|
|
Colapse all |
Post message
[RHSA-2004:030-01] Updated NetPBM packages fix multiple temporary file vulnerabilities 2004-02-05 bugzilla redhat com Re: getting rid of outbreaks and spam 2004-02-05 Thor Larholm (thor pivx com) 0.02 kroner coming up :) > From: Gadi Evron > > 2. In a broader view, notifications ARE currently the > problem rather than a solution. I think we all recognize the fundamental truth that AV notifications are pure marketing. They contain no instructions on removing the virus and only serve to spre [ more ] [ reply ] Possible Cross Site Scripting in Discuz! Board 2004-02-05 Cheng Peng Su (apple_soup msn com) Advisory Name:Possible Cross Site Scripting in Discuz! Board Release Date: Feb 5,2004 Application: Discuz! Board Version Affected: 2.x , 3.x Platform: PHP Severity: Low Discover: Cheng Peng Su(apple_soup_at_msn.com) Vendor URL: http://www.discuz.com/ ####################################### [ more ] [ reply ] MDKSA-2004:009 - Updated glibc packages fix resolver vulnerabilities 2004-02-05 Mandrake Linux Security Team (security linux-mandrake com) Two checkpoint fw-1/vpn-1 vulns 2004-02-05 Bjørnar Bjørgum Larsen (bjornar bjorgum larsen ementor no) Re: X-Cart vulnerability 2004-02-05 Dmitry (verbic creativedevelopment biz) In-Reply-To: <20040203091937.11695.qmail (at) www.securityfocus (dot) com [email concealed]> Vulnerabilities specified by Philip were partially confirmed for a limited number of versions. Patches for affected versions are available for download in the X-Cart members area. -- Dmitry Verbichenko Creative Development [ more ] [ reply ] Checkpoint 4.1 Vulnerability 2004-02-05 Macroscape Solutions (lists macroscape com) I haven't seen any discussion on this yet surprisingly. http://xforce.iss.net/xforce/alerts/id/163 Looks pretty bad since technically 4.1 is no longer supported ------------------------------ Macroscape Solutions Inc. information technology foresight http://www.macroscape.com ----------------- [ more ] [ reply ] OpenBSD IPv6 remote kernel crash 2004-02-05 Thor Larholm (thor pivx com) Georgi Guninski posted an advisory on his site about a remote crash in the OpenBSD kernel caused by connecting with a small IPv6 MTU. http://www.guninski.com/obsdmtu.html The error was present in revision 1.81 of /src/sys/netinet6/ip6_output.c and is fixed in revision 1.82 ( 2004/02/04 08:47:41 ), [ more ] [ reply ] [CLA-2004:811] Conectiva Security Announcement - libtool 2004-02-05 Conectiva Updates (secure conectiva com br) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ -- CONECTIVA LINUX SECURITY ANNOUNCEMENT - ------------------------------------------------------------------------ -- PACKAGE : libtool SUMMARY : Insecure handling of tempor [ more ] [ reply ] [RHSA-2004:020-01] Updated mailman packages close cross-site scripting vulnerabilities 2004-02-05 bugzilla redhat com RE: Hacking USB Thumbdrives, Thumprint authentication 2004-02-04 markus-1977 gmx net Hey, > I've been working with fingerprint authentication devices for over 9 years now. The basis for the research quoted on cracking these > devices is weak. Is it possible to devise a way to fool fingerprint readers?... given enough time, gummy bears and glue? It may be > possible but having [ more ] [ reply ] RE: Hysterical first technical alert from US-CERT - CERT#25304 2004-02-04 Steen Larsen (slarsen messagelabs com) We got this alert too and it was definitely a mistake as MyDoom.B never took off. We received it 29 Jan 2004 01:56:52 GMT which confirms CERTs mail server time stamp: Wed, 28 Jan 2004 20:55:16 -0500 Last time I had a look at our statistics we had stopped approx 21 Million copies of MyDoom.A and ... [ more ] [ reply ] Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer 2004-02-04 NGSoftware Insight Security Research (mark ngssoftware com) NGSSoftware Insight Security Research Advisory Name: RealPlayer & RealOne Player Buffer Overruns Systems Affected: RealOne Player, RealOne Player v2, RealOne Enterprise Desktop / RealPlayer Enterprise (all language versions, all platforms) Severity: High Risk Vendor URL: http://www.real.com/ Author [ more ] [ reply ] [SECURITY] [DSA 434-1] New gaim packages fix several vulnerabilities 2004-02-05 joey infodrom org (Martin Schulze) IBM cloudscape SQL Database (DB2J) vulnerable to remote command injection 2004-02-05 Marc Schoenefeld (schonef uni-muenster de) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Illegalaccess.org security advisory ii/02-2004 (www.illegalaccess.org) IBM cloudscape SQL Database (DB2J) vulnerable to remote command injection Brief ===== Product : IBM cloudscape database Version : 5.1 Vendor : IBM Impact : Code injectio [ more ] [ reply ] FreeBSD Security Advisory FreeBSD-SA-04:02.shmat 2004-02-05 FreeBSD Security Advisories (security-advisories freebsd org) [PINE-CERT-20040201] reference count overflow in shmat() 2004-02-05 Joost Pol (joost pine nl) ------------------------------------------------------------------------ ------- Pine Digital Security Advisory ------------------------------------------------------------------------ ------- Advisory ID : PINE-CERT-20040201 (CAN-2004-0114) Authors : Joost Pol Vendor Informed : 2004 [ more ] [ reply ] announce: new mailing list - application security research - from vulnerabilities to code injection. 2004-02-04 Gadi Evron (ge linuxbox org) For the past month or two we have been seeing more and more off-topic message on the TH-Research (Trojan Horses Research) mailing list. We decided to start a new mailing list to take off the "pressure". The new mailing list is called appsec-research, and it will deal with issues such as vulnerabil [ more ] [ reply ] RE: MS to stop allowing passwords in URLs 2004-02-04 NESTING, DAVID M (SBCSI) (dn3723 sbc com) -----Original Message----- From: David B Harris [mailto:dbharris (at) eelf.ddts (dot) net [email concealed]] > Or, hey, a different on-screen representation? Something like, I dunno, > "http://user:pass@site/" being turned into "http://site/ (user: user, > password: pass)"? IMO, even this doesn't go far enough. We need to e [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Updated NetPBM packages fix multiple temporary file vulnerabilities
Advisory ID: RHSA-2004:030-01
Issue date:
[ more ] [ reply ]