From sec-adv at secunia.com Mon Mar 1 10:26:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Mar 2010 19:26:15 +0100 Subject: [SEC] [SA38744] IBM Lotus Domino Web Access 6 ActiveX Control Buffer Overflow Message-ID: <201003011826.o21IQFlK008620@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: IBM Lotus Domino Web Access 6 ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA38744 VERIFY ADVISORY: http://secunia.com/advisories/38744/ DESCRIPTION: A vulnerability has been reported in IBM Lotus Domino Web Access, which can be exploited by malicious people to compromise a user's system. For more information: SA38681 SOLUTION: Set the kill-bit for the affected ActiveX controls. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21421808 OTHER REFERENCES: SA38681: http://secunia.com/advisories/38681/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 11:26:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Mar 2010 20:26:15 +0100 Subject: [SEC] [SA38790] DeDeCMS Authentication Security Bypass Message-ID: <201003011926.o21JQFTD030336@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: DeDeCMS Authentication Security Bypass SECUNIA ADVISORY ID: SA38790 VERIFY ADVISORY: http://secunia.com/advisories/38790/ DESCRIPTION: Wolves Security Team has discovered a vulnerability in DeDeCMS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism in include/userlogin.class.php, which can be exploited to bypass the authentication mechanism by setting the "_SESSION[dede_admin_id]" parameter to "1". Successful exploitation requires that "session.auto_start" is enabled. The vulnerability is confirmed in version 5.5 GBK. Other versions may also be affected. SOLUTION: Restrict access to the "dede" directory (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Wolves Security Team ORIGINAL ADVISORY: http://bbs.wolvez.org/topic/125/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 12:26:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Mar 2010 21:26:19 +0100 Subject: [SEC] [SA38681] IBM Lotus Domino Web Access / iNotes ActiveX Control Buffer Overflow Message-ID: <201003012026.o21KQJXu019638@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: IBM Lotus Domino Web Access / iNotes ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA38681 VERIFY ADVISORY: http://secunia.com/advisories/38681/ DESCRIPTION: A vulnerability has been reported in IBM Lotus Domino Web Access / iNotes, which can be exploited by malicious people to compromise a user's system. An unspecified error in the Domino Web Access ActiveX control can be exploited to cause a buffer overflow when a user e.g. visits a specially crafted web page. Successful exploitation may allow execution of arbitrary code, but requires that the Lotus iNotes feature is enabled and that a user has used the iNotes client at least once to have the ActiveX control installed and initialised. SOLUTION: Update to version 7.0.4 or upgrade to version 8.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits iDefense Labs. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg21421808 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 13:26:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Mar 2010 22:26:15 +0100 Subject: [SEC] [SA38760] Baykus Yemek Tarifleri Scripti SQL Injection Vulnerabilities Message-ID: <201003012126.o21LQFsR008940@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Baykus Yemek Tarifleri Scripti SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA38760 VERIFY ADVISORY: http://secunia.com/advisories/38760/ DESCRIPTION: Some vulnerabilities have been discovered in Baykus Yemek Tarifleri Scripti, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed to the "id" parameter in oku.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the "ad" and "pass" parameters in Admin/logpost.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing the authentication mechanism. The vulnerabilities are confirmed in version 2.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: cr4wl3r ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 14:20:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Mar 2010 23:20:13 +0100 Subject: [SEC] [SA38755] IBM Lotus Domino Web Access Multiple Vulnerabilities Message-ID: <201003012220.o21MKDV1030522@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: IBM Lotus Domino Web Access Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38755 VERIFY ADVISORY: http://secunia.com/advisories/38755/ DESCRIPTION: Some vulnerabilities have been reported in IBM Lotus Domino Web Access, where some have an unknown impact and others can potentially be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks or to compromise a user's system. 1) An unspecified error exists in the iNotes ActiveX control. For more information: SA38681 2) An error related to "Get Filter" and "Referer Check" can potentially be exploited to conduct cross-site scripting or cross-site request forgery attacks. 3) Unspecified vulnerabilities exist related to "Ultralite". No further information is currently available. SOLUTION: Apply cumulative Hotfix 229.281 for Domino 8.0.2FP4. PROVIDED AND/OR DISCOVERED BY: 2, 3) Reported by the vendor. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=swg27018109 OTHER REFERENCES: SA38681 http://secunia.com/advisories/38681/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 14:41:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Mar 2010 23:41:20 +0100 Subject: [SEC] [SA38780] Joomla YaNC Component "listid" SQL Injection Vulnerability Message-ID: <201003012241.o21MfK8N018280@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Joomla YaNC Component "listid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38780 VERIFY ADVISORY: http://secunia.com/advisories/38780/ DESCRIPTION: A vulnerability has been reported in the YaNC component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "listid" parameter to index.php (when "option" is set to "com_yanc") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: His0k4 ORIGINAL ADVISORY: http://packetstormsecurity.org/0806-exploits/joomlayanc-sql.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 14:53:13 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 1 Mar 2010 23:53:13 +0100 Subject: [SEC] [SA38724] FtpDisc FTP "GET" Buffer Overflow Vulnerability Message-ID: <201003012253.o21MrDBq005688@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: FtpDisc FTP "GET" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA38724 VERIFY ADVISORY: http://secunia.com/advisories/38724/ DESCRIPTION: A vulnerability has been reported in FtpDisc, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise the application. The vulnerability is caused due to a boundary error when processing certain FTP commands, which can be exploited to cause a stack-based buffer overflow by e.g. sending an FTP "GET" request with an overly long file name parameter. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Ale46 ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/11552 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 15:06:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 00:06:12 +0100 Subject: [SEC] [SA38767] ScriptsFeed Dating Software "txtgender" and "txtlookgender" SQL Injection Vulnerabilities Message-ID: <201003012306.o21N6ClX025550@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: ScriptsFeed Dating Software "txtgender" and "txtlookgender" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA38767 VERIFY ADVISORY: http://secunia.com/advisories/38767/ DESCRIPTION: Some vulnerabilities have been reported in ScriptsFeed Dating Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "txtgender" and "txtlookgender" parameters in searchmatch.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Crux ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 15:20:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 00:20:09 +0100 Subject: [SEC] [SA38771] ScriptsFeed Business Directory Software "us" and "ps" SQL Injection Vulnerabilities Message-ID: <201003012320.o21NK9Dk013037@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: ScriptsFeed Business Directory Software "us" and "ps" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA38771 VERIFY ADVISORY: http://secunia.com/advisories/38771/ DESCRIPTION: Some vulnerabilities have been reported in ScriptsFeed Business Directory Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "us" and "ps" parameters in login.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Crux ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 15:42:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 00:42:18 +0100 Subject: [SEC] [SA38810] Debian update for linux-2.6.24 Message-ID: <201003012342.o21NgIGd000783@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Debian update for linux-2.6.24 SECUNIA ADVISORY ID: SA38810 VERIFY ADVISORY: http://secunia.com/advisories/38810/ DESCRIPTION: Debian has issued an update for linux-2.6.24. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges, and by malicious people to cause a DoS. For more information: SA32320 SA35265 SA36265 SA37435 SA37590 SA37658 SA38133 SA38229 SA38317 SA38502 SOLUTION: Apply updated packages. -- Debian GNU/Linux 4.0 alias etch -- Source archives: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch3.dsc Size/MD5 checksum: 5118 e05bb21e7655cbfa39aed8d4fd6842eb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.9etch3.diff.gz Size/MD5 checksum: 4099250 127bad8d653046d37fc52115d4e3a332 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24.orig.tar.gz Size/MD5 checksum: 59630522 6b8751d1eb8e71498ba74bbd346343af Architecture independent packages: http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-doc-2.6.24_2.6.24-6~etchnhalf.9etch3_all.deb Size/MD5 checksum: 4263554 6c56ff077d17eba766af47544ce0f414 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-tree-2.6.24_2.6.24-6~etchnhalf.9etch3_all.deb Size/MD5 checksum: 83890 62cfd18ed176359831502e70d80b291a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-source-2.6.24_2.6.24-6~etchnhalf.9etch3_all.deb Size/MD5 checksum: 46871628 328ad30d3c07f90c56d821f76e186b40 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-manual-2.6.24_2.6.24-6~etchnhalf.9etch3_all.deb Size/MD5 checksum: 1550090 1f114fdc3123f135017dbdcd0e4839c6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-patch-debian-2.6.24_2.6.24-6~etchnhalf.9etch3_all.deb Size/MD5 checksum: 1009878 c7b7abff092940a400703b9168e46daa http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-support-2.6.24-etchnhalf.1_2.6.24-6~etchnhalf.9etch3_all.deb Size/MD5 checksum: 98248 a2a391008f8855d8358d5f18d9d76044 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch3_alpha.deb Size/MD5 checksum: 329786 a212d2b3a94f8a04611c0f20d3d324b9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch3_alpha.deb Size/MD5 checksum: 27236282 b5bc553c4bf3a49843c45814fab72443 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_alpha.deb Size/MD5 checksum: 83428 f5f27b9de4905239e6315c77393f1f03 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-alpha_2.6.24-6~etchnhalf.9etch3_alpha.deb Size/MD5 checksum: 83454 5d152b5b6aa505982ebc7122a770b29b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-generic_2.6.24-6~etchnhalf.9etch3_alpha.deb Size/MD5 checksum: 26641900 c799e7d48937975036b46edf032ecd87 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch3_alpha.deb Size/MD5 checksum: 26620162 eb1c3c27f1ac81959dc0f2ab497aee35 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_alpha.deb Size/MD5 checksum: 3455268 da2d2cc2b7c4253ac408c30fcfddb28f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-legacy_2.6.24-6~etchnhalf.9etch3_alpha.deb Size/MD5 checksum: 329788 f589f8815f7adf02f8884e2dd3ac613f http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-alpha-smp_2.6.24-6~etchnhalf.9etch3_alpha.deb Size/MD5 checksum: 329336 14bf085655b30adc8ab8f6ed4207d415 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch3_amd64.deb Size/MD5 checksum: 19482308 c49d2962c1a391fb00fb1b5f0598b24e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_amd64.deb Size/MD5 checksum: 3656476 f2f5de65037664d03208fcea83bf2ee2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_amd64.deb Size/MD5 checksum: 83422 600c7216143f43f9c61b0c2ccd118ea0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-amd64_2.6.24-6~etchnhalf.9etch3_amd64.deb Size/MD5 checksum: 83434 36f1d8f21ec39a473536dbeda2332e62 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch3_amd64.deb Size/MD5 checksum: 346940 d3f12fdd61f90749fdd08d857b326327 arm architecture (ARM) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.9etch3_arm.deb Size/MD5 checksum: 9357734 3e1165a0795d7db5f7ed8ef84205064b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-footbridge_2.6.24-6~etchnhalf.9etch3_arm.deb Size/MD5 checksum: 298744 50d8bfa3c06134e190409399a36c5aa9 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_arm.deb Size/MD5 checksum: 83546 1742ab93afadd1827009bf1d714e76eb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-arm_2.6.24-6~etchnhalf.9etch3_arm.deb Size/MD5 checksum: 83578 07906e33f9ad267d986991c93eef1048 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.9etch3_arm.deb Size/MD5 checksum: 10778670 cc38a718ad5fd1c6e92d23e416610bd6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-iop32x_2.6.24-6~etchnhalf.9etch3_arm.deb Size/MD5 checksum: 308138 34dbc7720b1844833f0b71aa307c37fa http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.9etch3_arm.deb Size/MD5 checksum: 310714 6a2c6fbbc1dd000b8a532227e3b8b5ae http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_arm.deb Size/MD5 checksum: 3939512 91c2ba626e754fe407d6dcf3fa01337a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-ixp4xx_2.6.24-6~etchnhalf.9etch3_arm.deb Size/MD5 checksum: 10786892 4d44a4ff751969855a01ad754a7c2b22 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 14375048 fe6ed4dea09aa205d801476667ef03cb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 13847788 4adc3106a987d84e12215156a379f460 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 259624 ac09dcabb624984b7321a5f6b6dbef54 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-hppa_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 83578 e152e18748e5c80b6d06715db836cf83 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc-smp_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 260838 44bc8ad5796c124b53d85a8c3a4ed912 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 262420 ff0641f04c409dd606c34373e8e16269 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc64-smp_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 14830990 cce09e8022bee915dcde5dd8b9525428 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 13333594 a4dc863b0c84b9006c723db9a581c92e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 83546 990eb24056c7f6a63a4d55ec39563bae http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 3446386 6ebfa4544252648df48cfb085cc3d2cc http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-parisc_2.6.24-6~etchnhalf.9etch3_hppa.deb Size/MD5 checksum: 258962 75184bed1f0b42cd8e002f93ed42198a i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 3656680 c5499cb98cdcdcadc48e3aa5bdf1d379 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 19214268 e3f564cae5a85355f4b5a9248a11af98 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 19148424 dd1d713c896888370a1667a16571c08c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 346982 6a6a08f74f9690705e6d770d1f3f2566 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-486_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 359548 b10fe011746b0df5fbd2587292af34ae http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-amd64_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 19482314 5d9cc150e340aea40e253a757cfdc423 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-i386_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 83452 32a1614212e964a4423b161b34cd758d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 19213598 4f459c2d2cdb87a6f945cbee7d4500d4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686-bigmem_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 358212 58ba32b0701643f043ab38a487cae609 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 83424 c1e8493aff96df5b0fe33f5af4686f98 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-686_2.6.24-6~etchnhalf.9etch3_i386.deb Size/MD5 checksum: 358752 4e3e9ef18a14fd191444591df571f80c ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_ia64.deb Size/MD5 checksum: 3569470 9ae824064bfc785f4b3512db78119e46 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.9etch3_ia64.deb Size/MD5 checksum: 32206374 badd40dd68e2c6634c65f79d9536e34d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_ia64.deb Size/MD5 checksum: 83432 64a48fa9283b1741e22f0a22dbb93b20 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-ia64_2.6.24-6~etchnhalf.9etch3_ia64.deb Size/MD5 checksum: 83456 235a5572d5e109a4b575080a8262dc57 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-mckinley_2.6.24-6~etchnhalf.9etch3_ia64.deb Size/MD5 checksum: 319938 d7dc0120458e93119879dcdd1e48017e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.9etch3_ia64.deb Size/MD5 checksum: 32025762 7595d7dc21d3273f46b35b8c00b0e195 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-itanium_2.6.24-6~etchnhalf.9etch3_ia64.deb Size/MD5 checksum: 320226 34731a37b519d726b133093e04d937c3 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 22243472 532341ea0847ea19414413f7659ff13d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 248638 ce9da5c377d6328e9bb9be1c3945fff8 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 12001172 817c44fd5afbeef1b9f172522ff21bcb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 10553972 20ddd95631b93efd52ae0aa38a5cd6d4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mips_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 83600 a7b66d71779dea207a3d49cb9f692fdb http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 27858364 54998117445c20f413331d1197355745 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 17212542 bf6c996fd387eef151e0db60d1bd00f2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 313302 314b57dc807eb91f617c10b1497e1617 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 314602 2c127076bf189be2836a4c3a4c7736af http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 3804368 fbcb3bdd668db166ad3f08e6dbfbc6e0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 17194888 9bce41a8b9936a16a3aa9cca675b9638 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 83540 8acdb1b4a4bc57f55b9cc5b2b04043a4 