Moritz Jodeit discovered that the DirectShow loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
It was discovered that Ekiga had format string vulnerabilities beyond those fixed in USN-426-1. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.
Moritz Jodeit discovered that the DMO loader of Xine did not correctly validate the size of an allocated buffer. By tricking a user into opening a specially crafted media file, an attacker could execute arbitrary code with the user's privileges.
USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem.
Gerardo Richarte from Core Security Technologies discovered that when gnupg is used without --status-fd, there is no way to distinguish initial unsigned messages from a following signed message.
The SSLv2 protocol support in the NSS library did not sufficiently check the validity of public keys presented with a SSL certificate. A malicious SSL web site using SSLv2 could potentially exploit this to execute arbitrary code with the user's privileges. (CVE-2007-0008) The SSLv2 protocol support in the NSS library did not sufficiently
verify the validity of client master keys presented in an SSL client certificate. A remote attacker could exploit this to execute arbitrary code in a server application that uses the NSS library.
Miles Egan discovered that mod_python, when used in output filter mode, did not handle output larger than 16384 bytes, and would display freed memory, possibly disclosing private data. Thanks to Jim Garrison of the Software Freedom Law Center for identifying the original bug as a security vulnerability.
USN-428-1 fixed vulnerabilities in Firefox 1.5. However, changes to
library paths caused applications depending on libnss3 to fail to start
up. This update fixes the problem.
USN-416-1 fixed various vulnerabilities in the Linux kernel. Unfortunately that update caused the 'nvidia-glx-config' script to not
work any more. The new version fixes the problem. We apologize for the inconvenience.
Mikhail Markin reported that enigmail incorrectly handled memory allocations for certain large encrypted attachments. This caused Thunderbird to crash and thus caused the entire message to be inaccessible.
Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges.
A flaw was discovered in the permission checking code of slocate. When reporting matching files, locate would not correctly respect the parent directory's "read" bits. This could result in filenames being displayed when the file owner had expected them to remain hidden from other system users.
Multiple buffer overflows have been discovered in various PHP modules. If a PHP application processes untrusted data with functions of the session or zip module, or various string functions, a remote attacker could exploit this to execute arbitrary code with the privileges of the web server.
A flaw was discovered in MoinMoin's debug reporting sanitizer which could lead to a cross-site scripting attack. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted.
Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released in USN-372-1, did not correctly solve the original flaw in PALM image handling. By tricking a user into processing a specially crafted image with an application that uses imagemagick, an attacker could execute arbitrary code with the user's privileges.
USN-417-2 fixed a severe regression in the PostgreSQL server that was introduced in USN-417-1 and caused some valid queries to be aborted with a type error. This update fixes a similar (but much less prominent) error. At the same time, PostgreSQL is updated to version 8.1.8, which fixes a range of important bugs.
A flaw was discovered in MoinMoin's page name sanitizer which could lead to a cross-site scripting attack. By tricking a user into viewing a crafted MoinMoin page, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted.
USN-417-1 fixed several vulnerabilities in the PostgreSQL server. Unfortunately this update had a regression that caused some valid queries to be aborted with a type error. This update corrects that problem. We apologize for the inconvenience.
