Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remoteattacker could send a crafted NTP mode 7 packet with a spoofed IP addressof an affected server and cause a denial of service via CPU and diskresource consumption. [More...]
It was discovered that gnome-screensaver did not always re-enable itself after applications requested it to ignore idle timers. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session. [More...]
Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. [More...]
It was discovered that the AX.25 network subsystem did not correctlycheck integer signedness in certain setsockopt calls. A local attackercould exploit this to crash the system, leading to a denial of service.Ubuntu 9.10 was not affected. (CVE-2009-2909) [More...]
It was discovered that QEMU did not properly setup the virtio networkingfeatures available to its guests. A remote attacker could exploit this tocrash QEMU guests which use virtio networking on Linux kernels earlierthan 2.6.26. [More...]
Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. (CVE-2008-7068) [More...]
It was discovered that libvorbis did not correctly handle ogg files with underpopulated Huffman trees. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service. (CVE-2008-2009) [More...]
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3protocols. If an attacker could perform a man in the middle attack at thestart of a TLS connection, the attacker could inject arbitrary content atthe beginning of the user's session. The flaw is with TLS renegotiation andpotentially affects any software that supports this feature. Attacks [More...]
Dan Kaminsky discovered that SSL certificates signed with MD2 could bespoofed given enough time. As a result, an attacker could potentiallycreate a malicious trusted certificate to impersonate another site. Thisupdate handles this issue by completely disabling MD2 for certificatevalidation in OpenJDK. (CVE-2009-2409) [More...]
It was discovered that OpenLDAP did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. [More...]
USN-853-1 fixed vulnerabilities in Firefox and Xulrunner. The upstream changes introduced regressions that could lead to crashes when processing certain malformed GIF images, fonts and web pages. This update fixes the problem. [More...]
It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) [More...]
Aaron Sigel discovered that the CUPS web interface incorrectly protected against cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. If an authenticated user were tricked into visiting a malicious website while logged into CUPS, a remote attacker could modify the CUPS configuration and possibly steal confidential data. [More...]
Mark Martinec discovered that HTML::Parser incorrectly handled strings with incomplete entities. An attacker could send specially crafted input to applications that use HTML::Parser and cause a denial of service. [More...]
Tomas Hoger discovered that the GD library did not properly handle the number of colors in certain malformed GD images. If a user or automated system were tricked into processing a specially crafted GD image, an attacker could cause a denial of service or possibly execute arbitrary code. (CVE-2009-3546) [More...]
Alin Rad Pop discovered a heap-based buffer overflow in Firefox when itconverted strings to floating point numbers. If a user were tricked intoviewing a malicious website, a remote attacker could cause a denial of serviceor possibly execute arbitrary code with the privileges of the user invoking theprogram. (CVE-2009-1563) [More...]
USN-850-1 fixed vulnerabilities in poppler. The security fix for CVE-2009-3605 introduced a regression that would cause certain applications, such as Okular, to segfault when opening certain PDF files. [More...]
Solar Designer discovered that the z90crypt driver did not correctly check capabilities. A local attacker could exploit this to shut down the device, leading to a denial of service. Only affected Ubuntu 6.06. (CVE-2009-1883) [More...]
Teemu Salmela discovered that Elinks did not properly validate input whenprocessing smb:// URLs. If a user were tricked into viewing a maliciouswebsite and had smbclient installed, a remote attacker could executearbitrary code with the privileges of the user invoking the program.(CVE-2006-5925) [More...]