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-ip32_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 229412 0b93c7c909eca04fad4fa45e3e73e96c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 248700 13266a2acd5fcbd75d11049dd5e5ad58 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r4k-ip22_2.6.24-6~etchnhalf.9etch3_mips.deb Size/MD5 checksum: 218314 4174dec1c73ca114469cbb88fba32926 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 16567710 29d2ab68b4259a1822a2ca19e9494f5d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 309868 d69b27ef946f2ac62b115e0200fe8002 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-5kc-malta_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 26988356 f0d885b353b15dc42e4e76da8a8fb129 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 248150 7c585f74e0752a631050b13b9740c0c3 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 13318088 0b0a8b724245ac10817b03c4cf734827 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-mipsel_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 83484 a678208f18017a9c87d45548916fd98e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 311392 5b1f0957a2756b04be6c95ae8ca5e2c8 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-4kc-malta_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 21736368 02da1a4e543b8c5082476b156281cb31 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-r5k-cobalt_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 247968 929ca712a0aa0984f9dc2a6f68f405a5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 16632240 c9de1dfccb8a5cb5d5d652ca694a7108 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 3805532 be10a8b64da3adf7ece3846b0b0bf930 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 83434 ac0cb9b5939e4ea82c3c83a1a1d473ed http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b_2.6.24-6~etchnhalf.9etch3_mipsel.deb Size/MD5 checksum: 248174 50e84058a7d710f013f92e1fe68a705c powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 322474 2d7e39cf0b78d98125a0baba377f1af0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 19195556 bb2bd8e203cee7b3c6739d5c5d11901a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 324008 3b021bb4b3dac72dc68e701f4a209939 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 295928 ca2bf1c3c12f409e469c516877a8e91c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc64_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 21170062 4022dbff73ebfde3a846ce38896cf09c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-powerpc_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 322502 4b76cce255e1fcc72cb82053cd34a1a2 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-miboot_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 17459240 ad749c6e735e58d775b7190ff3d26e50 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-powerpc_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 83466 a041c0fdb383832cf725723ce22e40c0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 83430 392d415932625b1a69dc6494d2f737e0 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 3674486 200fdcca2140a97f961a37d70db620d5 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-powerpc-smp_2.6.24-6~etchnhalf.9etch3_powerpc.deb Size/MD5 checksum: 19487244 b42ad8431643d89a1f8b0e6e0aaeb39e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_s390.deb Size/MD5 checksum: 83532 a1c34683fe304f1a86bbc28f6cbc654c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-s390_2.6.24-6~etchnhalf.9etch3_s390.deb Size/MD5 checksum: 83556 bf7fed1ef4da92d782409fe8345f861a http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.9etch3_s390.deb Size/MD5 checksum: 6976486 5b5db16fea4336068bbcd5bff56ad575 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.9etch3_s390.deb Size/MD5 checksum: 7228452 75c044fa17d6071de36579a1491c2e1b http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_s390.deb Size/MD5 checksum: 3431908 18825f85900faca81b21e48d43af6ee7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390x_2.6.24-6~etchnhalf.9etch3_s390.deb Size/MD5 checksum: 197006 0a44248e77ec1ff027edd032ebe5b2c6 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-s390-tape_2.6.24-6~etchnhalf.9etch3_s390.deb Size/MD5 checksum: 1503494 bd7f7b7bd4e120472bf60ad0b7d9184e http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-s390_2.6.24-6~etchnhalf.9etch3_s390.deb Size/MD5 checksum: 196810 f03114c2f256a97b15f88d2659f9501b sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all_2.6.24-6~etchnhalf.9etch3_sparc.deb Size/MD5 checksum: 83428 1ea7179752fbb45e10e731991583db68 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.9etch3_sparc.deb Size/MD5 checksum: 263546 ef894d6917cbe692ec9197048538d5e7 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-common_2.6.24-6~etchnhalf.9etch3_sparc.deb Size/MD5 checksum: 3651402 a0194c650712040f81e97d5b3b62bc79 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.9etch3_sparc.deb Size/MD5 checksum: 264892 0b642e20f00b52c20b6ae9e0ee1f78b8 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-headers-2.6.24-etchnhalf.1-all-sparc_2.6.24-6~etchnhalf.9etch3_sparc.deb Size/MD5 checksum: 83442 6d109d7f131dab564736e2ac6a85dd29 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64-smp_2.6.24-6~etchnhalf.9etch3_sparc.deb Size/MD5 checksum: 13318532 dbce062bfa560c331b75bed073868e1d http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-image-2.6.24-etchnhalf.1-sparc64_2.6.24-6~etchnhalf.9etch3_sparc.deb Size/MD5 checksum: 13019464 b0b153fafa43b650e996a9d84bbb26d7 ORIGINAL ADVISORY: DSA-2004-1: http://lists.debian.org/debian-security-announce/2010/msg00045.html OTHER REFERENCES: SA32320: http://secunia.com/advisories/32320/ SA35265: http://secunia.com/advisories/35265/ SA36265: http://secunia.com/advisories/36265/ SA37435: http://secunia.com/advisories/37435/ SA37590: http://secunia.com/advisories/37590/ SA37658: http://secunia.com/advisories/37658/ SA38133: http://secunia.com/advisories/38133/ SA38229: http://secunia.com/advisories/38229/ SA38317: http://secunia.com/advisories/38317/ SA38502: http://secunia.com/advisories/38502/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 15:53:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 00:53:16 +0100 Subject: [SEC] [SA38768] Pre Classified Listings ASP Multiple Vulnerabilities Message-ID: <201003012353.o21NrGqW020625@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Pre Classified Listings ASP Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38768 VERIFY ADVISORY: http://secunia.com/advisories/38768/ DESCRIPTION: Multiple vulnerabilities have been reported in Pre Classified Listings ASP, which can be exploited by malicious people to conduct script insertion and SQL injection attacks. 1) Input passed via "address" form field in signup.asp when registering as a new user is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed via the "email" form field to signup.asp and via the "siteid" parameter to detailad.asp is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 1) Pouya_Server 2) Pouya_Server and Crux ORIGINAL ADVISORY: http://packetstormsecurity.org/0812-exploits/preclass-sqlxss.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 16:06:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 01:06:17 +0100 Subject: [SEC] [SA38756] Uiga FanClub SQL Injection and Cross-Site Scripting Vulnerabilities Message-ID: <201003020006.o2206HXh008067@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Uiga FanClub SQL Injection and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA38756 VERIFY ADVISORY: http://secunia.com/advisories/38756/ DESCRIPTION: Some vulnerabilities have been discovered in Uiga FanClub, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks. 1) Input passed via the "id" parameter to index.php (when "view" is set to "photos") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the "admin_name" and "admin_password" parameters in admin/admin_login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in the version downloaded on March 1st 2010. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 1) Easy Laster 2) An anonymous person ORIGINAL ADVISORY: 1) http://4004securityproject.wordpress.com/2010/02/28/uigafanclub-index-php-sql-injection/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 16:20:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 01:20:20 +0100 Subject: [SEC] [SA38727] Microsoft Windows "MsgBox()" HLP File Execution Vulnerability Message-ID: <201003020020.o220KK1T027971@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Microsoft Windows "MsgBox()" HLP File Execution Vulnerability SECUNIA ADVISORY ID: SA38727 VERIFY ADVISORY: http://secunia.com/advisories/38727/ DESCRIPTION: Maurycy Prodeus has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the VBScript "MsgBox()" function allowing the execution of arbitrary HLP files. This can be exploited to execute an HLP file from e.g. an SMB share by tricking a user into pressing F1 when viewing a specially crafted website. Successful exploitation allows execution of arbitrary commands via HLP macros. The vulnerability is confirmed with Internet Explorer 7 on a fully patched Windows XP SP3. Other versions may also be affected. SOLUTION: Avoid pressing F1 on untrusted websites. Disable Active Scripting support. PROVIDED AND/OR DISCOVERED BY: Maurycy Prodeus, iSEC Security Research ORIGINAL ADVISORY: Microsoft: http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx iSEC Security Research: http://www.isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 16:41:19 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 01:41:19 +0100 Subject: [SEC] [SA38792] DZ EROTIK Auktionshaus "V4rgo" "id" SQL Injection Vulnerability Message-ID: <201003020041.o220fJBM015730@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: DZ EROTIK Auktionshaus "V4rgo" "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38792 VERIFY ADVISORY: http://secunia.com/advisories/38792/ DESCRIPTION: Easy Laster has reported a vulnerability in DZ EROTIK Auktionshaus "V4rgo", which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in news.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious requests using a proxy. PROVIDED AND/OR DISCOVERED BY: Easy Laster ORIGINAL ADVISORY: http://4004securityproject.wordpress.com/2010/02/26/dz-erotik-auktionshaus-v-4-rgo-news-php-sql-injection/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 16:53:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 01:53:04 +0100 Subject: [SEC] [SA38758] Blax Blog "kadi" SQL Injection Vulnerability Message-ID: <201003020053.o220r4eP003133@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Blax Blog "kadi" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38758 VERIFY ADVISORY: http://secunia.com/advisories/38758/ DESCRIPTION: A vulnerability has been discovered in Blax Blog, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "kadi" parameter in admin/girisyap.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing the authentication mechanism. The vulnerability is confirmed in the version downloaded on March 1st 2010. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: cr4wl3r ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 17:06:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 02:06:05 +0100 Subject: [SEC] [SA38715] Article Friendly "filename" File Inclusion Vulnerability Message-ID: <201003020106.o22165Bd022986@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Article Friendly "filename" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA38715 VERIFY ADVISORY: http://secunia.com/advisories/38715/ DESCRIPTION: A vulnerability has been reported in Article Friendly, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "filename" parameter in admin/index.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Successful exploitation requires that "magic_quotes_gpc" is disabled. SOLUTION: Reportedly a patch has been released. Please contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: Pratul Agrawal ORIGINAL ADVISORY: http://packetstormsecurity.org/1002-exploits/articlefriendly-lfi.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 17:20:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 02:20:16 +0100 Subject: [SEC] [SA38757] Uiga Personal Portal "id" SQL Injection Vulnerability Message-ID: <201003020120.o221KGhH010480@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Uiga Personal Portal "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38757 VERIFY ADVISORY: http://secunia.com/advisories/38757/ DESCRIPTION: Easy Laster has discovered a vulnerability in Uiga Personal Portal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to index.php (when "view" is set to "photos") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in the version downloaded on March 1st 2010. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster ORIGINAL ADVISORY: http://4004securityproject.wordpress.com/2010/02/28/uiga-personal-portal-index-php-sql-injection/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 17:41:06 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 02:41:06 +0100 Subject: [SEC] [SA38802] Oracle Siebel Loyalty Management "start.swe" Cross-Site Scripting Message-ID: <201003020141.o221f6W0030646@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Oracle Siebel Loyalty Management "start.swe" Cross-Site Scripting SECUNIA ADVISORY ID: SA38802 VERIFY ADVISORY: http://secunia.com/advisories/38802/ DESCRIPTION: A vulnerability has been reported in Oracle Siebel Loyalty Management, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to loyalty_enu/start.swe is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 8.1. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: thebluegenius ORIGINAL ADVISORY: http://packetstormsecurity.org/1002-exploits/oraclesiebel-xss.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 17:53:01 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 02:53:01 +0100 Subject: [SEC] [SA38812] Fedora update for squid Message-ID: <201003020153.o221r1j1018048@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for squid SECUNIA ADVISORY ID: SA38812 VERIFY ADVISORY: http://secunia.com/advisories/38812/ DESCRIPTION: Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA38561 SOLUTION: Apply updated packages using the yum utility ("yum update squid"). ORIGINAL ADVISORY: FEDORA-2010-3064: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035961.html OTHER REFERENCES: SA38561: http://secunia.com/advisories/38561/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 18:06:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 03:06:00 +0100 Subject: [SEC] [SA38813] Fedora update for httpd Message-ID: <201003020206.o22260rV005484@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for httpd SECUNIA ADVISORY ID: SA38813 VERIFY ADVISORY: http://secunia.com/advisories/38813/ DESCRIPTION: Fedora has issued an update for httpd. This fixes some vulnerabilities, which can be exploited by malicious people to manipulate certain data, bypass certain security restrictions, or cause a DoS (Denial of Service). For more information: SA36549 SA36675 SA37291 SOLUTION: Apply updated packages using the yum utility ("yum update httpd"). ORIGINAL ADVISORY: FEDORA-2009-12747: http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035949.html OTHER REFERENCES: SA36549: http://secunia.com/advisories/36549/ SA36675: http://secunia.com/advisories/36675/ SA37291: http://secunia.com/advisories/37291/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 18:20:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 03:20:37 +0100 Subject: [SEC] [SA38811] Debian update for samba Message-ID: <201003020220.o222Kb3T025415@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Debian update for samba SECUNIA ADVISORY ID: SA38811 VERIFY ADVISORY: http://secunia.com/advisories/38811/ DESCRIPTION: Debian has issued an update for samba. This fixes a weakness and a security issue, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and potentially gain escalated privileges. For more information: SA38286 1) The "mount.cifs" utility does not properly sanitise certain input, which can be exploited to corrupt the /etc/mtab file. SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9.dsc Size/MD5 checksum: 2470 c350b5f777685fe69e0ae2f5dcf810ed http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9.diff.gz Size/MD5 checksum: 239988 82ad8ff6f28af236b321a7eb50d754c8 Architecture independent packages: http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny9_all.deb Size/MD5 checksum: 6252746 f7df1cc363fbcd6ce2da61aaaea2e1c5 http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny9_all.deb Size/MD5 checksum: 7950496 68348d1ee83c74096ad02f05ed3b3699 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 1463176 dead0cf63a2ea7de8baf562e1867fe10 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 1333348 80f5022f6b36cab3f2d67bb0ef4b2800 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 638200 c3467c6d11c4b655cfe31e6a19ff0622 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 2574222 491cfc0ee9ce90d6c98347467002c7ef http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 3275458 c3b8ba294354a64c4b7e80ddcd7849cb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 1941530 14d2c8ffd8544b448eff0d3790e46621 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 6950754 58cffb8cebcaf30c8d8e35916a65fffe http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 3736204 8a467068fa6ff8ef20a61f6277b7d583 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 81568 c70797d1ea795973e6d6639cfd0410fd http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 4834334 c4114837ae9245452a8e8752f7b5343a http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 5733410 59017cdc857eae1a64dcb707365ac78b http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_alpha.deb Size/MD5 checksum: 1080474 37190dfe1f9c11ba17aeda1377cc0304 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 1992470 93f2f6a501d8b0c354537d143c962794 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 4781510 b3432114b15d1134e9f88ef8fd5cef8b http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 7006958 656401f8a9bcebd2e0daf05d009d4adb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 1083040 98380f9059424e4b8cbcb56435586467 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 628388 d5c4908130f2932c7e630bf0fb71868f http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 1358206 e92b4c3d4ee7a0cb1102808b0f479bcb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 5648010 926ac5718d9c7f45491944b9ecddbf32 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 1955572 6ef5dc332042050c27ce9ab96dd43a0a