be familiar with Ken Thompson's famous "Reflections on Trusting Trust." If not, see: http://www.acm.org/classics/sep95/ The "trusting trust" attack subverts the compiler binary; if attacker succeeds, you're doomed. Well, til now. I've written a paper on an approach to counter [ more ] [ reply ] Re: Countering Trusting Trust through Diverse Double-Compiling 2005-12-14 Mike Lisanke (mikelisanke gmail com) (1 replies) Re: Countering Trusting Trust through Diverse Double-Compiling 2005-12-14 David A. Wheeler (dwheeler ida org) [OpenPKG-SA-2005.029] OpenPKG Security Advisory (apache) 2005-12-14 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2005:232
http://www.mandriva.com/security/
_____________________________________________________________________
[ more ] [ reply ]