Ubuntu Essential and Critical Security Patch Updates - Page 364
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
Yuriy Kaminskiy discovered that Pidgin did not properly handle certain messages in the ICQ protocol handler. A remote attacker could send a specially crafted message and cause Pidgin to crash.
It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server. [More...]
It was discovered that the Compress::Raw::Zlib Perl module incorrectly handled certain zlib compressed streams. If a user or automated system were tricked into processing a specially crafted compressed stream or file, a remote attacker could crash the application, leading to a denial of service. [More...]
Igor Zhbanov discovered that NFS clients were able to create device nodeseven when root_squash was enabled. An authenticated remote attackercould create device nodes with open permissions, leading to a loss ofprivacy or escalation of privileges. Only Ubuntu 8.10 and 9.04 wereaffected. (CVE-2009-1072) [More...]
Several flaws were discovered in the JavaScript engine of Thunderbird. If auser had JavaScript enabled and were tricked into viewing malicious webcontent, a remote attacker could cause a denial of service or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. (CVE-2009-1303, CVE-2009-1305, CVE-2009-1392, CVE-2009-1833, [More...]
It was discovered that OpenSSL did not limit the number of DTLS records it would buffer when they arrived with a future epoch. A remote attacker could cause a denial of service via memory resource consumption by sending a large number of crafted requests. (CVE-2009-1377) [More...]
It was discovered that Smarty did not correctly filter certain mathinputs. A remote attacker using Smarty via a web service could exploitthis to execute subsets of shell commands as the web server user. [More...]
Christian Eibl discovered that the TeX filter in Moodle allowed anyfunction to be used. An authenticated remote attacker could posta specially crafted TeX formula to execute arbitrary TeX functions,potentially reading any file accessible to the web server user, leadingto a loss of privacy. (CVE-2009-1171, MSA-09-0009) [More...]
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215) [More...]
James Ralston discovered that the Cyrus SASL base64 encoding functioncould be used unsafely. If a remote attacker sent a specially craftedrequest to a service that used SASL, it could lead to a loss of privacy,or crash the application, resulting in a denial of service. [More...]
Tielei Wang discovered that GStreamer Good Plugins did not correctly handle malformed PNG image files. If a user were tricked into opening a crafted PNG image file with a GStreamer application, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. [More...]
Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. (CVE-2008-5515) [More...]
Several flaws were discovered in the browser and JavaScript engines ofFirefox. If a user were tricked into viewing a malicious website, a remoteattacker could cause a denial of service or possibly execute arbitrary codewith the privileges of the user invoking the program. (CVE-2009-1392,CVE-2009-1832, CVE-2009-1833, CVE-2009-1837, CVE-2009-1838) [More...]
Matthew Palmer discovered an underflow flaw in apr-util as included inApache. An attacker could cause a denial of service via application crashin Apache using a crafted SVNMasterURI directive, .htaccess file, or whenusing mod_apreq2. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-0023) [More...]
Matthew Palmer discovered an underflow flaw in apr-util. An attacker couldcause a denial of service via application crash in Apache using a craftedSVNMasterURI directive, .htaccess file, or when using mod_apreq2.Applications using libapreq2 are also affected. (CVE-2009-0023) [More...]
USN-775-1 fixed vulnerabilities in Quagga. The preventative fixesintroduced in Quagga prior to Ubuntu 9.04 could result in BGP servicefailures. This update fixes the problem.
It was discovered that ipsec-tools did not properly handle certain fragmented packets. A remote attacker could send specially crafted packets to the server and cause a denial of service. (CVE-2009-1574) [More...]
It was discovered that ImageMagick did not properly verify the dimensionsof TIFF files. If a user or automated system were tricked into opening acrafted TIFF file, an attacker could cause a denial of service or possiblyexecute arbitrary code with the privileges of the user invoking theprogram. [More...]
Chris Jones discovered that the eCryptfs support utilities wouldreport the mount passphrase into installation logs when an eCryptfshome directory was selected during Ubuntu installation. The logs areonly readable by the root user, but this still left the mount passphraseunencrypted on disk, potentially leading to a loss of privacy. [More...]
It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code with user privileges. (CVE-2009-1373) [More...]