All articles

The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS “style” attribute. A remote attacker could create a specially-crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. Updated packages are available from updates.redhat.com.

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials. A flaw was found in the way Thunderbird handled error responses returned from proxy servers. If an attacker is able to conduct a man-in-the-middle attack against a Thunderbird instance that is using a proxy server, they may be able to steal sensitive information from the site Thunderbird is displaying. Updated packages are available from updates.redhat.com.

Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. Several flaws were found in the way malformed HTML mail content was processed. An HTML mail message containing malicious content could execute arbitrary JavaScript in the context of the mail message, possibly presenting misleading data to the user, or stealing sensitive information such as login credentials. Updated packages are available from updates.redhat.com.

The Simple Network Management Protocol (SNMP) is a protocol used for network management. A divide-by-zero flaw was discovered in the snmpd daemon. A remote attacker could issue a specially-crafted GETBULK request that could crash the snmpd daemon. Updated packages are available from updates.redhat.com.

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, good quality GStreamer plug-ins. Multiple integer overflow flaws, that could lead to a buffer overflow, were found in the GStreamer Good Plug-ins PNG decoding handler. An attacker could create a specially-crafted PNG file that would cause an application using the GStreamer Good Plug-ins library to crash or, potentially, execute arbitrary code as the user running the application when parsed. Updated packages are available from updates.redhat.com.

The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. A flaw was found in the way ICU processed certain, invalid byte sequences during Unicode conversion. If an application used ICU to decode malformed, multibyte character data, it may have been possible to bypass certain content protection mechanisms, or display information in a manner misleading to the user. Updated packages are available from updates.redhat.com.

It was discovered that mahara, an electronic portfolio, weblog, and resume builder is prone to several cross-site scripting attacks, which allow an attacker to inject arbitrary HTML or script code and steal potential sensitive data from other users. Updated packages are available from security.debian.org.

Sam Hocevar discovered that amule, a client for the eD2k and Kad networks, does not properly sanitise the filename, when using the preview function. This could lead to the injection of arbitrary commands passed to the video player. Updated packages are available from security.debian.org.

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. It was discovered that the Cyrus SASL library (cyrus-sasl) does not always reliably terminate output from the sasl_encode64() function used by programs using this library. The Cyrus IMAP server (cyrus-imapd) relied on this function’s output being properly terminated. Under certain conditions, improperly terminated output from sasl_encode64() could, potentially, cause cyrus-imapd to crash, disclose portions of its memory, or lead to SASL authentication failures. Updated packages are available from updates.redhat.com.

Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. Among other issues, several issues in the browser engine have been discovered, which can result in the execution of arbitrary code. It is possible to execute arbitrary code via vectors involving “double frame construction.” Jesse Ruderman and Adam Hauner discovered a problem in the JavaScript engine, which could lead to the execution of arbitrary code. Pavel Cvrcek discovered a potential issue leading to a spoofing attack on the location bar related to certain invalid unicode characters. Gregory Fleischer discovered that it is possible to read arbitrary cookies via a crafted HTML document. Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. Updated packages are available from security.debian.org.

Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code. Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file. Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file. It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations. Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk. Pınar Yanardağ discovered that it is possible to execute arbitrary code when opening a crafted mmst link. Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file. Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header. Updated packages are available from security.debian.org.

Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to conduct cross-site scripting attacks. Updated packages are available from security.debian.org.

Michael Brooks discovered that ctorrent, a text-mode bittorrent client, does not verify the length of file paths in torrent files. An attacker can exploit this via a crafted torrent that contains a long file path to execute arbitrary code with the rights of the user opening the file. Updated packages are available from security.debian.org.

Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Multiple security flaws were discovered in Adobe Reader. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. Updated packages are available from updates.redhat.com.

The Apache HTTP Server is a popular Web server. An off-by-one overflow flaw was found in the way apr-util processed a variable list of arguments, which could potentially lead to the disclosure of sensitive information or a denial of service (application crash). A denial of service flaw was found in the apr-util Extensible Markup Language (XML) parser. A remote attacker could create a specially-crafted XML document that would cause excessive memory consumption when processed by the XML decoding engine. A heap-based underwrite flaw was found in the way apr-util created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine. Updated packages are available from updates.redhat.com.

apr-util is a utility library used with the Apache Portable Runtime (APR). An off-by-one overflow flaw was found in the way apr-util processed a variable list of arguments, which could potentially lead to the disclosure of sensitive information or a denial of service (application crash). A denial of service flaw was found in the apr-util Extensible Markup Language (XML) parser that would cause excessive memory consumption when processed by the XML decoding engine. A heap-based underwrite flaw was found in the way apr-util created compiled forms of particular search patterns. An attacker could formulate a specially-crafted search keyword, that would overwrite arbitrary heap memory locations when processed by the pattern preparation engine. Updated packages are available from updates.redhat.com.

The kernel packages contain the Linux kernel, the core of any Linux operating system. Several flaws were found in the way the Linux kernel CIFS implementation handles Unicode strings, possibly leading to a denial of service or privilege escalation on the client mounting the CIFS share. A flaw in the Linux kernel Network File System daemon (nfsd) implementation could possibly lead to an information leak or privilege escalation. Frank Filz reported the NFSv4 client was missing a file permission check for the execute bit in some situations, which could allow local, unprivileged users to run non-executable files on NFSv4 mounted file systems. A missing check was found in the hypervisor_callback() function, which could cause a denial of service of a Xen guest. A flaw was found in the AGPGART driver, which could possibly lead to an information leak. Updated packages are available from updates.redhat.com.