http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 3276028 b1527124efde3b2e5551fa9680573207 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 1494266 185078508720dd3b5930c06465a0995d http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 80588 f2a8a84e3528b95c65782a3cb34f339b http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_amd64.deb Size/MD5 checksum: 3740744 f2c56fbf05935f8fdd0a7b1acce61585 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 5041804 17ec9ce0b0e9476f8b98bf36063b5df0 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 4267870 a5e251c739ff83a838b03f0d6764c399 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 6177368 d2140c896a2cfa9e8fd7222709ee088e http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 79528 efce94f03c3257f89cf105a1e943ecba http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 3353546 0fa90fe9a676418b663ad8892b6afd77 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 2399034 9e2d664559b76868d0667bead3cad3ce http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 2892614 441f28084951ef0dea1d8ffa2d6137d2 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 561446 b8962709de12e2b7e483355019c46a09 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 1817364 62ced50f9c213a2e8c800bc5352c662f http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 972544 62f0a623dc4d9354319ffca2421ef16a http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 1204248 1163a18d6c97e4b46817209c8e2f74fc http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_arm.deb Size/MD5 checksum: 1316352 84bbb87072aa207ad4afe5dd88a9f500 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 5071106 97a106d71674be953f17f339083da535 http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 2910800 11d8ddb4557c0fb7372e6cc8343130b0 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 79132 4add29b5576fe4d30a759e3eba3a93d4 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 564374 6c5eb08f957c4158d0c31776185740bf http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 4294734 baa5c610c222fe7b484e461fa20be525 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 1210740 4f028be63b6e88caf6edfa67bbd6a2ff http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 1823786 1ef88ad11dbeb601cbb7218ef8446a33 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 2425120 2e6318bfeba97595191f67f1c5fa5e6f http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 1324336 428eaf85b5e5454034584401f6d2ce7b http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 982218 34bd6f03110c66b35a4236331b1499c5 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 6215120 a721a2bb9e62e291ab83ff26eedaf62d http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_armel.deb Size/MD5 checksum: 3372496 db8264837f10ef4764a520c0aebddfb2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 3610420 a5916d3de88d013019156341f54a479b http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 81108 4240ebdef0a8b22f5d1c6a3379165764 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 1413152 3554ee16031015b27961935754a47716 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 2229384 2d97c8ed8b5caf3560c93fcb57ad83d7 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 5501292 93612983b1e8f04c3e24f72914db7f53 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 6687792 e7b9d3708978cb2f64dd3929a6fe0a94 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 1375854 f3ab7208ab858e11cd86f4612124d251 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 1046668 7b39cf96e77638ee2fb46aaa502a0def http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 3177818 00faf13a7fbbe1f998f573e068bbe6fa http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 632108 2703f1403b04dd5f1045fe31ea160edb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 2067852 076a6a4d253c0504566f9a94e22c4be6 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_hppa.deb Size/MD5 checksum: 4653586 a1d4e4f3f67708b63c387099c6626733 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 1823542 682b1050f232ceadb18dc8979df57570 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 5068864 f009e30589af4295e040475ca6fd2146 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 984834 d17d8eb0c46950e7fb3e0ee10bd5d315 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 3409862 0a9992e1716da1f56276825f81490cec http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 2928130 4df6e3ce9043c99d8ba859a0ab19efd0 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 2082664 717349032021d55f05ab2cf5fa1f58f9 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 1350022 e4c70a2d2a9bf7a023da3d1cf24da8e5 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 79508 8538f6232741624ee538e5169a2626c1 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 561468 244bf102790619264bc6d4fce12bf4e8 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 6304788 ac7f194da34e6363cb8c65a3bb1583f6 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 1200166 f7ddc5b9a70093bd6163df687eb114a1 http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_i386.deb Size/MD5 checksum: 4295358 0e3b758dea0f72490bec60dd35d9f160 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 84304 0f20e815665230738edda78a2d393275 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 4386736 44c2bab94b6882e62a4ee77d1cbc1f68 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 8295058 9f06b80b653b9da0340f4ca6a7c6d6a7 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 752380 d71e8976ba8d4d3d0b69b158cb37c530 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 6933780 2724767feaddc313b8391ec8db89ef2a http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 2401268 c0d04b98213ada6c226bae0796087d8f http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 5832528 bebeb7c54ede902f9ccf4cb9cd0fbc3f http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 1280376 c002483dae1dfb2c9e66574a1a54b580 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 1561426 514ee394b1674db405acac07fbe7161f http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 1724684 64f04b6f893d499b4004ddd299ffcc50 http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 3915626 ff6374f67ed88d6dc22bc33452fa880b http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_ia64.deb Size/MD5 checksum: 1939766 e49b157099db2dbb7a1af1f3cdf09c21 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 1093902 1a9b8c81b21d950382de5dc9dac61ec6 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 2182482 2637f89bf9108adcdbcf2d99cb8e95df http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 4998930 48d1409f35e9d2fd0f6f5f0aaf56366a http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 572986 6aa1e6021995269549f78ed3bcafa08c http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 2809668 5e9c02e1832a889776b314bbed82a5a3 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 5841264 eb06b2674383addf8477d9ee2f067241 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 2507278 892aa8720573e572cc8ff42dd075e8c3 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 3239124 a4c88a224df61f0bbc54e87dea3e99f8 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 79594 ce272ecce69206c7bc22c888b359418d http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 1205806 8611ab7991f6e09121bbda33b092b1ad http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 4203548 a6dd8ec04f802507d8e51e9f78c26c6b http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_mips.deb Size/MD5 checksum: 942366 aabc925238e075f8f3744c7c44b40e4f mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 1082016 f351b94f4de134809f854d2a2941652e http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 2793406 c8db0453dd55318071d4bcf1252ae633 http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 79514 269977ec2d6a1a9551c0021fab1871e9 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 5801436 634198ec023c9fb2afba8533d168ec40 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 937206 a129e3579dca0f2e0b4fa66bfc9df693 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 2128634 a3b8e9b7d616884e918ee615a9bb2443 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 2390238 3cd9bf05564f27964232cfb1d35c0944 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 3219528 f845d56e3b9334401e192fe79f45da9d http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 1196926 d50e00881b8650b92caf40089b5f6552 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 4967686 5cdcd7cfec791f472e4f761a1264098a http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 4178230 4558a771c63c83f92f7276e69fa00dd9 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_mipsel.deb Size/MD5 checksum: 569600 61fbc8a1b21c45e080f7c7253a2bcbd4 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 2078396 375b7b8719ce7d27a65f4063550068f0 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 989754 3843d901f44ff4c982b82292c3cf2b4a http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 2988350 72e1abd2481e5fca5f13ab926e6439c1 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 1335802 3a0ce75ec8dd000ed1a8a56047b41344 http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 1240416 3e2a10e14a13872718d64e270d2ed36b http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 1714648 0abc5aebba55ff318bda4cc33fbd6531 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 5190642 b32cdb5163b7c49923e14e33f993f93d http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 596034 22ae2b5fa172445e065a820284bae32b http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 80996 60821ef9894750d967c8b8dfa152771e http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 4406486 e74c12d39018c5eb918049a9f43f2bd1 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 6296704 11789a7c80ac1f76f93b66cbc0e25024 http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_powerpc.deb Size/MD5 checksum: 3436812 7f637893c3237c1609f8130c740ab444 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 4321558 45bd9c058b347210a8d073d01dea0d80 http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 978766 a1bbfed8506f7959b8d38dc34d52c4a9 http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 6175646 ccbbef75be06864fa4e6e26a13f6de2e http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 1202346 565f1b01fc3724198f6ecd52709c6a51 http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 2026382 1da15e63b5f850ac91b266b2917fa865 http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 1304294 8d2dc296f6a1bf3280b26c8bd56f1f05 http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 5115064 d32a60f69d2d8b11c127caf52218c996 http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 581974 1224d3e0c417803ac6bb3bef706a1330 http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 1995210 841952b9e09835556cc9f23e491a8066 http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 2927968 8b5c038a2395f41e2a835182a3d6c98e http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 3380236 45a49dd8180d36e3f2d9b0313344b42b http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny9_sparc.deb Size/MD5 checksum: 79216 4cfbfc843b4fb44adbde9cdb88637404 PROVIDED AND/OR DISCOVERED BY: 1) Debian credits Jeff Layton ORIGINAL ADVISORY: DSA-2004-1: http://lists.debian.org/debian-security-announce/2010/msg00044.html OTHER REFERENCES: SA38286: http://secunia.com/advisories/38286/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 18:41:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 03:41:42 +0100 Subject: [SEC] [SA38422] Docebo Cross-Site Request Forgery Vulnerability Message-ID: <201003020241.o222fgl1013174@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Docebo Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA38422 VERIFY ADVISORY: http://secunia.com/advisories/38422/ DESCRIPTION: Russ McRee has discovered a vulnerability in Docebo, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows administrative users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site. The vulnerability is confirmed in version 3.6.0.3. Other versions may also be affected. SOLUTION: Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Reported by Russ McRee via Secunia. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 1 18:53:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 03:53:23 +0100 Subject: [SEC] [SA38795] Ubuntu update for sudo Message-ID: <201003020253.o222rNWD000517@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Ubuntu update for sudo SECUNIA ADVISORY ID: SA38795 VERIFY ADVISORY: http://secunia.com/advisories/38795/ DESCRIPTION: Ubuntu has issued an update for sudo. This fixes some security issues, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA38659 SOLUTION: Apply updated packages. -- Ubuntu 6.06 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1.diff.gz Size/MD5: 36465 14d0df16c74cd33e67550cc3011e79bb http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1.dsc Size/MD5: 618 d3ff741b9d7e1d3e01abd562318018c2 http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12.orig.tar.gz Size/MD5: 585643 b29893c06192df6230dd5f340f3badf5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_amd64.deb Size/MD5: 177298 33ba18356cb72b861d6ecda89529b0fb http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_amd64.deb Size/MD5: 189148 aeefad19f406872cac0eded167f4e065 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_i386.deb Size/MD5: 162882 b873dc9cb110544216feef747d32e5a2 http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_i386.deb Size/MD5: 174316 293c645a4a4d57ccb27e473b5ea9c508 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_powerpc.deb Size/MD5: 171444 ad26abb760441edbf15f7e098b1e1532 http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_powerpc.deb Size/MD5: 183624 8d045143fc6daf29a153184055bfea53 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_sparc.deb Size/MD5: 167550 c27e7f387cb19b5bf3d932957181b5a6 http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_sparc.deb Size/MD5: 180092 fc286f32e79a3010f81f20413168aa04 -- Ubuntu 8.04 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6.diff.gz Size/MD5: 29374 e6db1630f2b05c8e9839f4fe4aca266a http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6.dsc Size/MD5: 702 20547db3a024d46b8217acf1e83b83ef http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10.orig.tar.gz Size/MD5: 579302 16db2a1213159a1fac8239eab58108f5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_amd64.deb Size/MD5: 188358 23215819c29dc7de3a4af5ca1a57032c http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_amd64.deb Size/MD5: 200026 7c6057e1ed38e8cda9a4d205faf1ac13 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_i386.deb Size/MD5: 176538 1e833016ee022766c2ca1a7e29b596ed http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_i386.deb Size/MD5: 187408 0e0472b16b1add85df28b0675589956d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_lpia.deb Size/MD5: 177632 8b2edc241c35137afd81c396a0043431 http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_lpia.deb Size/MD5: 188378 ad2a9d36a94c36e1bcecc1bca64b2d95 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_powerpc.deb Size/MD5: 188556 9f0e4fb02064fc1b40829de2c1e92805 http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_powerpc.deb Size/MD5: 202394 ef74f61e9c34ee11ef51d38377a0be55 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_sparc.deb Size/MD5: 182512 24f0ed4658aae0c538ca564e4c5950c3 http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_sparc.deb Size/MD5: 193640 a2b3b6604ff6c4546e5a8d061fdb7cab -- Ubuntu 8.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2.diff.gz Size/MD5: 26459 e127fb89620f45f5d9184bd87b45464a http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2.dsc Size/MD5: 1098 2959f2bc61d7ccecfb8fc554b446d463 http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17.orig.tar.gz Size/MD5: 593534 60daf18f28e2c1eb7641c4408e244110 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_amd64.deb Size/MD5: 191296 c1d1c53708d512a746da226117d130d0 http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_amd64.deb Size/MD5: 202256 f4d5961be5ef3eee80906f2c6d39a4b8 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_i386.deb Size/MD5: 179370 d21813fed543bfed0e0704a1ce0341ef http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_i386.deb Size/MD5: 188842 55a32e9081772f8611e1006d3ddcfb50 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_lpia.deb Size/MD5: 180432 ab0bcf69bfba1bc48e9a6a3ba3030c5f http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_lpia.deb Size/MD5: 189652 8dc329d7a87d2d5bf2eb70071361b792 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_powerpc.deb Size/MD5: 188732 81d7e525bdfb3421d46e5c7623963e63 http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_powerpc.deb Size/MD5: 201208 69d7905dce680b3d9f30f6476e486ae6 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_sparc.deb Size/MD5: 184208 1d87f6e84ad37cceb1ab1b16083336ad http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_sparc.deb Size/MD5: 193944 b6c81515751ff1b11d6b7b8bf9893206 -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1.diff.gz Size/MD5: 26464 d01e9f40ceb7ee72cd544dccc0ff61ec http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1.dsc Size/MD5: 1098 7d36e3ce35d2745b8ad1ee6f3341713d http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17.orig.tar.gz Size/MD5: 593534 60daf18f28e2c1eb7641c4408e244110 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_amd64.deb Size/MD5: 191292 db0dd72e435fc48ac109d67b9d896573 http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_amd64.deb Size/MD5: 202254 5ba756fd3ddf796ea948f0f3da4cdd80 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_i386.deb Size/MD5: 179392 d8984ef79dfd27e314343b3e8f42bb41 http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_i386.deb Size/MD5: 188846 ce40b21ebc2e2a95be415c768661a785 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_lpia.deb Size/MD5: 180456 6fded1767a6b44cf99f25a82476a52da http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_lpia.deb Size/MD5: 189674 e271b1fa6d7f17917163dbb37863eb2e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_powerpc.deb Size/MD5: 188744 039f52f42d3eeded8ce75e96e276e53d http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_powerpc.deb Size/MD5: 201216 2a649addcffab0eaa94f36a45c3848cd sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_sparc.deb Size/MD5: 184136 ca187dd7a7b3eca1b6788bb8b7615f7e http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_sparc.deb Size/MD5: 193798 ebf79bbc5f19b50d8ffa60bad381966b -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1.diff.gz Size/MD5: 23742 31fa50ea42efb75a6995ce43e05f8d3a http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1.dsc