[SECURITY] [DSA 1831-1] New djbdns packages fix privilege escalation

2009-07-13 Thread Thijs Kinkhorst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1831-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst July 13, 2009

[SECURITY] [DSA 1832-1] New camlimages packages fix arbitrary code execution

2009-07-13 Thread Thijs Kinkhorst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1832-1 secur...@debian.org http://www.debian.org/security/ Thijs Kinkhorst July 13, 2009

[ MDVSA-2009:150 ] libtiff

2009-07-13 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2009:150 http://www.mandriva.com/security/

[USN-802-1] Apache vulnerabilities

2009-07-13 Thread Marc Deslauriers
=== Ubuntu Security Notice USN-802-1 July 13, 2009 apache2 vulnerabilities CVE-2009-1890, CVE-2009-1891 === A security issue affects the following Ubuntu releases: Ubuntu 6

[USN-801-1] tiff vulnerability

2009-07-13 Thread Marc Deslauriers
=== Ubuntu Security Notice USN-801-1 July 13, 2009 tiff vulnerability CVE-2009-2347 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04

[USN-799-1] D-Bus vulnerability

2009-07-13 Thread Marc Deslauriers
=== Ubuntu Security Notice USN-799-1 July 13, 2009 dbus vulnerability CVE-2009-1189 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04

[USN-800-1] irssi vulnerability

2009-07-13 Thread Jamie Strandboge
=== Ubuntu Security Notice USN-800-1 July 13, 2009 irssi vulnerability CVE-2009-1959 === A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04

[security bulletin] HPSBGN02446 SSRT090111 rev.1 - HP ProCurve Threat Management Services zl Module (J9155A), Remote Unauthorized Access, Denial of Service (DoS)

2009-07-13 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01803910 Version: 1 HPSBGN02446 SSRT090111 rev.1 - HP ProCurve Threat Management Services zl Module (J9155A), Remote Unauthorized Access, Denial of Service (DoS) NOTICE: The information in thi

[oCERT-2009-012] libtiff tools integer overflows

2009-07-13 Thread Andrea Barisani
#2009-012 libtiff tools integer overflows Description: The libtiff image library tools suffer from integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The libtiff package ships a library, for reading and writing TIFF, as well as a

Re: Update: [TZO-26-2009] Firefox (all?) Denial of Service through unclamped loop (SVG)

2009-07-13 Thread Neil Dickey
>Update: >--- >Patch was ineffective, Length2 was fixed and both >SVGNumber and SVGNumber2, but no SVGLength. > >Affected products : >- All firefox versions below 3.5 If this bug includes version 3.5, there is a workaround: Set your cache size to zero until an effective patch is published.

[ GLSA 200907-11 ] GStreamer plug-ins: User-assisted execution of arbitrary code

2009-07-13 Thread Robert Buchholz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass

2009-07-13 Thread ddivulnalert
Title - DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass Severity Medium Date Discovered --- May 12, 2009 Discovered By - Digital Defense, Inc. Vulnerability Research Team Credit: Geoff Humes and r...@b13$ Vulnerability Descriptio

[ GLSA 200907-10 ] Syslog-ng: Chroot escape

2009-07-13 Thread Robert Buchholz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[ GLSA 200907-09 ] Cyrus-SASL: Execution of arbitrary code

2009-07-13 Thread Robert Buchholz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[ GLSA 200907-08 ] Multiple Ralink wireless drivers: Execution of arbitrary code

2009-07-13 Thread Robert Buchholz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[ GLSA 200907-07 ] ModPlug: User-assisted execution of arbitrary code

2009-07-13 Thread Robert Buchholz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[ GLSA 200907-06 ] Adobe Reader: User-assisted execution of arbitrary code

2009-07-13 Thread Robert Buchholz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[ GLSA 200907-05 ] git: git-daemon Denial of Service

2009-07-13 Thread Robert Buchholz
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

[ GLSA 200907-04 ] Apache: Multiple vulnerabilities

2009-07-13 Thread Alex Legler
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200907-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - -

VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl

2009-07-13 Thread VMware Security team
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --- VMware Security Advisory Advisory ID: VMSA-2009-0009 Synopsis: ESX Service Console updates for udev, sudo, and curl Issue date:2009-07-

[SECURITY] [DSA 1830-1] New icedove packages fix several vulnerabilities

2009-07-13 Thread Steffen Joeris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1830-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris July 12, 2009

[SECURITY] [DSA 1753-2] End-of-life announcement for icedove in oldstable

2009-07-13 Thread Steffen Joeris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1753-2 secur...@debian.org http://www.debian.org/security/ Steffen Joeris July 12, 2009

[SECURITY] [DSA 1829-1] New sork-passwd-h3 packages fix cross-site scripting

2009-07-13 Thread Steffen Joeris
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1829-1 secur...@debian.org http://www.debian.org/security/ Steffen Joeris July 11, 2009