Section: .. / 0611-advisories /
| /// File Name: |
MDKSA-2006-198.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-198 - M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. The tga loader fails to bounds check input data to make sure the input data doesn't load outside the memory mapped region. The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn't cause a heap overflow of the pixel buffer. The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 7454 | | Related CVE(s): | CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809 | | Last Modified: | Nov 8 18:30:17 2006 |
| MD5 Checksum: | 3216de2651f9fec6521ba221af69fe1f |
|
| /// File Name: |
MDKSA-2006-199.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-199 - The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 versions 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3033 | | Related CVE(s): | CVE-2006-5397 | | Last Modified: | Nov 8 18:30:23 2006 |
| MD5 Checksum: | af32234a8b70118dc5e704a48350c11f |
|
| /// File Name: |
MDKSA-2006-200.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-200: A heap-based buffer overflow was discovered in librpm when the LANG or LC_ALL environment variable is set to ru_RU.UTF-8 (and possibly other locales), which could allow for user-assisted attackers to execute arbitrary code via crafted RPM packages.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 9501 | | Last Modified: | Nov 8 18:30:42 2006 |
| MD5 Checksum: | 813f70ae6a221d728b3368a58161b8a1 |
|
| /// File Name: |
MDKSA-2006-201.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-201 - Pam_ldap does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. This might lead to an attacker being able to login into a suspended system account.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3345 | | Related CVE(s): | CVE-2006-5170 | | Last Modified: | Nov 8 21:47:01 2006 |
| MD5 Checksum: | cc0d043ec3e7eadad6fc898762760f90 |
|
| /// File Name: |
MDKSA-2006-202.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-202 - Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord?, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file that produces (1) large LFO clfolvl values in the wvGetLFO_records function or (2) a large LFO nolfo value in the wvGetFLO_PLF function.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4442 | | Related CVE(s): | CVE-2006-4513 | | Last Modified: | Nov 8 21:47:44 2006 |
| MD5 Checksum: | 9327bef1f1b820d3045c101cf5dd8e08 |
|
| /// File Name: |
MDKSA-2006-203.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-203 - Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4925 | | Related CVE(s): | CVE-2006-4810 | | Last Modified: | Nov 8 22:19:01 2006 |
| MD5 Checksum: | 8b0a5af35b5a507348e95e3b1dd4eacc |
|
| /// File Name: |
MDKSA-2006-204.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-204 - A vulnerability in the privilege separation functionality in OpenSSH was discovered, caused by an incorrect checking for bad signatures in sshd's privsep monitor. As a result, the monitor and the unprivileged process can get out sync. The OpenSSH team indicated that this bug is not known to be exploitable in the absence of additional vulnerabilities.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 8002 | | Related CVE(s): | CVE-2006-5794 | | Last Modified: | Nov 8 22:24:28 2006 |
| MD5 Checksum: | 0138f4f4460696fdf58ec6352bd8eb52 |
|
| /// File Name: |
MDKSA-2006-207.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-207 - The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem. BIND uses RSA cryptography as part of its DNSSEC implementation.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 5948 | | Related CVE(s): | CVE-2006-4339 | | Last Modified: | Nov 16 11:32:32 2006 |
| MD5 Checksum: | 4104389466279b56bbe309055b3063c2 |
|
| /// File Name: |
MDKSA-2006-208-1.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-208-1 - An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4036 | | Related CVE(s): | CVE-2006-5779 | | Last Modified: | Nov 21 22:07:40 2006 |
| MD5 Checksum: | 14c7d1c0f256a254d7a72f446ac2239c |
|
| /// File Name: |
MDKSA-2006-208.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-208 - An unspecified vulnerability in OpenLDAP allows remote attackers to cause a denial of service (daemon crash) via a certain combination of SASL Bind requests that triggers an assertion failure in libldap.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 9400 | | Related CVE(s): | CVE-2006-5779 | | Last Modified: | Nov 16 11:33:14 2006 |
| MD5 Checksum: | f0c1c532227c9ff07f1e441a5d477e05 |
|
| /// File Name: |
MDKSA-2006-209.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-209 - A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6134 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:41:02 2006 |