It was discovered that the Apache web server did not properly handle the “Options=” parameter to the AllowOverride directive, leading to a privilege escalation. Updated packages are available from security.debian.org.

The Mozilla Firefox browser was updated to version 3.0.11, fixing various security issues, including crashes with evidence of memory corruption, URL spoofing with invalid unicode characters, arbitrary domain cookie access by local file: resources, SSL tampering via non-200 responses to proxy CONNECT requests a race condition while accessing the private data of a NPObject JS wrapper class object, arbitrary code execution using event listeners attached to an element whose owner document is null, incorrect principal set for file: resources loaded via location bar, XUL scripts bypass content-policy checks, and a JavaScript chrome privilege escalation. Updated packages are available from download.opensuse.org.

This update of the Linux kernel for SUSE Linux Enterprise Server 9 SP4 contains various security-fixes. nfsd allows local users to create device nodes. A buffer overflow in CIFS allows remote attackers to cause a denial of service (crash) or potential code execution. The exit_notify function allows local users to send an arbitrary signal to a process. The shm subsystem misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang). An integer overflow in rose_sendmsg might allow attackers to obtain sensitive information. Updated packages are available from download.opensuse.org.

cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. Updated packages are available from updates.redhat.com.

cscope is a mature, ncurses-based, C source-code tree browsing tool. Multiple buffer overflow flaws were found in cscope. An attacker could create a specially crafted source code file that could cause cscope to crash or, possibly, execute arbitrary code when browsed with cscope. Updated packages are available from updates.redhat.com.

Wireshark is a program for monitoring network traffic. A format string flaw was found in Wireshark. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. Several denial of service flaws were found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. Updated packages are available from updates.redhat.com.

It was discovered that the Rasterbar Bittorrent library performed insufficient validation of path names specified in torrent files, which could lead to denial of service by overwriting files. Updated packages are available from security.debian.org.

Two vulnerabilities have been found in libsndfile, a library to read and write sampled audio data. Tobias Klein discovered that the VOC parsing routines suffer of a heap-based buffer overflow which can be triggered by an attacker via a crafted VOC header. The vendor discovered that the AIFF parsing routines suffer of a heap-based buffer overflow which can be triggered by an attacker via a crafted AIFF header. Updated packages are available from security.debian.org.

SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. A flaw was found in the processing of malformed, local file content. If a user loaded malicious, local content via the file:// URL, it was possible for that content to access other local data. Updated packages are available from updates.redhat.com.

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Multiple flaws were found in the processing of malformed, local file content. If a user loaded malicious, local content via the file:// URL, it was possible for that content to access other local data. A script, privilege elevation flaw was found in the way Firefox loaded XML User Interface Language (XUL) scripts. Firefox and certain add-ons could load malicious content when certain policy checks did not happen. A flaw was found in the way Firefox displayed certain Unicode characters in International Domain Names (IDN). If an IDN contained invalid characters, they may have been displayed as spaces, making it appear to the user that they were visiting a trusted site. A flaw was found in the way Firefox handled error responses returned from proxy servers. If an attacker is able to conduct a man-in-the-middle attack against a Firefox instance that is using a proxy server, they may be able to steal sensitive information from the site the user is visiting. Updated packages are available from updates.redhat.com.

mod_jk is an Apache Tomcat connector that allows Apache Tomcat and the Apache HTTP Server to communicate with each other. An information disclosure flaw was found in mod_jk. In certain situations, if a faulty client set the “Content-Length” header without providing data, or if a user sent repeated requests very quickly, one user may view a response intended for another user. Updated packages are available from updates.redhat.com.

This Linux kernel update for SUSE Linux Enterprise 11 and openSUSE 11.1 fixes some security issues, including a buffer overflow in CIFS, which allows remote attackers to cause a denial of service (crash) or potential code execution. The exit_notify function allows local users to send an arbitrary signal to a process. An integer overflow in rose_sendmsg might allow attackers to obtain sensitive information via a large length value. The VMX implementation in the KVM subsystem allows guest OS users to cause a denial of service (OOPS). The __inet6_check_established function allows remote attackers to cause a denial of service (NULL pointer dereference and system crash). The agp subsystem does not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages. Updated packages are available from download.opensuse.org.

This kernel update for openSUSE 11.0 fixes several security problems, including a buffer overflow in the Stream Control Transmission Protocol (sctp) implementation allows remote attackers to remotely execute code. The nfs_permission function in the NFS client implementation allows local users to bypass permissions and execute files. The audit_syscall_entry functionallows local users to bypass certain syscall audit configurations via crafted syscalls. nfsd did not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes. The seccomp subsystem allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod. A buffer overflow in CIFS allows remote attackers to cause a denial of service (crash) or potential code execution. The exit_notify function did not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process. The shm subsystem misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang). The VMX implementation in the KVM subsystem allows guest OS users to cause a denial of service (OOPS). Updated packages are available from download.opensuse.org.