|
|
Colapse all |
Post message
MDKSA-2004:099 - Updated XFree86 packages fix libXpm overflow vulnerabilities 2004-09-16 Mandrake Linux Security Team (security linux-mandrake com) iDEFENSE Security Advisory 09.16.04: Ipswitch WhatsUp Gold Remote Denial of Service Vulnerability 2004-09-16 customer service mailbox (customerservice idefense com) Ipswitch WhatsUp Gold Remote Denial of Service Vulnerability iDEFENSE Security Advisory 09.16.04 www.idefense.com/application/poi/display?id=142&type=vulnerabilities September 16, 2004 I. BACKGROUND Ipswitch WhatsUp Gold is a Microsoft Windows based network monitoring application. More informatio [ more ] [ reply ] RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-16 Parks, Matt (Matt Parks mms gov) Per the Microsoft bulletin-- Caveats: If you have installed any of the affected programs or affected components listed in this bulletin, you should install the required security update for each of the affected programs or affected components. This may require the installation of multiple security u [ more ] [ reply ] [ GLSA 200409-19 ] Heimdal: ftpd root escalation 2004-09-16 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Microsoft WordPerfect 5.x Converter Heap Overflow 2004-09-16 NGSSoftware Insight Security Research (nisr ngssoftware com) [sudo-announce] Sudo version 1.6.8p1 now available (fwd) 2004-09-16 je sekure net ---------- Forwarded message ---------- Date: Thu, 16 Sep 2004 13:13:05 -0600 From: Todd C. Miller <Todd.Miller (at) courtesan (dot) com [email concealed]> To: sudo-announce (at) sudo (dot) ws [email concealed] Subject: [sudo-announce] Sudo version 1.6.8p1 now available Sudo version 1.6.8, patchlevel 1 is now available. It includes a fix for a security [ more ] [ reply ] JPEG Processing BOF Proof Of Concept 2004-09-16 GulfTech Security (security gulftech org) About a year ago I came across this same issue. I came across it while messing with Solar Designer's old Netscape JPEG bug. So, in short the same issue applies to WinXP it seems. I showed the bug to a few people (even contacted Microsoft, but got no reply), but neither them nor myself ever got aroun [ more ] [ reply ] ADVISORY: security hole (http response splitting) in snitz forums 2000 2004-09-16 Maestro De-Seguridad (maestrodeseguridad lycos com) ADVISORY Author: Maestro (me!) Date: 16-SEP-04 Vendor: Snitz Communications (www.snitz.com) Product: Snitz Forums 2000 v3.4.04 Product description: (from vendor website) "the leading ASP forum/bbs on the internet today" Problem: Http response splitting (web cache poisoning, xss, yadayaday [ more ] [ reply ] Fwd: Theo's presentation on exploit prevention 2004-09-16 Bas Alberts (bas alberts immunitysec com) Some interesting comments on pro-active security appeared on the daily dave just now. http://lists.immunitysec.com/pipermail/dailydave/2004-September/000918.h tml Pasted for your convenience: [Dailydave] Theo's presentation on exploit prevention pageexec at freemail.hu pageexec at freemail.hu Th [ more ] [ reply ] MDKSA-2004:098 - Updated libxpm4 packages fix libXpm overflow vulnerabilities 2004-09-16 Mandrake Linux Security Team (security linux-mandrake com) RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-16 Angelidis, Fotis(NSASOUDABAY) (AngelidisF nsa souda navy mil) -----Original Message----- From: Polazzo Justin [mailto:Justin.Polazzo (at) facilities.gatech (dot) edu [email concealed]] Sent: Wednesday, September 15, 2004 6:24 PM To: Nick D.; bugtraq (at) securityfocus (dot) com [email concealed] Subject: RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow >Ps: ARRRgh!! > >P.p.s: Am I missing the all in o [ more ] [ reply ] [SECURITY] [DSA 546-1] New gdk-pixbuf packages fix several vulnerabilities 2004-09-16 joey infodrom org (Martin Schulze) www.proboards.com / YaBB XSS Vuln 2004-09-15 admin leetflash com A Cross Site scripting vulnerability exists currently for all boards of the ever popular www.proboards.com which has code based off of the popular YaBB Forums. This can result in an attacker stealing users Cookie Information and possible defacing/hijacking of the message board and its users acc [ more ] [ reply ] RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-16 Polazzo Justin (Justin Polazzo facilities gatech edu) Let me get this straight: It really doesn't matter if the version of Frogger I run has the older dll, to exploit the flaw you would have to get a user to view a malformed jpeg via the Frogger app which would call the older dll and voila! Right? Assuming that is correct; AutoCAD, while a big app on [ more ] [ reply ] [SECURITY] [DSA 548-1] New imlib packages fix arbitrary code execution 2004-09-16 joey infodrom org (Martin Schulze) wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities 2004-09-16 Paul Johnston (paul westpoint ltd uk) Westpoint Security Advisory --------------------------- Title: Multiple Browser Cookie Injection Vulnerabilities Risk Rating: Low Software: Multiple Web Browsers Platforms: Unix and Windows Author: Paul Johnston <paul (at) westpoint.ltd (dot) uk [email concealed]> assisted by Richard Moore < [ more ] [ reply ] [SECURITY] [DSA 547-1] New Imagemagic packages fix buffer overflows 2004-09-16 joey infodrom org (Martin Schulze) [OpenPKG-SA-2004.041] OpenPKG Security Advisory (spamassassin) 2004-09-15 OpenPKG (openpkg openpkg org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ OpenPKG Security Advisory The OpenPKG Project http://www.openpkg.org/security.html http://www.openpkg.org openpkg-security (at) openpkg (dot) org [email concealed] [ more ] [ reply ] MDKSA-2004:097 - Updated cups packages fix DoS vulnerability 2004-09-15 Mandrake Linux Security Team (security linux-mandrake com) Re: Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue 2004-09-15 David F. Skoll (dfs roaringpenguin com) On Wed, 15 Sep 2004, David Covin wrote: > Two points: > It's fair to argue > that canonicalizing is the more useful policy, but not that it is the > only secure one. Fair enough, with the caveat that it's probably easier to canonicalize than to detect all MIME messages that might possibly be misi [ more ] [ reply ] iDEFENSE Security Advisory 09.15.04: GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability 2004-09-15 customer service mailbox (customerservice idefense com) GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability iDEFENSE Security Advisory 09.15.04 www.idefense.com/application/poi/display?id=141&type=vulnerabilities September 15, 2004 I. BACKGROUND Radius is used for remote user authentication and accounting. For more informat [ more ] [ reply ] RE: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-15 Polazzo Justin (Justin Polazzo facilities gatech edu) (2 replies) I am trying to distribute the patch via patch management software, the problem is, Do I replace all incarnations if gdiplus.dll? If I have a win2k box running IE6 sp1, I install the IE6 patch. Fine, I can handle that, but what about my win2k boxes running AutoCAD 2004, Visio, IE6 and Dreamweave [ more ] [ reply ] Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-16 Gary Warner (gar askgar com) Re: Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow 2004-09-16 sheep explode (sheep explode gmail com) |
|
Privacy Statement |
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: XFree86
Advisory ID:
[ more ] [ reply ]