Stefan Cornelius discovered that GIMP did not correctly handle certain malformed BMP files. If a user were tricked into opening a specially crafted BMP file, an attacker could execute arbitrary code with the user's privileges. (CVE-2009-1570) [More...]
Jeff Blaine, Radoslav Bodo, Jakob Haufe, and Jorgen Wahlsten discoveredthat the Kerberos Key Distribution Center service did not correctly verifycertain network traffic. An unauthenticated remote attacker could senda specially crafted request that would cause the KDC to crash, leadingto a denial of service. [More...]
Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, andDavid James discovered several flaws in the browser and JavaScript enginesof Firefox. If a user were tricked into viewing a malicious website, aremote attacker could cause a denial of service or possibly executearbitrary code with the privileges of the user invoking the program. [More...]
Jesse Ruderman, Josh Soref, Martijn Wargers, Jose Angel, Olli Pettay, andDavid James discovered several flaws in the browser and JavaScript enginesof Firefox. If a user were tricked into viewing a malicious website, aremote attacker could cause a denial of service or possibly executearbitrary code with the privileges of the user invoking the program. [More...]
Multiple insecure temporary file handling vulnerabilities were discoveredin Red Hat Cluster. A local attacker could exploit these to overwritearbitrary local files via symlinks. (CVE-2008-4192, CVE-2008-4579,CVE-2008-4580, CVE-2008-6552) [More...]
It was discovered that the KIO subsystem of KDE did not properly performinput validation when processing help:// URIs. If a user or KIO applicationprocessed a crafted help:// URI, an attacker could trigger JavaScriptexecution or access files via directory traversal. [More...]
A buffer overflow was found in the KDE libraries when converting a stringto a floating point number. If a user or application linked against kdelibswere tricked into processing crafted input, an attacker could cause adenial of service (via application crash) or possibly execute arbitrarycode with the privileges of the user invoking the program. (CVE-2009-0689) [More...]
Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL's safestring and bytea functions in its own escaping functions. As a result,applications written to use PyGreSQL's escaping functions are vulnerable toSQL injections when processing certain multi-byte character sequences.Because the safe functions require a database connection, to maintain [More...]
David Ford discovered that the IPv4 defragmentation routine did not correctly handle oversized packets. A remote attacker could send specially crafted traffic that would cause a system to crash, leading to a denial of service. (The fix was included in the earlier kernels from USN-864-1.) (CVE-2009-1298) [More...]
It was discovered that GRUB 2 did not properly validate passwords. Anattacker with physical access could conduct a brute force attack and bypassauthentication by submitting a 1 character password.
Robin Park and Dmitri Vinokurov discovered a logic error in ntpd. A remoteattacker could send a crafted NTP mode 7 packet with a spoofed IP addressof an affected server and cause a denial of service via CPU and diskresource consumption. [More...]
It was discovered that gnome-screensaver did not always re-enable itself after applications requested it to ignore idle timers. This may result in the screen not being automatically locked after the inactivity timeout is reached, permitting an attacker with physical access to gain access to an unlocked session. [More...]
Michael Sinatra discovered that Bind did not correctly validate certain records added to its cache. When DNSSEC validation is in use, a remote attacker could exploit this to spoof DNS entries and poison DNS caches. Among other things, this could lead to misdirected email and web traffic. [More...]
It was discovered that the AX.25 network subsystem did not correctlycheck integer signedness in certain setsockopt calls. A local attackercould exploit this to crash the system, leading to a denial of service.Ubuntu 9.10 was not affected. (CVE-2009-2909) [More...]
It was discovered that QEMU did not properly setup the virtio networkingfeatures available to its guests. A remote attacker could exploit this tocrash QEMU guests which use virtio networking on Linux kernels earlierthan 2.6.26. [More...]
Maksymilian Arciemowicz discovered that PHP did not properly validate arguments to the dba_replace function. If a script passed untrusted input to the dba_replace function, an attacker could truncate the database. This issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. (CVE-2008-7068) [More...]
It was discovered that libvorbis did not correctly handle ogg files with underpopulated Huffman trees. If a user were tricked into opening a specially crafted ogg file with an application that uses libvorbis, an attacker could cause a denial of service. (CVE-2008-2009) [More...]
Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3protocols. If an attacker could perform a man in the middle attack at thestart of a TLS connection, the attacker could inject arbitrary content atthe beginning of the user's session. The flaw is with TLS renegotiation andpotentially affects any software that supports this feature. Attacks [More...]
Dan Kaminsky discovered that SSL certificates signed with MD2 could bespoofed given enough time. As a result, an attacker could potentiallycreate a malicious trusted certificate to impersonate another site. Thisupdate handles this issue by completely disabling MD2 for certificatevalidation in OpenJDK. (CVE-2009-2409) [More...]