| MD5 Checksum: | f2310ca5d9d2326387d2498c4aebc1e1 |
|
| /// File Name: |
MDKSA-2006-210.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-210 - SYSLINUX is a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3443 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:43:05 2006 |
| MD5 Checksum: | a336fddb70e34c79a3e8c1ab3b1e7554 |
|
| /// File Name: |
MDKSA-2006-211.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-211 - PXELINUX is a PXE bootloader. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3821 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:43:39 2006 |
| MD5 Checksum: | 8b08f4bc0d0efcb8a331c409f64a8f1c |
|
| /// File Name: |
MDKSA-2006-212.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-212 - Doxygen is a documentation system for C, C++ and IDL. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4764 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:44:10 2006 |
| MD5 Checksum: | 4fd21ed25923ab000212c01519728690 |
|
| /// File Name: |
MDKSA-2006-213.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-213 - Chromium is an OpenGL-based shoot them up game with fine graphics. It is built with a private copy of libpng, and as such could be susceptible to some of the same vulnerabilities. A buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing," possibly involving the "chunk_name". Tavis Ormandy, of the Gentoo Linux Security Auditing Team, discovered a typo in png_set_sPLT() that may cause an application using libpng to read out of bounds, resulting in a crash.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 4091 | | Related CVE(s): | CVE-2006-3334, CVE-2006-5793 | | Last Modified: | Nov 17 20:44:43 2006 |
| MD5 Checksum: | d1947a6ece50166d6946a3ac95a2dd84 |
|
| /// File Name: |
MDKSA-2006-214.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-214 - A stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3816 | | Related CVE(s): | CVE-2006-5864 | | Last Modified: | Nov 18 20:49:04 2006 |
| MD5 Checksum: | 83fa75f6fcedca8e0d31f44235d84294 |
|
| /// File Name: |
MDKSA-2006-215.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-215 - Steve Grubb discovered that netlink messages were not being checked for their sender identity. This could lead to local users manipulating the Avahi service.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6228 | | Related CVE(s): | CVE-2006-5461 | | Last Modified: | Nov 21 02:21:29 2006 |
| MD5 Checksum: | c5f6a049bbdb14335790a2c3013c45e1 |
|
| /// File Name: |
MDKSA-2006-216.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-216 - The links web browser with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3966 | | Related CVE(s): | CVE-2006-5925 | | Last Modified: | Nov 21 02:22:10 2006 |
| MD5 Checksum: | c128af5e7141ecf08f821f8a39d76113 |
|
| /// File Name: |
MDKSA-2006-217.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-217 - As disclosed by an exploit (vd_proftpd.pm) and a related vendor bugfix, a Denial of Service (DoS) vulnerability exists in the FTP server ProFTPD, up to and including version 1.3.0. The flaw is due to both a potential bus error and a definitive buffer overflow in the code which determines the FTP command buffer size limit. The vulnerability can be exploited only if the "CommandBufferSize" directive is explicitly used in the server configuration, which is not the case in the default configuration of ProFTPD.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 9874 | | Related CVE(s): | CVE-2006-5815 | | Last Modified: | Nov 21 02:23:22 2006 |
| MD5 Checksum: | 8652a3ed074725a49c55500766ce638e |
|
| /// File Name: |
MDKSA-2006-218.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-218-1 - An off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2467 | | Related CVE(s): | CVE-2006-5989 | | Last Modified: | Nov 26 21:43:34 2006 |
| MD5 Checksum: | e05fff3c295a6d10cc76b0fc34ba2607 |
|
| /// File Name: |
MDKSA-2006-219.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-219-1 - GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3939 | | Related CVE(s): | CVE-2006-6097, CVE-2002-1216 | | Last Modified: | Nov 30 19:43:41 2006 |
| MD5 Checksum: | fc6c7979ea68386eb384cec8b81642e2 |
|
| /// File Name: |
MHL-2006-004.txt |
Description:
|
Mayhemic Labs Public Advisory MHL-2006-004 - MBoard does not check the Post ID for malicious data when replying, allowing an attacker to create blank files on the system wherever the web server has write access. Versions 1.22 and below are affected.
| | Author: | Mayhemic Labs Security | | Homepage: | http://www.mayhemiclabs.com/ | | File Size: | 1742 | | Last Modified: | Nov 29 11:21:53 2006 |
| MD5 Checksum: | 3e0d5f7e7a78b8175c6157c4ba767472 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
