|
|
Colapse all |
Post message
[SECURITY] [DSA 566-1] New CUPS packages fix information leak 2004-10-14 joey infodrom org (Martin Schulze) [SECURITY] [DSA 563-3] New cyrus-sasl packages fix arbitrary code execution on sparc and arm 2004-10-14 joey infodrom org (Martin Schulze) [FLSA-2004:1737] Updated httpd packages fix a mod_proxy securityvulnerability 2004-10-13 Marc Deslauriers (marcdeslauriers videotron ca) [OpenPKG-SA-2004.043] OpenPKG Security Advisory (tiff) 2004-10-14 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] [HV-MED] UPDATE: RIM Blackberry DoS, data loss 2004-10-14 vuln hexview com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 UPDATE: RIM Blackberry DoS, data loss Original disclosure is available at http://www.hexview.com/docs/20041012-1.txt Classification: =============== Level: low-[MED]-high-crit ID: HEXVIEW*2004*10*14*1 URL: http://www.hexview.com/docs/20041014-1.txt U [ more ] [ reply ] [FLSA-2004:1888] Updated mod_ssl package fixes Apache securityvulnerabilities 2004-10-13 Marc Deslauriers (marcdeslauriers videotron ca) [CLA-2004:873] Conectiva Security Announcement - samba 2004-10-14 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : samba SUMMARY : Fix for samba vulnerabilities [ more ] [ reply ] [ GLSA 200410-12 ] WordPress: HTTP response splitting and XSSvulnerabilities 2004-10-14 Luke Macken (lewk gentoo org) [FLSA-2004:1833] Updated lha resolves security vulnerabilities 2004-10-13 Marc Deslauriers (marcdeslauriers videotron ca) [CLA-2004:872] Conectiva Security Announcement - cups 2004-10-14 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : cups SUMMARY : Fix for CUPS denial of service [ more ] [ reply ] SetWindowLong Shatter Attacks 2004-10-13 Brett Moore (brett moore security-assessment com) ======================================================================== = SetWindowLong Shatter Attacks = = MS Bulletin posted: = http://www.microsoft.com/technet/security/bulletin/ms04-032.mspx = = Affected Software: = Microsoft Windows 98, 98SE, ME = Microsoft Windows NT 4.0 = Microsoft Windows [ more ] [ reply ] Buffer Overflow In Microsoft Excel 2004-10-13 Brett Moore (brett moore security-assessment com) ======================================================================== = Excel - Buffer Overflow In Microsoft Excel = = MS Bulletin posted: = http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx = = Affected Software: = Microsoft Office 2000 Service Pack 3 Software: = - Ex [ more ] [ reply ] Format String Vulnerability in Valve's CS-Source 2004-10-13 Some One (mc iglo ddclan de) Hi, if u type '%n' (without ') to in-game-console, your game crashes instantly. So far, i was not able, to do this remotely with rcon %n e.g., but this does not mean, it is not possible. Valve also got informed. P.S. i want the old CS-betas back, where you needed skill instead of luc [ more ] [ reply ] [ GLSA 200410-09 ] LessTif: Integer and stack overflows in libXpm 2004-10-13 Luke Macken (lewk gentoo org) MSN Gaming Heartbeat Component Buffer Overflow 2004-10-13 NGSSoftware Insight Security Research (nisr ngssoftware com) John Heasman of NGSSoftware has discovered a high risk vulnerability in the Heartbeat component used on MSN related gaming sites. This vulnerability has now been fixed by Microsoft, and a fix can be downloaded from the Microsoft Security website: http://www.microsoft.com/technet/security/bullet [ more ] [ reply ] [ GLSA 200410-11 ] tiff: Buffer overflows in image decoding 2004-10-13 Thierry Carrez (koon gentoo org) EEYE: Windows VDM #UD Local Privilege Escalation 2004-10-13 Derek Soeder (dsoeder eeye com) Windows VDM #UD Local Privilege Escalation Release Date: October 12, 2004 Date Reported: March 18, 2004 Severity: Medium (Local Privilege Escalation to Kernel) Systems Affected: Windows NT 4.0 Windows 2000 Windows XP (SP1 and earlier) Windows Server 2003 Description: eEye Digital Security has d [ more ] [ reply ] Adobe acrobat / Adobe Reader 6 can read local files 2004-10-12 Jelmer (jkuperus planet nl) Adobe acrobat / Adobe Reader 6 can read local files Description Acrobat/ Acrobat reader is software for viewing and printing Adobe Portable Document Format (PDF) files. Adobe PDF files can be viewed on most major operating systems. Version 6 of this program has an issue with the way it handles em [ more ] [ reply ] [ GLSA 200410-10 ] gettext: Insecure temporary file handling 2004-10-13 Luke Macken (lewk gentoo org) EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability 2004-10-13 Derek Soeder (dsoeder eeye com) Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability Release Date: October 12, 2004 Date Reported: August 2, 2004 Severity: High (Code Execution) Vendor: Microsoft Systems Affected: Windows XP (SP1 and earlier) Windows Me Overview: eEye Digital Security has discovere [ more ] [ reply ] [SECURITY] [DSA 565-1] New sox packages fix buffer overflow 2004-10-13 joey infodrom org (Martin Schulze) ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer 2004-10-13 ACROS Security (lists acros si) Below please find our public report for the HTTPS cache poisoning issue in Internet Explorer. It includes workarounds for server operators, allowing them to protect their web services without having to rely on users to patch their browsers. Regards, ACROS Security http://www.acrossecurity.com = [ more ] [ reply ] [FLSA-2004:2102] Updated samba packages fix security vulnerability 2004-10-13 Dominic Hargreaves (dom earth li) BindView Advisory: Memory Leak and DoS in NT4 RPC server 2004-10-13 advisory (advisory mail bos bindview com) IT Underground Talks 2004-10-13 Dave Aitel (dave immunitysec com) The two talks I did here are publicly available in OpenOffice format (www.openoffice.org if you don't have a reader already). http://www.immunitysec.com/downloads/canvas_reference_implementation.sxi http://www.immunitysec.com/downloads/advancedordnance2.sxi Thanks, Dave Aitel Immunity, Inc. [ more ] [ reply ] XXS in SCT email client 2004-10-13 Matthew Oyer (root spiffomatic64 com) Vendor : SCT URL : http://www.SCT.com/ Version: Campus Pipeline Risk : Cross site scripting Description: Fusetalk SCT Campus Pipeline is the Web platform of choice at over 175 institutions. It improves efficiency, builds community, and provides freedom of choice by integrating disparate systems an [ more ] [ reply ] [HV-HIGH] RIM Blackberry buffer overflow, DoS, data loss 2004-10-13 vuln hexview com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RIM Blackberry buffer overflow, DoS, data loss Classification: =============== Level: low-med-[HIGH]-crit ID: HEXVIEW*2004*10*12*1 Overview: ========= RIM Blackberry is a Java-based wireless connectivity solution providing phone, e-mail, and other ser [ more ] [ reply ] XXS in fusetalk forum 2004-10-13 Matthew Oyer (root spiffomatic64 com) Vendor : fusetalk URL : http://www.fusetalk.com/ Version: 4.0 Risk : Cross site scripting Description: Fusetalk is a discussion forum solution that provides a powerful and simple method of web-based collaboration. Cross site scripting: The filtering script for the img src= doesnt filter " if p [ more ] [ reply ] |
|
Privacy Statement |
http://scary.beasts.org/security/CESA-2004-006.txt
CESA-2004-006 - rev 3
libtiff-3.8.1 image decoder parsing flaws
=========================================
Programs: libtiff, and users of libtiff such as GNOME and KDE
(konqueror and mail clients are of particular con
[ more ] [ reply ]