Ubuntu Essential and Critical Security Patch Updates - Page 366
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
It was discovered that the QT demuxer in xine-lib did not correctly handle a large count value in an STTS atom, resulting in a heap-based buffer overflow. If a user or automated system were tricked into opening a specially crafted MOV file, an attacker could execute arbitrary code as the user invoking the program. (CVE-2009-1274) [More...]
It was discovered that PHP did not sanitize certain error messages when display_errors is enabled, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could [More...]
Sebastian Krahmer discovered that udev did not correctly validate netlinkmessage senders. A local attacker could send specially crafted messagesto udev in order to gain root privileges. (CVE-2009-1185) [More...]
It was discovered that Ghostscript contained a buffer underflow in its CCITTFax decoding filter. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2007-6725) [More...]
It was discovered that ClamAV did not properly verify buffers whenprocessing Upack files. A remote attacker could send a crafted file andcause a denial of service via application crash.
Multiple flaws were discovered in the Kerberos GSS-API and ASN.1 routinesthat did not correctly handle certain requests. An unauthenticated remoteattacker could send specially crafted traffic to crash services usingthe Kerberos library, leading to a denial of service. [More...]
It was discovered that ClamAV did not properly verify its input whenprocessing TAR archives. A remote attacker could send a specially craftedTAR file and cause a denial of service via infinite loop.
NFS did not correctly handle races between fcntl and interrupts. A localattacker on an NFS mount could consume unlimited kernel memory, leading toa denial of service. (CVE-2008-4307)
It was discovered that PostgreSQL did not properly handle encoding conversion failures. An attacker could exploit this by sending specially crafted requests to PostgreSQL, leading to a denial of service. [More...]
NFS did not correctly handle races between fcntl and interrupts. A localattacker on an NFS mount could consume unlimited kernel memory, leading toa denial of service. Ubuntu 8.10 was not affected. (CVE-2008-4307) [More...]
It was discovered that OpenSSL did not properly validate the length of anencoded BMPString or UniversalString when printing ASN.1 strings. If a useror automated system were tricked into processing a crafted certificate, anattacker could cause a denial of service via application crash inapplications linked against OpenSSL. [More...]
It was discovered that libsndfile did not correctly handle description chunks in CAF audio files. If a user or automated system were tricked into opening a specially crafted CAF audio file, an attacker could execute arbitrary code with the privileges of the user invoking the program. [More...]
It was discovered that Firefox did not properly perform XUL garbagecollection. If a user were tricked into viewing a malicious website, aremote attacker could cause a denial of service or execute arbitrary codewith the privileges of the user invoking the program. This issue onlyaffected Ubuntu 8.04 LTS and 8.10. (CVE-2009-1044) [More...]
It was discovered that font creation could leak temporary files.If a user were tricked into loading a malicious program or applet,a remote attacker could consume disk space, leading to a denial ofservice. (CVE-2006-2426, CVE-2009-1100) [More...]
It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed. [More...]
It was discovered that the 4xm demuxer in xine-lib did not correctly handle a large current_track value in a 4xm file, resulting in an integer overflow. If a user or automated system were tricked into opening a specially crafted 4xm movie file, an attacker could crash xine-lib or possibly execute arbitrary code with the privileges of the user invoking [More...]
Chris Evans discovered that LittleCMS did not properly handle certain error conditions, resulting in a large memory leak. If a user or automated system were tricked into processing an image with malicious ICC tags, a remote attacker could cause a denial of service. (CVE-2009-0581) [More...]
It was discovered that Ghostscript contained multiple integer overflows in its ICC color management library. If a user or automated system were tricked into opening a crafted Postscript file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0583) [More...]
Several flaws were discovered in the browser engine. If Javascript wereenabled, an attacker could exploit these flaws to crash Thunderbird andpossibly execute arbitrary code with user privileges. (CVE-2009-0352) [More...]
It was discovered that JasPer did not correctly handle memory allocation when parsing certain malformed JPEG2000 images. If a user were tricked into opening a specially crafted image with an application that uses libjasper, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges. (CVE-2008-3520) [More...]