Fedora Essential and Critical Security Patch Updates - Page 875
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Patch fixes a SQL injection and cross-site scripting flaw.
Exploitation could lead to denial of service or arbitrary code execution.
netlink_listen & netlink_receive_dump should both check the source of the packets by looking at nl_pid and ensuring that it is 0 before performing any reconfiguration of network interfaces.
This patch fixes three DoS vulns and a buffer overflow.
Among other bugs, this fixes a failure to use encryption when required.
Fixes an exploitable memory leak and escapable error-log output.
An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands.
A crafted ISAKMP header can cause racoon to crash.
An attacker could send malicious requests to a Subversion server and perform arbitrary execution of code.
An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client, such as cadaver.
Stefan Esser discovered a flaw in cvs where malformed "Entry" linescould cause a heap overflow.
An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory.
An updated utempter package that fixes a potential symlink vulnerability is now available.
Upon receiving specially crafted ISAKMP packets, TCPDUMP would try to read beyondthe end of the packet capture buffer and subsequently crash.
An attacker could create a carefully crafted link such that when opened by a victim it creates or overwrites a file in the victims home directory.
The client for CVS before 1.11.15 allows a remote malicious CVS server to create arbitrary files by using absolute pathnames during checkouts or updates.
Exploiting these bugs may allow remote malicious WebDAV servers to execute arbitrary code.
A cross-site scripting (XSS) vulnerability exists in the admin CGI script for Mailman before 2.1.4.
Ulf Härnhammar discovered two stack buffer overflows and two directory traversal flaws in LHA.
iproute 2.4.7 and earlier allows local users to cause a denial of service via spoofed messages as other users to the kernel netlink interface.