Size/MD5: 1117 ac9f701eef71f472756479f9c07d5ff3 http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0.orig.tar.gz Size/MD5: 744311 5fd96bba35fe29b464f7aa6ad255f0a6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_amd64.deb Size/MD5: 310278 7f1b840d6412b168c70d2f136cb0a3a5 http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_amd64.deb Size/MD5: 333962 a01561815cf0e835cb889663eaf81d06 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_i386.deb Size/MD5: 297694 d514dde2dfc8ec32c92de9d71d8f5832 http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_i386.deb Size/MD5: 319300 e3a4e6d67ed8644c9bed06337cadc156 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_lpia.deb Size/MD5: 297858 82f884376f3ab60cd35466d70446514d http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_lpia.deb Size/MD5: 319686 f9ec4970846681134c868621c8d5989e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_powerpc.deb Size/MD5: 305874 88b6f4ad953f85c7b32898b7b3823163 http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_powerpc.deb Size/MD5: 328914 b973b5fa801148e11d3747ab89b84a3f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_sparc.deb Size/MD5: 301460 e5cf051efacfdca66a3aa186d01f5a80 http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_sparc.deb Size/MD5: 323606 b82e9af9f7f18ebf31aee38835aaf901 ORIGINAL ADVISORY: USN-905-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-February/001053.html OTHER REFERENCES: SA38659: http://secunia.com/advisories/38659/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 10:26:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 19:26:29 +0100 Subject: [SEC] [SA38775] 1024 CMS "id" SQL Injection Vulnerability Message-ID: <201003021826.o22IQT2V012589@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: 1024 CMS "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38775 VERIFY ADVISORY: http://secunia.com/advisories/38775/ DESCRIPTION: AmnPardaz Security Research Team has discovered a vulnerability in 1024 CMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to rss.php (when "t" is set to "vp") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 2.1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: AmnPardaz Security Research Team ORIGINAL ADVISORY: http://www.bugreport.ir/index_69.htm ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 11:26:29 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 20:26:29 +0100 Subject: [SEC] [SA38773] Uploadify Arbitrary File Upload Security Issue Message-ID: <201003021926.o22JQTEd001888@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Uploadify Arbitrary File Upload Security Issue SECUNIA ADVISORY ID: SA38773 VERIFY ADVISORY: http://secunia.com/advisories/38773/ DESCRIPTION: A security issue has been discovered in Uploadify, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the uploadify.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code. The security issue is confirmed in version 2.1.0. Other versions may also be affected. SOLUTION: Restrict access to the uploadify.php script (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: indoushka ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 12:26:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 21:26:40 +0100 Subject: [SEC] [SA38763] PHP Trouble Ticket "id" SQL Injection Vulnerability Message-ID: <201003022026.o22KQeRU023612@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: PHP Trouble Ticket "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38763 VERIFY ADVISORY: http://secunia.com/advisories/38763/ DESCRIPTION: A vulnerability has been discovered in PHP Trouble Ticket, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in vedi_faq.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.2. Other versions may also be affected. SOLUTION: Edit the source code the ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: kaMtiEz ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 13:26:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 22:26:33 +0100 Subject: [SEC] [SA38764] IBM AIX NTP Mode 7 Request Denial of Service Message-ID: <201003022126.o22LQXnu012911@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: IBM AIX NTP Mode 7 Request Denial of Service SECUNIA ADVISORY ID: SA38764 VERIFY ADVISORY: http://secunia.com/advisories/38764/ DESCRIPTION: IBM has acknowledged a vulnerability in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA37629 SOLUTION: IBM AIX 5.3: Apply APAR IZ68659. IBM AIX 6.1: Apply APAR IZ71047. ORIGINAL ADVISORY: IBM: http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659 OTHER REFERENCES: SA37629: http://secunia.com/advisories/37629/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 14:20:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 23:20:26 +0100 Subject: [SEC] [SA38772] Fedora update for thunderbird Message-ID: <201003022220.o22MKQGQ002068@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for thunderbird SECUNIA ADVISORY ID: SA38772 VERIFY ADVISORY: http://secunia.com/advisories/38772/ DESCRIPTION: Fedora has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA37242 SOLUTION: Apply updated packages via the yum utility ("yum update thunderbird"). ORIGINAL ADVISORY: FEDORA-2010-3230: https://admin.fedoraproject.org/updates/F12/FEDORA-2010-3230 FEDORA-2010-3267: https://admin.fedoraproject.org/updates/F11/FEDORA-2010-3267 OTHER REFERENCES: SA37242: http://secunia.com/advisories/37242/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 14:41:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 23:41:45 +0100 Subject: [SEC] [SA38731] IBM Informix Dynamic Server RPC Implementation Vulnerabilities Message-ID: <201003022241.o22Mfj2k022257@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: IBM Informix Dynamic Server RPC Implementation Vulnerabilities SECUNIA ADVISORY ID: SA38731 VERIFY ADVISORY: http://secunia.com/advisories/38731/ DESCRIPTION: Some vulnerabilities have been reported in IBM Informix Dynamic Server, which can be exploited by malicious people to compromise a vulnerable system. 1) Multiple errors in the RPC library (librpc.dll) can be exploited to cause buffer overflows via specially crafted RPC packets sent to TCP port 36890. 2) A signedness error in the RPC library (librpc.dll) can be exploited to cause a stack-based buffer overflow via a specially crafted RPC packet sent to to TCP port 36890. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are reported in versions prior to IDS 10.00.TC9 and IDS 11.10.TC3. SOLUTION: Update to version IDS 10.00.TC10 or IDS 11.10.TC3 4. PROVIDED AND/OR DISCOVERED BY: Sebastian Apelt, reported via ZDI ORIGINAL ADVISORY: http://www.zerodayinitiative.com/advisories/ZDI-10-022/ http://www.zerodayinitiative.com/advisories/ZDI-10-023/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 14:53:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 2 Mar 2010 23:53:33 +0100 Subject: [SEC] [SA38770] Fedora update for sunbird Message-ID: <201003022253.o22MrXXK009659@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for sunbird SECUNIA ADVISORY ID: SA38770 VERIFY ADVISORY: http://secunia.com/advisories/38770/ DESCRIPTION: Fedora has issued an update for sunbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA37242 SOLUTION: Apply updated packages via the yum utility ("yum update sunbird"). ORIGINAL ADVISORY: FEDORA-2010-3230: https://admin.fedoraproject.org/updates/F12/FEDORA-2010-3230 FEDORA-2010-3267: https://admin.fedoraproject.org/updates/F11/FEDORA-2010-3267 OTHER REFERENCES: SA37242: http://secunia.com/advisories/37242/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 15:06:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 00:06:26 +0100 Subject: [SEC] [SA38817] Red Hat update for systemtap Message-ID: <201003022306.o22N6QeL029515@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Red Hat update for systemtap SECUNIA ADVISORY ID: SA38817 VERIFY ADVISORY: http://secunia.com/advisories/38817/ DESCRIPTION: Red Hat has issued an update for systemtap. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA38426 SOLUTION: Updated packages are available via Red Hat Network. ORIGINAL ADVISORY: RHSA-2010:0125-1: https://rhn.redhat.com/errata/RHSA-2010-0125.html OTHER REFERENCES: SA38426: http://secunia.com/advisories/38426/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 15:20:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 00:20:24 +0100 Subject: [SEC] [SA38765] Red Hat update for systemtap Message-ID: <201003022320.o22NKO4I016999@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Red Hat update for systemtap SECUNIA ADVISORY ID: SA38765 VERIFY ADVISORY: http://secunia.com/advisories/38765/ DESCRIPTION: Red Hat has issued an update for systemtap. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges and by malicious users to compromise a vulnerable system. For more information: SA38154 SA38426 SOLUTION: Updated packages are available via Red Hat Network. ORIGINAL ADVISORY: RHSA-2010:0124-01: https://rhn.redhat.com/errata/RHSA-2010-0124.html OTHER REFERENCES: SA38154: http://secunia.com/advisories/38154/ SA38426: http://secunia.com/advisories/38426/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 15:41:53 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 00:41:53 +0100 Subject: [SEC] [SA38769] Fedora update for openldap Message-ID: <201003022341.o22Nfr96004767@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for openldap SECUNIA ADVISORY ID: SA38769 VERIFY ADVISORY: http://secunia.com/advisories/38769/ DESCRIPTION: Fedora has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to an error when processing X.509 certificates containing NULL ('\0') characters embedded in subject Common Name and can be exploited to spoof certificates for legitimate domains. SOLUTION: Apply updated packages via the yum utility ("yum update openldap"). ORIGINAL ADVISORY: FEDORA-2010-0752: https://admin.fedoraproject.org/updates/F11/FEDORA-2010-0752 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 15:53:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 00:53:17 +0100 Subject: [SEC] [SA38479] TrendNet TV-IP110W Missing Authentication Check Security Issue Message-ID: <201003022353.o22NrH6U024571@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: TrendNet TV-IP110W Missing Authentication Check Security Issue SECUNIA ADVISORY ID: SA38479 VERIFY ADVISORY: http://secunia.com/advisories/38479/ DESCRIPTION: Robert B. Noakes has reported a security issue in TrendNet TV-IP110W, which can be exploited by malicious people to access the camera's feed without any authentication. The security issue is caused due missing authentication checks, which can be exploited to view the camera's video feed without any authentication. SOLUTION: Update to firmware version V1.1.0.93. http://www.trendnet.com/downloads/list_subcategory.asp?SUBTYPE_ID=1172#Firmware PROVIDED AND/OR DISCOVERED BY: Robert B. Noakes ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 2 16:06:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 01:06:21 +0100 Subject: [SEC] [SA38766] Fedora update for puppet Message-ID: <201003030006.o2306Lvu012013@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for puppet SECUNIA ADVISORY ID: SA38766 VERIFY ADVISORY: http://secunia.com/advisories/38766/ DESCRIPTION: Fedora has issued an update for puppet. This fixes a security issue, which potentially can be exploited by malicious, local users to gain escalated privileges. For more information: SA36967 SOLUTION: Apply updated packages using the yum utility ("yum update puppet"). ORIGINAL ADVISORY: FEDORA-2010-1079: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html FEDORA-2010-1372: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html OTHER REFERENCES: SA36967: http://secunia.com/advisories/36967/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 10:26:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 19:26:30 +0100 Subject: [SEC] [SA38776] Apache HTTP Server Multiple Vulnerabilities Message-ID: <201003031826.o23IQUTE010317@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38776 VERIFY ADVISORY: http://secunia.com/advisories/38776/ DESCRIPTION: Some vulnerabilities have been reported in Apache HTTP Server, where one has unknown impacts and others can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service). 1) The "ap_proxy_ajp_request()" function in modules/proxy/mod_proxy_ajp.c of the mod_proxy_ajp module returns the "HTTP_INTERNAL_SERVER_ERROR" error code when processing certain malformed requests. This can be exploited to put the backend server into an error state until the retry timeout expired by sending specially crafted requests. 2) The mod_isapi module could unload ISAPI modules before the request processing is complete, potentially leaving orphaned callback pointers behind. 3) An error exists within the header handling when processing subrequests, which can lead to sensitive information from a request being handled by the wrong thread if a multi-threaded Multi-Processing Module (MPM) is used. Vulnerabilities #1 and #3 are reported in version 2.2.0, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.8, 2.2.9, 2.2.11, 2.2.12, 2.2.13, and 2.2.14. SOLUTION: Fixed in httpd 2.2.15-dev. Update to version 2.2.15 as soon as it becomes available. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reported by the vendor. 3) Reported in a bug report by Philip Pickett ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_22.html http://svn.apache.org/viewvc?view=revision&revision=917875 http://svn.apache.org/viewvc?view=revision&revision=917870 https://issues.apache.org/bugzilla/show_bug.cgi?id=48359 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 11:26:16 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 20:26:16 +0100 Subject: [SEC] [SA38761] Slackware update for openssl Message-ID: <201003031926.o23JQGBi032025@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Slackware update for openssl SECUNIA ADVISORY ID: SA38761 VERIFY ADVISORY: http://secunia.com/advisories/38761/ DESCRIPTION: Slackware has issued an update for openssl. This fixes some vulnerabilities, one of which has unknown impacts and others that can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). For more information: SA28046 SA35128 SA37291 SA38200 SOLUTION: Apply updated packages. Slackware 11.0: ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-0.9.8m-i486-1_slack11.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/openssl-solibs-0.9.8m-i486-1_slack11.0.tgz Slackware 12.0: ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-0.9.8m-i486-1_slack12.0.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/openssl-solibs-0.9.8m-i486-1_slack12.0.tgz Slackware 12.1: ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-0.9.8m-i486-1_slack12.1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/openssl-solibs-0.9.8m-i486-1_slack12.1.tgz Slackware 12.2: ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-0.9.8m-i486-1_slack12.2.tgz ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/openssl-solibs-0.9.8m-i486-1_slack12.2.tgz Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-0.9.8m-i486-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/openssl-solibs-0.9.8m-i486-1_slack13.0.txz Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-0.9.8m-x86_64-1_slack13.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/openssl-solibs-0.9.8m-x86_64-1_slack13.0.txz Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/a/openssl-solibs-0.9.8m-i486-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssl-0.9.8m-i486-1.txz Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/a/openssl-solibs-0.9.8m-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/openssl-0.9.8m-x86_64-1.txz ORIGINAL ADVISORY: SSA:2010-060-02: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049 OTHER REFERENCES: SA28046: http://secunia.com/advisories/28046/ SA35128: http://secunia.com/advisories/35128/ SA37291: http://secunia.com/advisories/37291/ SA38200: http://secunia.com/advisories/38200/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 12:26:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 21:26:31 +0100 Subject: [SEC] [SA38635] DFD Cart Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Message-ID: <201003032026.o23KQVGW021338@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: DFD Cart Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA38635 VERIFY ADVISORY: http://secunia.com/advisories/38635/ DESCRIPTION: Russ McRee has discovered some vulnerabilities in DFD Cart, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to the "category" parameter in your.order.php and to the "category" and "list_quantity" parameters in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. 2) The application allows users to perform certain actions via HTTP requests send to e.g. admin/configure.php without performing any validity checks to verify the request. This can be exploited to e.g. conduct script-insertion attacks and change certain settings by tricking an administrator into visiting a malicious website. The vulnerabilities are confirmed in version 1.197 and 1.198. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not visit other sites while being logged in to DFD Cart. Note: The vendor tried to fix the vulnerabilities in version 1.198. However, the implemented fixes are insufficient. PROVIDED AND/OR DISCOVERED BY: Reported by Russ McRee, HolisticInfoSec via Secunia. ORIGINAL ADVISORY: http://holisticinfosec.org/content/view/135/45/ http://sourceforge.net/projects/dfdcart/files/dfdcart/1.1X/ChangeLog.txt/download ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 13:26:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 22:26:27 +0100 Subject: [SEC] [SA38793] ARISg "errmsg" Cross-Site Scripting Vulnerability Message-ID: <201003032126.o23LQRS9010638@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: ARISg "errmsg" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38793 VERIFY ADVISORY: http://secunia.com/advisories/38793/ DESCRIPTION: Yaniv Miron has reported a vulnerability in ARISg, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "errmsg" parameter to wflogin.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 5.0. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a web proxy. PROVIDED AND/OR DISCOVERED BY: Yaniv Miron aka "Lament" ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 14:20:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 23:20:34 +0100 Subject: [SEC] [SA38784] Modo 401 LXO Processing Buffer Overflow Vulnerability Message-ID: <201003032220.o23MKYxe032222@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Modo 401 LXO Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA38784 VERIFY ADVISORY: http://secunia.com/advisories/38784/ DESCRIPTION: A vulnerability has been discovered in Modo 401, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in valet4.dll when processing LXO files. This can be exploited to change the byte order of multiple 32-bit values placed on the stack and corrupt stack memory via a specially crafted LXO file. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version SP2 build 33252. Other versions may also be affected. SOLUTION: Do not open untrusted LXO files. PROVIDED AND/OR DISCOVERED BY: Diego Juarez and Nadia Rodriguez of Core Security Technologies ORIGINAL ADVISORY: http://www.coresecurity.com/content/luxology-modo-lxo-vulnerability ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 14:41:49 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 23:41:49 +0100 Subject: [SEC] [SA38806] Oracle Siebel CRM Cross-Site Scripting Vulnerability Message-ID: <201003032241.o23MfnMr020001@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Oracle Siebel CRM Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38806 VERIFY ADVISORY: http://secunia.com/advisories/38806/ DESCRIPTION: Yaniv Miron has reported a vulnerability in Oracle Siebel CRM, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to htim_enu/start.swe is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 7.7 and 7.8. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences in a web proxy. PROVIDED AND/OR DISCOVERED BY: Yaniv Miron aka "Lament" ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 14:53:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 3 Mar 2010 23:53:46 +0100 Subject: [SEC] [SA38779] SUSE update for kernel Message-ID: <201003032253.o23Mrk2j007403@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA38779 VERIFY ADVISORY: http://secunia.com/advisories/38779/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes some security issues and some vulnerabilities, which can be exploited by malicious, local users to manipulate certain data, bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA35265 SA37590 SA38133 SA38317 SA38354 SA38502 SOLUTION: Apply updated packages. x86 Platform: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/i586/kernel-debug-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-debug-base-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-debug-extra-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-default-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-default-base-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-default-extra-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-pae-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-pae-base-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-pae-extra-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-source-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-syms-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-trace-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-trace-base-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-trace-extra-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-vanilla-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-xen-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-xen-base-2.6.27.45-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/kernel-xen-extra-2.6.27.45-0.1.1.i586.rpm Platform Independent: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/noarch/kernel-docs-2.6.3-3.13.89.noarch.rpm Power PC Platform: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/ppc/kernel-default-2.6.27.45-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-default-base-2.6.27.45-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-default-extra-2.6.27.45-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-kdump-2.6.27.45-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-ppc64-2.6.27.45-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-ppc64-base-2.6.27.45-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-ppc64-extra-2.6.27.45-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-ps3-2.6.27.45-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-source-2.6.27.45-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-syms-2.6.27.45-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/kernel-vanilla-2.6.27.45-0.1.1.ppc.rpm x86-64 Platform: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-debug-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-debug-base-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-debug-extra-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-default-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-default-base-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-default-extra-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-source-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-syms-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-trace-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-trace-base-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-trace-extra-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-vanilla-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-xen-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-xen-base-2.6.27.45-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/kernel-xen-extra-2.6.27.45-0.1.1.x86_64.rpm Sources: openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/src/kernel-debug-2.6.27.45-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-default-2.6.27.45-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-docs-2.6.3-3.13.89.src.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-kdump-2.6.27.45-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-pae-2.6.27.45-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-ppc64-2.6.27.45-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-ps3-2.6.27.45-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-source-2.6.27.45-0.1.1.src.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-syms-2.6.27.45-0.1.1.src.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-trace-2.6.27.45-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-vanilla-2.6.27.45-0.1.1.nosrc.rpm http://download.opensuse.org/update/11.1/rpm/src/kernel-xen-2.6.27.45-0.1.1.nosrc.rpm Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SLE 11 SERVER Unsupported Extras http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=80a6213807ea086d38599515c9c0b841 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d4c907ff9b89cd0c66b9d486866f47c1 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=819f2769616dd1a69e5544f3406948e1 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5dc7ead89276ca118ce1922fcb5a4da0 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=c7baa6186f556838c901b279f934bf50 SLES 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5bc8b282021bec5a0602dd1e1fb86cc0 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=b6015de562091b64634bc48dd8f9db1a http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=e5c7588310814dc753e7fc885f8955fb http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=1cc9f9878be828ca9494ad136beab1d1 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=8de370e0ec03088da9aa16f31064b5c4 SLED 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5bc8b282021bec5a0602dd1e1fb86cc0 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=8de370e0ec03088da9aa16f31064b5c4 SLE 11 High Availability Extension http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5bc8b282021bec5a0602dd1e1fb86cc0 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=b6015de562091b64634bc48dd8f9db1a http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=e5c7588310814dc753e7fc885f8955fb http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=1cc9f9878be828ca9494ad136beab1d1 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=8de370e0ec03088da9aa16f31064b5c4 SLES 11 DEBUGINFO http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5bc8b282021bec5a0602dd1e1fb86cc0 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=b6015de562091b64634bc48dd8f9db1a http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=e5c7588310814dc753e7fc885f8955fb http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=1cc9f9878be828ca9494ad136beab1d1 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=8de370e0ec03088da9aa16f31064b5c4 ORIGINAL ADVISORY: SUSE-SA:2010:014: http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html OTHER REFERENCES: SA35265: http://secunia.com/advisories/35265/ SA37590: http://secunia.com/advisories/37590/ SA38133: http://secunia.com/advisories/38133/ SA38317: http://secunia.com/advisories/38317/ SA38354: http://secunia.com/advisories/38354/ SA38502: http://secunia.com/advisories/38502/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 15:06:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 00:06:32 +0100 Subject: [SEC] [SA38745] TYPO3 Calendar Base Extension SQL Injection Vulnerability Message-ID: <201003032306.o23N6WeC027262@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: TYPO3 Calendar Base Extension SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38745 VERIFY ADVISORY: http://secunia.com/advisories/38745/ DESCRIPTION: A vulnerability has been reported in the Calendar Base extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 1.3.2. SOLUTION: Update to version 1.3.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Christian Ferbar. ORIGINAL ADVISORY: TYPO3-SA-2010-005: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-005/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 15:20:20 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 00:20:20 +0100 Subject: [SEC] [SA38782] McAfee LinuxShield "nailsd" Authentication Security Issue Message-ID: <201003032320.o23NKKuI014745@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: McAfee LinuxShield "nailsd" Authentication Security Issue SECUNIA ADVISORY ID: SA38782 VERIFY ADVISORY: http://secunia.com/advisories/38782/ DESCRIPTION: Nikolas Sotiriu has reported a security issue in McAfee LinuxShield, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the "nailsd" daemon allowing unprivileged, local users to log in and access administrative functionality. This can be exploited e.g. to change the configuration and to execute arbitrary code with root privileges. The security issue is reported in version 1.5.1. Other versions may also be affected. SOLUTION: Update to version 1.5.1 and install hotfix HF550192. PROVIDED AND/OR DISCOVERED BY: Nikolas Sotiriu (lofi) ORIGINAL ADVISORY: McAfee: https://kc.mcafee.com/corporate/index?page=content&id=SB10007 Nikolas Sotiriu: http://sotiriu.de/adv/NSOADV-2010-004.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 15:41:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 00:41:56 +0100 Subject: [SEC] [SA38762] Debian update for sudo Message-ID: <201003032341.o23NfuQG002529@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Debian update for sudo SECUNIA ADVISORY ID: SA38762 VERIFY ADVISORY: http://secunia.com/advisories/38762/ DESCRIPTION: Debian has issued an update for sudo. This fixes multiple security issues, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA38659 SOLUTION: Apply updated packages. -- Debian (stable) -- Source archives: http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1.diff.gz Size/MD5 checksum: 22997 9980866e257817e8281fd036141ccbd0 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1.dsc Size/MD5 checksum: 1032 fc42a6b45a2e2c114c14cba892635d22 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17.orig.tar.gz Size/MD5 checksum: 593534 60daf18f28e2c1eb7641c4408e244110 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_alpha.deb Size/MD5 checksum: 202898 6737769fc4f1e939c83eb228d29da8ab http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_alpha.deb Size/MD5 checksum: 189978 aed59dbcd7e7c23c5ebd6b76dda367b6 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_amd64.deb Size/MD5 checksum: 200664 a4611f65a8c2184fe6e245f72d0e9cb6 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_amd64.deb Size/MD5 checksum: 188312 e8043d4e7b232ebf10fd56d6a8a271c1 arm architecture (ARM) http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_arm.deb Size/MD5 checksum: 191750 47c1f36f12735a900be955ecd6ffed0c http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_arm.deb Size/MD5 checksum: 179806 e1c1ab5c915082dee797c3d2fa98bf0c armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_armel.deb Size/MD5 checksum: 179692 0435c6dc5dc0875a9213625d0e2e51f8 http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_armel.deb Size/MD5 checksum: 191068 8f167fb52ff3bfba4a22ef713c717b92 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_hppa.deb Size/MD5 checksum: 198430 260964e2ecaa461d87966b56b35972ae http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_hppa.deb Size/MD5 checksum: 185798 976f574ff1e528c4239d081a95e04989 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_i386.deb Size/MD5 checksum: 175988 3d63bc2bc801dbc5ad696a002a250c1f http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_i386.deb Size/MD5 checksum: 187528 70c225149240e5b20eae98ba82404de7 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_ia64.deb Size/MD5 checksum: 235314 df07cd07c083c673f316f541a1fedae6 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_ia64.deb Size/MD5 checksum: 220036 4cb5d2a2a40f14b0c3029208ee15a8be mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_mipsel.deb Size/MD5 checksum: 197290 0ac1420accc8bf5e2272838f04a9f994 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_mipsel.deb Size/MD5 checksum: 185476 3267192f0ae58a354041166b045d46f8 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_powerpc.deb Size/MD5 checksum: 201564 1df785382b20f29de5b212981a3cc9a1 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_powerpc.deb Size/MD5 checksum: 187018 0d09fc441f760770e7d6557d3604d3e4 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_s390.deb Size/MD5 checksum: 186518 0ae97c76541b35b363b045cd8155b3aa http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_s390.deb Size/MD5 checksum: 199606 36ecd912df2c504c49d6db7533f59742 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.9p17-2+lenny1_sparc.deb Size/MD5 checksum: 180918 ae0eb27537d98dad6338b1b4cce891dd http://security.debian.org/pool/updates/main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_sparc.deb Size/MD5 checksum: 192640 9195914dfa0eb2a8306be4cfe88c6ce2 ORIGINAL ADVISORY: DSA-2006-1: http://lists.debian.org/debian-security-announce/2010/msg00046.html OTHER REFERENCES: SA38659: http://secunia.com/advisories/38659/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 3 15:53:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 00:53:24 +0100 Subject: [SEC] [SA38774] libpng Ancillary Chunks "Decompression Bomb" Denial of Service Message-ID: <201003032353.o23NrOci022338@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: libpng Ancillary Chunks "Decompression Bomb" Denial of Service SECUNIA ADVISORY ID: SA38774 VERIFY ADVISORY: http://secunia.com/advisories/38774/ DESCRIPTION: A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the library using large amount of CPU and memory resources when processing certain highly compressed ancillary chunks, which can be exploited to cause a DoS by tricking an application using the library into processing a specially crafted PNG file. The vulnerability is reported in versions prior to 1.0.53, 1.2.43, and 1.4.1. SOLUTION: Update to version 1.0.53, 1.2.43, and 1.4.1 and follow the vendor's instructions to increase protection against the so called "decompression bombs": http://libpng.sourceforge.net/decompression_bombs.html PROVIDED AND/OR DISCOVERED BY: Reported by the PNG Development Group after encountering a malformed image in the wild. ORIGINAL ADVISORY: http://libpng.sourceforge.net/ADVISORY-1.4.1.html http://libpng.sourceforge.net/decompression_bombs.html OTHER REFERENCES: US-CERT VU#576029: https://www.kb.cert.org/vuls/id/576029 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 10:26:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 19:26:46 +0100 Subject: [SEC] [SA38798] Debian update for cups Message-ID: <201003041826.o24IQkJJ013995@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Debian update for cups SECUNIA ADVISORY ID: SA38798 VERIFY ADVISORY: http://secunia.com/advisories/38798/ DESCRIPTION: Debian has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA38789 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8.dsc Size/MD5 checksum: 1837 a511bb4de5c768a4862a55d227a4ff70 http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8.diff.gz Size/MD5 checksum: 189649 82c747daa3ed7bb71e10094a50a0cabd http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8.orig.tar.gz Size/MD5 checksum: 4796827 10efe9825c1a1dcd325be47a6cc21faf Architecture independent packages: http://security.debian.org/pool/updates/main/c/cups/cups-common_1.3.8-1+lenny8_all.deb Size/MD5 checksum: 1181030 11167383d8fa0f8518cb550e4946c109 http://security.debian.org/pool/updates/main/c/cups/cupsys-common_1.3.8-1+lenny8_all.deb Size/MD5 checksum: 52398 15e639e1ac4d44042e5e5245d0670cb9 http://security.debian.org/pool/updates/main/c/cups/cupsys-bsd_1.3.8-1+lenny8_all.deb Size/MD5 checksum: 52398 796f92741e989eac9ba214ede18630d8 http://security.debian.org/pool/updates/main/c/cups/libcupsys2-dev_1.3.8-1+lenny8_all.deb Size/MD5 checksum: 52406 2bce3838eaf23010ab40842e6cd15b64 http://security.debian.org/pool/updates/main/c/cups/cupsys-dbg_1.3.8-1+lenny8_all.deb Size/MD5 checksum: 52398 57ee5c01a3a6b88e9dd73a5fae4052e6 http://security.debian.org/pool/updates/main/c/cups/libcupsys2_1.3.8-1+lenny8_all.deb Size/MD5 checksum: 52398 a57e7e5775ef54f3b173aa78cb56925c http://security.debian.org/pool/updates/main/c/cups/cupsys-client_1.3.8-1+lenny8_all.deb Size/MD5 checksum: 52402 e558bca7e419849e9985fab5b253d541 http://security.debian.org/pool/updates/main/c/cups/cupsys_1.3.8-1+lenny8_all.deb Size/MD5 checksum: 52382 6fb5db2ff939a66c82805069e2673122 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_alpha.deb Size/MD5 checksum: 445498 e4c86a6a0e2956a543432ea47d2b4e4d http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_alpha.deb Size/MD5 checksum: 119902 54fbde6934338f62546a3a9d63366e24 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_alpha.deb Size/MD5 checksum: 108236 b5585a98bb2ba4395aa8b995663eb449 http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_alpha.deb Size/MD5 checksum: 39296 ba38fb23064f0265b08e634c5553680c http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_alpha.deb Size/MD5 checksum: 