Ubuntu Essential and Critical Security Patch Updates - Page 361
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that poppler contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. [More...]
Tobias Klein discovered a heap-based buffer overflow in libsndfile. If auser or automated system processed a crafted VOC file, an attacker couldcause a denial of service via application crash, or possibly executearbitrary code with the privileges of the user invoking the program.(CVE-2009-1788) [More...]
It was discovered that the Zope Object Database (ZODB) database server (ZEO) improperly filtered certain commands when a database is shared among multiple applications or application instances. A remote attacker could send malicious commands to the server and execute arbitrary code. (CVE-2009-0668) [More...]
USN-847-1 fixed vulnerabilities in devscripts. This update provides thecorresponding updates for Ubuntu 6.06 LTS.
Raphael Geissert discovered that uscan, a part of devscripts, did notproperly sanitize its input when processing pathnames. If uscan processed acrafted filename for a file on a remote server, an attacker could executearbitrary code with the privileges of the user invoking the program. [More...]
It was discovered that ICU did not properly handle invalid byte sequencesduring Unicode conversion. If an application using ICU processed crafteddata, content security mechanisms could be bypassed, potentially leading tocross-site scripting (XSS) attacks. [More...]
Pavel Polischouk discovered that Pan incorrectly handled certain data structures. If a user were tricked into viewing malicious nntp data, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. [More...]
Chris Evans discovered that mimeTeX incorrectly handled certain long tags. An attacker could exploit this with a crafted mimeTeX expression and cause a denial of service or possibly execute arbitrary code. (CVE-2009-1382) [More...]
It was discovered that BackupPC did not restrict normal users from setting the ClientNameAlias parameter. An authenticated user could exploit this to gain access to unauthorized hosts. This update fixed the issue by preventing normal users from modifying the ClientNameAlias configuration parameter. [More...]
It was discovered that Wget did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. [More...]
Arand Nash discovered that applications linked to GLib (e.g. Nautilus)did not correctly copy symlinks. If a user copied symlinks with GLib,the symlink target files would become world-writable, allowing localattackers to gain access to potentially sensitive information. [More...]
Dyon Balding discovered flaws in the way OpenOffice.org handled tables. Ifa user were tricked into opening a specially crafted Word document, aremote attacker might be able to execute arbitrary code with userprivileges. (CVE-2009-0200, CVE-2009-0201) [More...]
J. David Hester discovered that Samba incorrectly handled users that lack home directories when the automated [homes] share is enabled. An authenticated user could connect to that share name and gain access to the whole filesystem. (CVE-2009-2813) [More...]
It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights. An attacker could exploit this flaw to access the Dovecot server, bypassing the indended access restrictions. This only affected Ubuntu 8.04 LTS. (CVE-2008-4577) [More...]
Miroslav Lichvar discovered that Newt incorrectly handled rendering in a text box. An attacker could exploit this and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. [More...]
It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) [More...]
Joe Orton discovered that neon did not correctly handle SSL certificateswith zero bytes in the Common Name. A remote attacker could exploit thisto perform a man in the middle attack to view sensitive information oralter encrypted communications. [More...]
It was discovered that PostgreSQL could be made to unload and reload analready loaded module by using the LOAD command. A remote authenticatedattacker could exploit this to cause a denial of service. This issue didnot affect Ubuntu 6.06 LTS. (CVE-2009-3229) [More...]
It was discovered that KDE did not properly handle certificates with NULLcharacters in the Subject Alternative Name field of X.509 certificates. Anattacker could exploit this to perform a man in the middle attack to viewsensitive information or alter encrypted communications. [More...]
It was discovered that FreeRADIUS did not correctly handle certain malformed attributes. A remote attacker could exploit this flaw and cause the FreeRADIUS server to crash, resulting in a denial of service. [More...]