81528 586baf5c22624b387b17522f9336a62f http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_alpha.deb Size/MD5 checksum: 178786 855af4932cc8c4d8fa79615cfb9268d7 http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_alpha.deb Size/MD5 checksum: 1149260 0655f89a290365b71040ad2ab6d5708e http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_alpha.deb Size/MD5 checksum: 2103240 eb83ee8de10a7bd58918742bd92afb26 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_amd64.deb Size/MD5 checksum: 2072340 d50623c5ddf4a13d88ad72c77b423b7f http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_amd64.deb Size/MD5 checksum: 99958 c80b2253f2bd929eea5fa3e4d630007b http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_amd64.deb Size/MD5 checksum: 1195800 c8fe761855122b595442161dc215685f http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_amd64.deb Size/MD5 checksum: 61016 bd0dbe1b2ea8cd4f4608684c8d175aeb http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_amd64.deb Size/MD5 checksum: 169070 a8cc5fcba2086f06cb475b363dae39d1 http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_amd64.deb Size/MD5 checksum: 401586 d0c2f361b90a7d43a29c1267e41ac013 http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_amd64.deb Size/MD5 checksum: 116782 535933bcbdf17abc8d11d66d6059f398 http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_amd64.deb Size/MD5 checksum: 37256 c48a07f0d0dd59aec4bc88238fe51ea6 arm architecture (ARM) http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_arm.deb Size/MD5 checksum: 1125054 47b869c7af5c841936301dc713aa3bb3 http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_arm.deb Size/MD5 checksum: 2061240 f8f6aec89d4122cd7c0c5f1c80185490 http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_arm.deb Size/MD5 checksum: 113164 862335112c4cec83b6f774a39e3fc2b9 http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_arm.deb Size/MD5 checksum: 155534 3aa347eb9e30df946b834ac016f8d283 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_arm.deb Size/MD5 checksum: 55352 0b8cd0cfc9373f4ab4be9a068868818d http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_arm.deb Size/MD5 checksum: 36474 9925987df33366768ee7ccfa4566e1d4 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_arm.deb Size/MD5 checksum: 97414 d43e5b18042c48ebc6d2a1d4e6c12f2c http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_arm.deb Size/MD5 checksum: 387712 33ece2737438d084d26ac6fc5cd760b9 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_armel.deb Size/MD5 checksum: 157028 3e4149d7b7e7e845bc4d3730404190f3 http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_armel.deb Size/MD5 checksum: 119310 100d72c77beb954a87986af1ecd647c7 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_armel.deb Size/MD5 checksum: 54732 1190d22789b9309f1e78860510301ab3 http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_armel.deb Size/MD5 checksum: 2077838 4a8ff6e73ea9bf9e94ff5825c1174779 http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_armel.deb Size/MD5 checksum: 387602 45a8362c0dc84b4a4c8fdd2e33f80bbc http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_armel.deb Size/MD5 checksum: 98558 c8b588b3ab696cb2e88baf2f5d94741f http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_armel.deb Size/MD5 checksum: 38772 8aacdda63b2ee8cb8a63421931942814 http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_armel.deb Size/MD5 checksum: 1129310 149f6fec84d67a60b62477c37e39d042 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_hppa.deb Size/MD5 checksum: 406772 d1d53dd5d0f75b59024ad7956564f29f http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_hppa.deb Size/MD5 checksum: 39988 5a975486c7cb9f472ee0d45ffd9b3683 http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_hppa.deb Size/MD5 checksum: 172874 4186b6262c3e279a9cc8b77d029e4c1e http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_hppa.deb Size/MD5 checksum: 63140 9039a2811fb6d3945034e4cbf7ffe599 http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_hppa.deb Size/MD5 checksum: 1142920 bc221c80a35f48369d4ecf5db639ab96 http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_hppa.deb Size/MD5 checksum: 2120838 18e3dc2e1e7b4f0446422395c19ffa58 http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_hppa.deb Size/MD5 checksum: 121720 fa37b7429bf9485808067fd67b05da59 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_hppa.deb Size/MD5 checksum: 103158 59ff4ef65704e82c04629a8744c0f8bc i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_i386.deb Size/MD5 checksum: 1097596 fd5c74be5bc03649abba8ebbf77d6451 http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_i386.deb Size/MD5 checksum: 38010 5d2bd65adba678c033e7ca5a29a9d955 http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_i386.deb Size/MD5 checksum: 165576 71ce31f39a6e1e720af95d4e82a88d8b http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_i386.deb Size/MD5 checksum: 60424 0e4cea9daca41e520dbce560b4832d48 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_i386.deb Size/MD5 checksum: 99486 87819be26173976d930461a6577070a5 http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_i386.deb Size/MD5 checksum: 394172 e63cbc2f88f30d3f1b66d1b55c1d169c http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_i386.deb Size/MD5 checksum: 2052542 9454ca978cc4a28481c11a5cdbd33438 http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_i386.deb Size/MD5 checksum: 115942 1f751d318fb9fef7c91b0a9c0c409f9e ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_ia64.deb Size/MD5 checksum: 139102 78b2ab586f3187909d930abd87c3ec84 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_ia64.deb Size/MD5 checksum: 86012 99a615920328daa054cfe62052a93cb7 http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_ia64.deb Size/MD5 checksum: 209294 b01ae496c3cb881f4decc3a4ece08122 http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_ia64.deb Size/MD5 checksum: 2283850 175a894311f8cff9fe650c3baa0b6d46 http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_ia64.deb Size/MD5 checksum: 447802 38383f1f2be111677a79ebfcd247d61d http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_ia64.deb Size/MD5 checksum: 123628 11e9d5f4b78ff50d121d14fdbe6a782b http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_ia64.deb Size/MD5 checksum: 1151580 af7b35bcac465ca8cbabb63651cc2cb2 http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_ia64.deb Size/MD5 checksum: 41284 57e9177cef831639476cc289d8067834 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_mipsel.deb Size/MD5 checksum: 65220 f432b20c68866e83e696aaafeca0ea32 http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_mipsel.deb Size/MD5 checksum: 1158992 129547967aab4dc3a95e89b497828069 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_mipsel.deb Size/MD5 checksum: 99032 f563929513a294d97793f5aba3f0cf15 http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_mipsel.deb Size/MD5 checksum: 110006 7df897c72bb496c1660022be4eb53b4c http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_mipsel.deb Size/MD5 checksum: 403444 5835503a1026ba846954976d3e52cebc http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_mipsel.deb Size/MD5 checksum: 36158 ebdbbdc958b51e851600d688738c8089 http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_mipsel.deb Size/MD5 checksum: 2030710 6aed4a117ee98cfd751204c957ba7c1d http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_mipsel.deb Size/MD5 checksum: 158496 987c55cca3677a14b836597dbb1f0327 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_powerpc.deb Size/MD5 checksum: 105640 ae6a5f63f589ad5bae2d7ecd4be269e1 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_powerpc.deb Size/MD5 checksum: 61094 9d02e8bef845830b2b1e0e920eb0ada0 http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_powerpc.deb Size/MD5 checksum: 135688 6ec7ee1ad2eb2f543d2eff4dea847a41 http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_powerpc.deb Size/MD5 checksum: 43906 8e2a1126f6e4cca776ca13cf7e49625b http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_powerpc.deb Size/MD5 checksum: 174512 52a39e14eda691e3563c3278fcfa25ff http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_powerpc.deb Size/MD5 checksum: 395666 9eca6ef2e6429b4ac2226847c8122758 http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_powerpc.deb Size/MD5 checksum: 2137268 b6cacb0e0051f563ac0a027d3dac8ce0 http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_powerpc.deb Size/MD5 checksum: 1196662 875cce4fd93adff28ef3f696696ac363 s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_s390.deb Size/MD5 checksum: 118590 3cf70157d2a0f74c419c945a9ec65785 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_s390.deb Size/MD5 checksum: 60714 d1a71e6365fb95c20bb9d720b3a5ab32 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_s390.deb Size/MD5 checksum: 101722 71e9684bab935487bc3ff48c69de5ba7 http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_s390.deb Size/MD5 checksum: 37818 bf29d032e9a00e33b62fafda191ceceb http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_s390.deb Size/MD5 checksum: 2093186 3588fb878456ae05781d5467d5a245b3 http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_s390.deb Size/MD5 checksum: 399922 d481af6ea365c4ad436493ce8adb92d7 http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_s390.deb Size/MD5 checksum: 1190826 185c58c1bc4b622fca84715f749eb9bd http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_s390.deb Size/MD5 checksum: 171864 7731f029fa9c052a7ccbefd457a36ede sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/c/cups/libcups2-dev_1.3.8-1+lenny8_sparc.deb Size/MD5 checksum: 395004 782356afcc6dc3f4f9c96cd498a2baf3 http://security.debian.org/pool/updates/main/c/cups/cups_1.3.8-1+lenny8_sparc.deb Size/MD5 checksum: 2071128 d75e27ad18dc7e655aab7be4e6d4be19 http://security.debian.org/pool/updates/main/c/cups/cups-dbg_1.3.8-1+lenny8_sparc.deb Size/MD5 checksum: 1057940 2b5f7135c895f38353916b4e7bcaec83 http://security.debian.org/pool/updates/main/c/cups/cups-client_1.3.8-1+lenny8_sparc.deb Size/MD5 checksum: 116708 2f59a6913340ba69f12bc7d36b354584 http://security.debian.org/pool/updates/main/c/cups/libcups2_1.3.8-1+lenny8_sparc.deb Size/MD5 checksum: 161096 ee6815c329c6c619fcbb9fbb45048895 http://security.debian.org/pool/updates/main/c/cups/cups-bsd_1.3.8-1+lenny8_sparc.deb Size/MD5 checksum: 38870 016788da55547b0ea7cb51870249fb35 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2_1.3.8-1+lenny8_sparc.deb Size/MD5 checksum: 97330 1f6d5116c20a0cb54a41c3bb34a3cc92 http://security.debian.org/pool/updates/main/c/cups/libcupsimage2-dev_1.3.8-1+lenny8_sparc.deb Size/MD5 checksum: 57662 1080e4dbc4db2d41e67e15061246bb42 ORIGINAL ADVISORY: DSA-2007-1: http://lists.debian.org/debian-security-announce/2010/msg00047.html OTHER REFERENCES: SA38789: http://secunia.com/advisories/38789/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 11:26:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 20:26:32 +0100 Subject: [SEC] [SA38828] Fedora update for argyllcms Message-ID: <201003041926.o24JQW3U003284@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for argyllcms SECUNIA ADVISORY ID: SA38828 VERIFY ADVISORY: http://secunia.com/advisories/38828/ DESCRIPTION: Fedora has issued an update for argyllcms. This fixed a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to insecure access rules being set on certain tty devices. This can be exploited to access otherwise restricted content. The security issue is reported in versions prior to 1.0.4-5. SOLUTION: Apply updated packages using the yum utility ("yum update argyllcms"). PROVIDED AND/OR DISCOVERED BY: Reported by David Zeuthen. ORIGINAL ADVISORY: FEDORA-2010-3587: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036443.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 12:26:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 21:26:40 +0100 Subject: [SEC] [SA38822] Dosya Yukle Script Arbitrary File Upload Security Issue Message-ID: <201003042026.o24KQeHZ025001@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Dosya Yukle Script Arbitrary File Upload Security Issue SECUNIA ADVISORY ID: SA38822 VERIFY ADVISORY: http://secunia.com/advisories/38822/ DESCRIPTION: A security issue has been reported in Dosya Yukle Script, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the yukle.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code. The security issue is reported in version 1.0. Other versions may also be reported. SOLUTION: Restrict access to the yukle.php script (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: indoushka ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 13:26:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 22:26:37 +0100 Subject: [SEC] [SA38835] Drupal Multiple Vulnerabilities Message-ID: <201003042126.o24LQbmB014300@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Drupal Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38835 VERIFY ADVISORY: http://secunia.com/advisories/38835/ DESCRIPTION: Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions. 1) Input passed via the "langcode", "name", and "native" parameters in the languages interface while using the Locale module is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer languages" permissions. 2) An error in the handling of certain sessions can be exploited to maintain an open session despite the user being blocked. The vulnerabilities are reported in versions prior to 6.16 and 5.22. NOTE: A weaknesses related to redirection to external sites via the drupal_goto() function was also reported. SOLUTION: Drupal 6.x: Update to version 6.16. http://ftp.drupal.org/files/projects/drupal-6.16.tar.gz Drupal 5.x: Update to version 5.22. http://ftp.drupal.org/files/projects/drupal-5.22.tar.gz PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Justin Klein Keane. 2) The vendor credits Craig A. Hancock. ORIGINAL ADVISORY: SA-CORE-2010-001: http://drupal.org/node/731710 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 14:20:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 23:20:33 +0100 Subject: [SEC] [SA38801] Comptel Provisioning and Activation "error_msg_parameter" Cross-Site Scripting Message-ID: <201003042220.o24MKXpu003463@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Comptel Provisioning and Activation "error_msg_parameter" Cross-Site Scripting SECUNIA ADVISORY ID: SA38801 VERIFY ADVISORY: http://secunia.com/advisories/38801/ DESCRIPTION: thebluegenius has reported a vulnerability in Comptel Provisioning and Activation, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "error_msg_parameter" parameter in index.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: thebluegenius ORIGINAL ADVISORY: http://www.thebluegenius.com/2010/02/comptel-instantlink-xss-vulnerability.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 14:41:43 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 23:41:43 +0100 Subject: [SEC] [SA38777] Joomla MyBlog Component "task" File Inclusion Vulnerability Message-ID: <201003042241.o24MfhTa023642@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Joomla MyBlog Component "task" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA38777 VERIFY ADVISORY: http://secunia.com/advisories/38777/ DESCRIPTION: A vulnerability has been reported in the MyBlog component for Joomla, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "task" parameter in index.php (when "option" is set to "com_myblog") is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. The vulnerability is reported in version 3.0.329. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: DevilZ TM ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/11625 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 14:53:39 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 4 Mar 2010 23:53:39 +0100 Subject: [SEC] [SA38800] Cisco Digital Media Manager Multiple Vulnerabilities Message-ID: <201003042253.o24MrdgR011050@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Cisco Digital Media Manager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38800 VERIFY ADVISORY: http://secunia.com/advisories/38800/ DESCRIPTION: Two vulnerabilities and a security issue have been reported in Cisco Digital Media Manager, which can be exploited by malicious users to gain escalated privileges and disclose sensitive information and by malicious people to compromise a vulnerable system. 1) An unspecified error can be exploited to change the configuration and obtain full access to the device. The vulnerability is reported in versions 5.0.x and 5.1.x. 2) An error exists due to unsafe storage of user credentials in memory and error logs, which can be exploited to view Cisco Digital Media Player user credentials or LDAP credentials. The vulnerability is reported in versions prior to 5.2. Successful exploitation of vulnerabilities #1 and #2 requires authentication. 3) A security issue exists due to default credentials in the underlying Tomcat application, which can be exploited to gain administrative access to the application. The vulnerability is reported in versions prior to 5.2 SOLUTION: Update to version 5.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits the National Australia Bank's Security Assurance team. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmm.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 15:06:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 00:06:38 +0100 Subject: [SEC] [SA38807] OpenSSL Kerberos "kssk_keytab_is_available()" Denial of Service Message-ID: <201003042306.o24N6cwK030908@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: OpenSSL Kerberos "kssk_keytab_is_available()" Denial of Service SECUNIA ADVISORY ID: SA38807 VERIFY ADVISORY: http://secunia.com/advisories/38807/ DESCRIPTION: A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the "kssk_keytab_is_available()" function in ssl/kssl.c not checking the return value of a call to the "krb5_sname_to_principal()" function, which can be exploited to cause a NULL pointer dereference by e.g. sending certain cipher suites within the client hello. Successful exploitation requires that OpenSSL is compiled with Kerberos support and may also depend on the Kerberos version and the setup. SOLUTION: Fixed in the CVS repository. http://cvs.openssl.org/chngview?cn=19374 PROVIDED AND/OR DISCOVERED BY: Todd Rinaldo ORIGINAL ADVISORY: OpenSSL: http://cvs.openssl.org/chngview?cn=19374 Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=567711 https://bugzilla.redhat.com/show_bug.cgi?id=569774 http://www.openwall.com/lists/oss-security/2010/03/03/5 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 15:20:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 00:20:17 +0100 Subject: [SEC] [SA38796] Fcron "fcrontab" Insecure File Access Security Issues Message-ID: <201003042320.o24NKHKH018383@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fcron "fcrontab" Insecure File Access Security Issues SECUNIA ADVISORY ID: SA38796 VERIFY ADVISORY: http://secunia.com/advisories/38796/ DESCRIPTION: Dan Rosenberg has reported some security issues in Fcron, which can be exploited by malicious, local users to disclose sensitive information. The security issues are caused due to race condition errors in the "fcrontab" utility. These can be exploited via symlink attacks to read arbitrary files with Fcron privileges (e.g. fcrontabs and configuration files). The security issues are reported in versions prior to 3.0.5. SOLUTION: Update to version 3.0.5. PROVIDED AND/OR DISCOVERED BY: Dan Rosenberg ORIGINAL ADVISORY: Fcron: http://fcron.free.fr/news.php Dan Rosenberg: http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0095.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 15:41:42 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 00:41:42 +0100 Subject: [SEC] [SA38785] Red Hat update for cups Message-ID: <201003042341.o24Nfgtu006152@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Red Hat update for cups SECUNIA ADVISORY ID: SA38785 VERIFY ADVISORY: http://secunia.com/advisories/38785/ DESCRIPTION: Red Hat has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA37364 SOLUTION: Updated packages are available via Red Hat Network. CHANGELOG: 2010-03-04: Added CVE reference. ORIGINAL ADVISORY: RHSA-2010:0129-1: https://rhn.redhat.com/errata/RHSA-2010-0129.html OTHER REFERENCES: SA37364: http://secunia.com/advisories/37364/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 15:54:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 00:54:09 +0100 Subject: [SEC] [SA38786] Ubuntu update for cups Message-ID: <201003042354.o24Ns9An025997@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Ubuntu update for cups SECUNIA ADVISORY ID: SA38786 VERIFY ADVISORY: http://secunia.com/advisories/38786/ DESCRIPTION: Ubuntu has issued an update for cups. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA37364 SA38789 Note: The impact of CVE-2010-0393 on Ubuntu 8.10, 9.04, and 9.10 is probably limited to a DoS. CVE-2009-3553 and CVE-2010-0302 only affect Ubuntu 8.04 LTS, 8.10, 9.04, and 9.10. SOLUTION: Apply updated packages. -- Ubuntu 6.06 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17.diff.gz Size/MD5: 106482 26e1af0359723f0fe887019ea8973a7e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17.dsc Size/MD5: 1061 400968d3ecf83db01f0a427f10f2998e http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2.orig.tar.gz Size/MD5: 4070384 2c99b8aa4c8dc25c8a84f9c06aa52e3e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-gnutls10_1.2.2-0ubuntu0.6.06.17_all.deb Size/MD5: 998 776cbf76de0fa4da83fa66cac2a2ee9c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 36220 1a0b165edf4aaff4b063ef5ffb44aec3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 81834 6fc3613d660d8193ef5bc8820a7241d9 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 2289018 87d64d2f3a97289ad6b6db57d090ca2d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 6090 85aeada029ad3c01ff7f1e18f9ea9cc2 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 77908 96e28918fdf830eb12336aadedf9f281 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 25740 85b73ffa3c93b1cca0f9421fdaa01cc3 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_amd64.deb Size/MD5: 130734 938995599b4be32a725528c80981fa78 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 34766 47d4bdcf450f6d8d30206c35192f1b7d http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 77930 e830a9300772160fb0a6748da948f246 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 2256104 bcfa53bda3ed0c1e50636e804af11055 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 6094 34a470a2aaff3e3ab10eea29a1bd8200 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 77022 ab3b5c283d4ec643297685c034f1073c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 25748 d5904841e833850731621090c1b88c8c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_i386.deb Size/MD5: 122908 eb39cde640458c67403c00cfd65ea312 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 40474 a47c9a5aad3feee3c9218d32e3f03f85 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 89482 81e3f9ad6e8fe3cb3096b133bfb4fb5b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 2303712 fffb516669489cf38ce5f410b58112af http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 6092 8c6d3af926e6729378b1ba23508e3c6b http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 79548 169e4c3351cf2ef0c99e478d8e2a3a46 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 25740 f0d21ba1ea537495d3953a22999d1dd4 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_powerpc.deb Size/MD5: 128662 98b0c1483cc7021fff335da8d79c67c2 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 35388 1128a347e119ca9525784ed50da5d0ab http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 78684 596751675fee6063e59dab02e7b44543 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 2289934 9bd77e6533b77678840172bcf285c157 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 6096 a11d49069913645b3a947d2dfa6f5f84 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 76832 c1049c92d30205b8032648dfbd90299c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 25744 d2d1088e3744d305b6c90aca7eda4be0 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.2.2-0ubuntu0.6.06.17_sparc.deb Size/MD5: 124486 60a22b1cccb08eaab9847b9e87c59032 -- Ubuntu 8.04 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8.diff.gz Size/MD5: 141577 5cb2a7055c83f2535e6704212c06ea0c http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8.dsc Size/MD5: 1442 d42e1f9c2424210f66acfaeb4ecf293a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7.orig.tar.gz Size/MD5: 4700333 383e556d9841475847da6076c88da467 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-common_1.3.7-1ubuntu3.8_all.deb Size/MD5: 1144392 72c2295be929ac91622921b866586810 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 37522 606cf4d3db841e5c7699af8e6063d28a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 90020 5494f76c3c0aff50e61b0e7065d4fc45 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 1882420 fbf517a3c599b99d5ea8936c09f4a6d6 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 60800 2b3dd2ab96e425ab134602608f0d3530 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 50216 27fb4f492cc7bf62c01a275741d37011 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 345048 0525be5bc4dd045cd78a1b284f98398a http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_amd64.deb Size/MD5: 178536 a044522e561b9b3be73617a175cc399d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 36956 0507d5e834e622f33412109dcb260037 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 88530 244e700f4596074b37c4b7acb984dacc http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 1864902 b6f438dea33b89a9f268d732d670faf1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 60090 e83c89c8fe55e2f2e79d424e4231f8a1 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 49862 97abed0edb9dfbd42e8ba975c424e6d8 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 339414 1e4250fd6c379296cfba76f67ab97465 http://security.ubuntu.com/ubuntu/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_i386.deb Size/MD5: 175410 efdf295f468c419fd957e69f98fd715a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 36660 58ce4787d4d5b43fdc762f21f06bb6bf http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 88834 ea87ff5e386e37ddcd2a3678e85764e5 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 1867016 ba1534fcc9263b70868c4ed449529e25 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 60492 e06a5a3660f9967ec6e0040a486d7362 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 50808 ca0c034e3beff76b902c6471afbd7268 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 337072 bfaa21b082ce3052922a179d522213d4 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_lpia.deb Size/MD5: 174440 8e2dd41e1e07942ee0f53e05c608206a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 46932 a5d83468e8e0269a483c914230768ea3 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 110654 ec3d80099ccbaeb3f0929644f45bbd75 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 1951280 f475ae7f5ae8ad00bc1ebd7c4634c3ae http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 59922 cb7e8e802dfbe515260578f585ee4427 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 54924 234a155df73c7ef047ac3c5c8b2e132a http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 341760 1ada03ee442854916b34f267b1301407 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_powerpc.deb Size/MD5: 184292 e080a077141436e9837682cf5c6e56e1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-bsd_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 38038 15aef403a65149edb1b6e3c87bbcf1e3 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys-client_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 91026 a4ade2e1d03f94b36122a5788f37cc97 http://ports.ubuntu.com/pool/main/c/cupsys/cupsys_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 1899806 de0f0a1899697c7add1960031257c51e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2-dev_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 57822 c2af4acac6a11e98f72703a25b2ebdfc http://ports.ubuntu.com/pool/main/c/cupsys/libcupsimage2_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 48224 cf486639b2c6b6247afe109eb73e30d7 http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2-dev_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 341494 8c21fd99687d9fd49fa97e6c4638338e http://ports.ubuntu.com/pool/main/c/cupsys/libcupsys2_1.3.7-1ubuntu3.8_sparc.deb Size/MD5: 174130 9c878b37d2afd35ee0b50c077490112e -- Ubuntu 8.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5.diff.gz Size/MD5: 331097 6adf07d4858d39e6047a97c0a312901e http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5.dsc Size/MD5: 2044 d77dce1f6e35cabbd18e84a7c7031b0d http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-2ubuntu9.5_all.deb Size/MD5: 1163190 5c0dee3c7fd7541494ff7dc348be8728 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-bsd_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58560 74c932189d98c843872876adc83c989e http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-client_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58568 0666bac83bfb1edcc37931ad25588204 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58562 f524010f0aea453b001b084250bb7063 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58552 a55ec8b8772c680a7413afb1b069ee3e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58574 420d72079939829054f9bb7978375ecd http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-2ubuntu9.5_all.deb Size/MD5: 4536 660fc4e6b26c050504a674aec5e0b8cd http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-2ubuntu9.5_all.deb Size/MD5: 58560 919055c4a196d7cfa5e93a3e73de24f9 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 37296 0640e7fff6aa2dbbc93a839f641e1da0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 119772 fc950280a6a56b99486a29868c65bf9a http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 1688940 84c0da9c505411cd3cbee063687215fa http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 2174144 1bff27592c202999f0fd2705eeb8282e http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 352308 bcdc4e90a86a22e503cf20e492f57e0f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 173636 d477c60212f8098b6e92c2b5ec0b7ee2 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 61320 35baa0391a49f0490f49a97d5c8d57d4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_amd64.deb Size/MD5: 52322 d0caa49b4da1ea3ce447d2fa161d7394 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 36226 1374ff5d461c4aafe2b57822f45c11c6 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 115316 0a8d0a452e3cd7d37eb72a9b4bacd8c8 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 1549000 468b48af21f437e2942d4b447d18d9ef http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 2141316 d117bac8e26451e37827a62749d39b4d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 346096 26576542e0a94b17da8ddd971fbffa90 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 170556 7739c110695754553926fad31463187f http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 60538 5c5832067d06795cbab9e65a885ba240 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_i386.deb Size/MD5: 51720 e7d90e5e4eac150dfd205ac17b686cc8 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 36028 5bfdf3e87b3764eb20c0093fb1de1d3e http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 114504 a4f3e28e6eb86599111687a0f7235c45 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 1577892 6c0014be2e9e878679480239a494e917 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 2138164 0a4c78f2bda571599ecffc75dade8006 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 343092 df67f3a082314f41e14cdf97c35c4668 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 168874 dcdab1a3f91f1f2a91a20d01873545ba http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 60626 27c5b3fec56fcb1d7215fd35dfa31ec1 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_lpia.deb Size/MD5: 52394 5644013cd3dec455b6b6d88b4306d67d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 43566 986c0bd78d2fc4fb5ae76598b24b1a41 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 138118 cc8ece0b9d10792ead1b7902924a6a81 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 1669132 eefc44a29391bb799adc54b6cb412cf3 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 2266096 b798bac78d4f645b90683b3a7901ff4d http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 348056 e9100409aabe02a51ea9fd6c315ab5b6 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 177934 9d812213782055304cc92b4b3ca69894 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 61266 7287aa743d0135c2d16bf29acf9cf915 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_powerpc.deb Size/MD5: 57452 b132aaccd9bcf40dc9ae38783f69c6a6 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 37220 5399de66103270899259960bb9d61345 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 117550 80acdf6867e804b3aa00055737534b57 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 1496764 e434ccdce381acf459b8d387881057d9 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 2202892 bbe3b1587f55b0bd868ce5e6fd4a38e9 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 344914 8a6824c84362ffbf4f9846a65045354a http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 166792 2be506fc868b369e46cf9f9d5fe83e69 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 57854 aef2dd0a14d3a8f01142d78e40ddcb67 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-2ubuntu9.5_sparc.deb Size/MD5: 49804 8d12ec1a43df8c8c40f88082139d2785 -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6.diff.gz Size/MD5: 335789 4f5f61340c4875048c60d69f82dec645 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6.dsc Size/MD5: 1995 e338a99e7a2e02a57415885e285f3bb1 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9.orig.tar.gz Size/MD5: 4809771 e6f2d90491ed050e5ff2104b617b88ea Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.3.9-17ubuntu3.6_all.deb Size/MD5: 1165632 9b0854975cf994bd9233d6469e777e01 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60870 0e74155e761a4d852866bfdac0fb18fb http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsys2-dev_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60876 ad4e2582235225612d6c14e65dbcba3d http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60868 636f7492dabc042d1bc7e11864b38df1 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60872 47806c56c4700090e125496e23d8529c http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.3.9-17ubuntu3.6_all.deb Size/MD5: 4516 0e4d49c326db4af8add9edd88b561ad9 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60856 09bb0b47cf251fde476503402b0d0518 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/libcupsys2_1.3.9-17ubuntu3.6_all.deb Size/MD5: 60866 02b07214f91997c6b4f5d017aff0655e amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 37294 f14e9d6deb8a90dc55ba033dd6932f29 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 119756 b6d1f12fdca56879c84d177280535945 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 1664430 e0829de2955259a1169ca120f0a0a674 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 2170170 47904ff162f68734105645d802262448 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 352252 cff0030f199a0c96accc192e4168339c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 177900 da8f57dc1c56c823d459c12b98e64d2a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 61264 5deccf4e07529b9e4676a83a556cebde http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_amd64.deb Size/MD5: 52226 306d5a5075974aa902c7e10066420efa i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 36230 5d95974ec58afa8d26b10d7b9c46a66b http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 115278 9011610cdad6d618456f508e3fe02107 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 1523946 660619a4cbb8df04bd81354ab6059f6c http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 2136486 7f7dea27d4901a02daf9497bd242e2d9 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 346068 67c31d2afa56164900bb916480386b79 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 174416 c84631d45fd35facbf136270470844d4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 60498 31d407917c749a659835e23c99eef0bb http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_i386.deb Size/MD5: 51542 5026ab999fb97ac800bd185af3a8cff1 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 36022 952070683ed6130fbc8e5531e2142063 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 114500 977d5c00dc13327bc0c9bce453473388 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 1552094 4fecfb548b223615fc7ce88f8fb94264 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 2134028 8dad89838f050c4a375c01ab4b3b2559 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 343052 0139347ae444d4d9f0b9b1420ebfc04f http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 172714 406bb68cba379412650849ea003eb537 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 60668 0a2993f0ac79fc4a91648991be1b0976 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_lpia.deb Size/MD5: 52342 a501ebcafdf48300f5326632ce1b08b6 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 43574 ae6a41699272fc0b360ba6555fd4e7ef http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 138086 95d5d1551240a86de61f4472f8433d01 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 1640174 24942cd5b3e82cb8f700880ace4cb40b http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 2257684 78ff8dc9f337c46ade897f22092939af http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 347984 9663f15cddd48aaa7d389ce1244aebc1 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 183308 1d188a3ea31eaba68b620b8fece8fcd8 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 61306 56306bfa507550c07d02b820380e19c3 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_powerpc.deb Size/MD5: 57406 be85c41fd62fcaf3a28107a1614146d4 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 37218 adeb034eaeadb51fd3723f382cab7b7c http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 117506 7a8039312accd4ce6be1596403616744 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 1468404 c3f80af2a2fc00c590562ea19e6fe9f2 http://ports.ubuntu.com/pool/main/c/cups/cups_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 2203876 b75a1f2918317d00cc1540014c42e8d0 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 344838 5976a1b94be50118b6ddcdc4b40de073 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 170236 262941bf660cc95765b72cf5aa13e14d http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 57860 36426cde9ee4e2e2dc813ba4d0e98f19 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.3.9-17ubuntu3.6_sparc.deb Size/MD5: 49702 590f4b45bf412b2f59d9ad4ea395754c -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4.diff.gz Size/MD5: 414730 d1a0c764ccf1fedd4c3427c45d19a9ca http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4.dsc Size/MD5: 2273 4a8ceed09060814e0cf5070412e06aae http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1.orig.tar.gz Size/MD5: 5287327 4dc8f431ef50752dfd61d9d4959abd06 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-common_1.4.1-5ubuntu2.4_all.deb Size/MD5: 1419910 5ccad7198ba64c4d2e487109d38baf6c http://security.ubuntu.com/ubuntu/pool/main/c/cups/cupsys-dbg_1.4.1-5ubuntu2.4_all.deb Size/MD5: 69572 33961e905c819b2d67c641fa0226596f http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsddk_1.4.1-5ubuntu2.4_all.deb Size/MD5: 69534 04b34f17b2f23a24254d74d266121b10 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-bsd_1.4.1-5ubuntu2.4_all.deb Size/MD5: 69562 f624d2fcb8549771cd920148ba2ace45 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-client_1.4.1-5ubuntu2.4_all.deb Size/MD5: 69574 e0b8e717d5bd0740c7af047debb050f7 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys-common_1.4.1-5ubuntu2.4_all.deb Size/MD5: 4548 45c04ec4b5ef40e7b5a05b97cfff0821 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cupsys_1.4.1-5ubuntu2.4_all.deb Size/MD5: 69554 10ac2f07563d4eb693e27195b7778935 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 36708 60bcfe9509bf6c460a24b32f3dc22f3a http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 120258 31f336e66b77fdb68624eee6c3f6aa86 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 89636 f2300503230b0418b939bbf0acbddd50 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 1909456 70052df26d278ec8fbcb89e92801f59c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 210406 50cf5e47fc69aa59dafcc51fd1ba7aca http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 218936 7f04aa35b965955b0c12566d18dd27bc http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 101856 80b6e20deaa9ec8006b6233daea025c4 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 31586 cac166753bfc5dad29293f69669402fe http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 90190 bdf93f96a315ba2313eb0bc86a24fa2b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 22192 be5b0eba29c355d76aa86db66b328b8c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 61528 bcfe65ac2cd9cfab070635f5ede4482b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 53160 a3cff812c204698c97027c47a2a8032d http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 81196 7fdf8a14125aed96ba11cfad2df8450b http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 15492 406aa3da43f5949e6d062bf117a8656c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 143032 c29bf3ee9e457b0096ada17948d85afb http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 60098 1cd00de7321f747b33a82c06bec69625 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_amd64.deb Size/MD5: 34526 8a2d07f4f318a7fb578aef25a1fa106b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 35470 59752d8fe6b0ab6b4be4bc9553dd67fe http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 115326 24a5ebd4c6b0c9932ec34481bdfc27fd http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 88804 71f3cbd750cb6283dc29cdea5e7b8dd3 http://security.ubuntu.com/ubuntu/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 1867476 93037d1769ff83d77a6da5ed93e82058 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 199428 dc33c5038d26a0b76f1b694598c004a0 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 213030 031bc59c14807b8d6c7347c2a3ba2e8c http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 101048 e751022124d2496ac051280b70e75d88 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 31376 133412f956a2808d74ae62bc73ca6c48 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 90402 4c375adba3718768e98346d10ecfc2ed http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 22060 6969c7f346d155095980d127763e205a http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 60314 6d620c4a4380d7e65c2dcf147c7df896 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 52412 6641e47022e889de1525eaf5c5305eca http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 81106 7e3b8f7ddec3a8a5b8377b0234270268 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 15206 fd9858648c9df78fae4a974955c0e475 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 141568 1db2ce91ffedfa1bbde68b2756cfe389 http://security.ubuntu.com/ubuntu/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 61438 1299d9de795e485872507e21e42b20e5 http://security.ubuntu.com/ubuntu/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_i386.deb Size/MD5: 32824 a7d8171d0f2888bb97f59387b5953db2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 35442 dd26d3e196a3bc1880331dc3821cdbab http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 115178 76977be3cbcb0d5f4a22ada4071188e4 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 88774 6516931d5dce31c51b80f107a6c78f29 http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 1865004 e482b421a57cc75b18d979de2e82fb7a http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 196772 061c86b147f9fdb980e7d40d8e84dabd http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 211440 13a330ef0e77a7f20f0e803140148905 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 100448 17f556fffdb82e83559268361e0eb53f http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 31206 27d0d62e0c989545ed7455f832eb2b25 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 89820 86176d7a6557617ff30aa83bcc875196 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 21778 e04668e8936e1d32e7e33414e570fcee http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 59950 9569de467d24173a0c35b838fea647fc http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 52576 582213e9cde03104f3c1795d06984197 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 81056 c1a6cca183116319ed1a095806cf1c8c http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 15304 21d41f59b097afbd27a12f7c9e877b32 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 141898 15553deba7c1e9c98136330e97b59119 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 62662 ecc362e334c91a0530c356b17e6a2641 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_lpia.deb Size/MD5: 33264 325a9170ecf6cd1dc9f955be9bbc1d24 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 37006 3acbe062b83fdc269964eef5675a89c5 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 121650 74995951c11f700b551f6c8ce2badb23 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 89384 8f0ce2467cda194e493e87369aab765d http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 1930866 ef1a8fd29f47f928b81c785730ce89d9 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 203588 decd7de1cafe69b61d713988fe55af37 http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 223504 f60c1ea0858fd39961852c870c7fce49 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 101020 c0ad517da1a8bc09ccf97903a3ded8c9 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 33348 2424426af873cd4207b8226ebb8490c5 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 89594 9e6125fb851403ef7e80f09840eaa89a http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 22324 a4b8cbb7319e42721479d3092ef23f16 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 60618 01ffa1358e2fb0c5dd307cd8d135c14f http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 55376 fa276276aa683c19b9fc10bf65372347 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 81558 c9060c3ec4eca6ae2ce532f44298e556 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 15790 c857b043bf0bb4ff3dfc0db38de89f99 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 141118 92099a9250e369378fe8287e556b21a7 http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 64954 b7da8579507c4db05cc78df34d289f76 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_powerpc.deb Size/MD5: 34790 964c7ecb9faa3a0b1a115a2a06a66e75 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/c/cups/cups-bsd_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 36068 7ab9b44191ad5078c5f63a521744ca23 http://ports.ubuntu.com/pool/main/c/cups/cups-client_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 117816 2be453254c5f80dc1c353acc62a3c443 http://ports.ubuntu.com/pool/main/c/cups/cups-dbg_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 89232 09f73b5d95d3248b5ecc0393036ddbff http://ports.ubuntu.com/pool/main/c/cups/cups_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 1954238 7f4762af124ba5e650569b6fa2fbb5c7 http://ports.ubuntu.com/pool/main/c/cups/libcups2-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 201516 730d6a0e1428a7165e01a565cc810d8a http://ports.ubuntu.com/pool/main/c/cups/libcups2_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 210594 4f16bfe7a76a1c9cb137401290c4f5c1 http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 102698 fe023955fc4e93236d2ff46b685bc32b http://ports.ubuntu.com/pool/main/c/cups/libcupscgi1_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 31560 4be671eb7500d06a1f949df0d92086e7 http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 89804 3e5dbcf536bc2be0435561b4997c796e http://ports.ubuntu.com/pool/main/c/cups/libcupsdriver1_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 21380 fce9fff2a5bc990ae97cd67569805789 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 58150 e5a43b39220105101c69480fa63075f5 http://ports.ubuntu.com/pool/main/c/cups/libcupsimage2_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 50290 1cf2e270243b8f0a6cc56405a8c5bd94 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 80330 fd1073834591fd282edc82e516d7e533 http://ports.ubuntu.com/pool/main/c/cups/libcupsmime1_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 14380 e00615f5e33b445f214fd1205b1948cb http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1-dev_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 144322 85692c2dcfd49bb0c0e0aad28ccb670c http://ports.ubuntu.com/pool/main/c/cups/libcupsppdc1_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 61450 c809cd1adf184af7e35e60fa9c9c55e3 http://ports.ubuntu.com/pool/universe/c/cups/cups-ppdc_1.4.1-5ubuntu2.4_sparc.deb Size/MD5: 33858 2bddab9378a2a4e3938ce6ed39dc807e ORIGINAL ADVISORY: USN-906-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001054.html OTHER REFERENCES: SA37364: http://secunia.com/advisories/37364/ SA38789: http://secunia.com/advisories/38789/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 16:06:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 01:06:26 +0100 Subject: [SEC] [SA38820] Opera "Content-Length" Processing Buffer Overflow Vulnerability Message-ID: <201003050006.o2506Qx1013420@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Opera "Content-Length" Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA38820 VERIFY ADVISORY: http://secunia.com/advisories/38820/ DESCRIPTION: Marcin Ressel has discovered a vulnerability in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing HTTP responses having a malformed "Content-Length" header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit "Content-Length" value, having the higher 32-bit part negative. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 10.50 for Windows. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links. PROVIDED AND/OR DISCOVERED BY: Marcin Ressel (~echo) Additional information provided by Secunia Research. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 16:20:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 01:20:30 +0100 Subject: [SEC] [SA38778] RCA DCM425 Cable Modem Denial of Service Message-ID: <201003050020.o250KUpN000856@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: RCA DCM425 Cable Modem Denial of Service SECUNIA ADVISORY ID: SA38778 VERIFY ADVISORY: http://secunia.com/advisories/38778/ DESCRIPTION: A vulnerability has been reported in RCA DCM Cable Modem, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the processing of certain packets and can be exploited to reboot an affected device by sending a specially crafted packet to port 80/TCP. SOLUTION: Use the device only in trusted networks. PROVIDED AND/OR DISCOVERED BY: ad0nis ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 16:41:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 01:41:35 +0100 Subject: [SEC] [SA38789] CUPS "lppasswd" Privilege Escalation Vulnerability Message-ID: <201003050041.o250fZWO021081@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: CUPS "lppasswd" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA38789 VERIFY ADVISORY: http://secunia.com/advisories/38789/ DESCRIPTION: A vulnerability has been discovered in CUPS, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the "lppasswd" utility (which may be installed suid root) not properly verifying certain environment variables (e.g. "LOCALEDIR") before using them. This can be exploited to e.g. execute arbitrary code by tricking the utility into using a specially crafted localisation file containing malicious format strings. The vulnerability is confirmed in version 1.3.11. Other versions may also be affected. Note: The manual page for "lppasswd" in version 1.3.11 recommends administrators to change or disable the ownership of the file for security reasons. CUPS 1.4.0, 1.4.1, and 1.4.2 do not install the "lppasswd" utility as suid root by default. SOLUTION: Restrict access to trusted users only. Remove the suid-bit from the "lppasswd" utility. PROVIDED AND/OR DISCOVERED BY: Ubuntu credits Ronald Volgers. CHANGELOG: 2010-03-04: Increased "criticality". ORIGINAL ADVISORY: CUPS: http://www.cups.org/str.php?L3482 Red Hat bug #558460: https://bugzilla.redhat.com/show_bug.cgi?id=558460 USN-906-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-March/001054.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 16:53:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 01:53:18 +0100 Subject: [SEC] [SA38833] VMware ESX Server 4 update for newt, nfs-utils, and glib2 Message-ID: <201003050053.o250rI6C008467@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: VMware ESX Server 4 update for newt, nfs-utils, and glib2 SECUNIA ADVISORY ID: SA38833 VERIFY ADVISORY: http://secunia.com/advisories/38833/ DESCRIPTION: VMware has issued an update for newt, nfs-utils, and glib2 on VMware ESX Server. This fixes a security issue and some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system. For more information: SA32346 SA34267 SA36810 SOLUTION: Apply ESX400-201002404-SG, ESX400-201002407-SG, and ESX400-201002406-SG: https://hostupdate.vmware.com/software/VUM/OFFLINE/release-192-20100228-732240/ESX400-201002001.zip ORIGINAL ADVISORY: VMSA-2010-0004: http://lists.vmware.com/pipermail/security-announce/2010/000082.html OTHER REFERENCES: SA32346: http://secunia.com/advisories/32346/ SA34267: http://secunia.com/advisories/34267/ SA36810: http://secunia.com/advisories/36810/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 17:06:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 02:06:33 +0100 Subject: [SEC] [SA38832] VMware ESX Server Multiple Vulnerabilities Message-ID: <201003050106.o2516Xsu028345@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: VMware ESX Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38832 VERIFY ADVISORY: http://secunia.com/advisories/38832/ DESCRIPTION: VMware has acknowledged some vulnerabilities in VMware ESX Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36425 SA37629 The vulnerabilities are reported in versions 2.5.5, 3.0.3, and 3.5. SOLUTION: Restrict network access to trusted users only. ORIGINAL ADVISORY: VMSA-2010-0004: http://lists.vmware.com/pipermail/security-announce/2010/000082.html OTHER REFERENCES: SA36425: http://secunia.com/advisories/36425/ SA37629: http://secunia.com/advisories/37629/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 17:20:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 02:20:36 +0100 Subject: [SEC] [SA38759] Wt Two Vulnerabilities Message-ID: <201003050120.o251KaSQ015830@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Wt Two Vulnerabilities SECUNIA ADVISORY ID: SA38759 VERIFY ADVISORY: http://secunia.com/advisories/38759/ DESCRIPTION: Two vulnerabilities have been reported in Wt, where one has an unknown impact and the other can be exploited by malicious people to conduct cross-site scripting attacks. 1) Unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site using the library. 2) An unspecified error exists related to processing of UTF-8 encoded data. No further information is currently available. The vulnerabilities are reported in versions prior to 3.1.1. SOLUTION: Update to version 3.1.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 17:41:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 02:41:31 +0100 Subject: [SEC] [SA38834] VMware ESX Server 4 Multiple Vulnerabilities Message-ID: <201003050141.o251fVJ4003586@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: VMware ESX Server 4 Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38834 VERIFY ADVISORY: http://secunia.com/advisories/38834/ DESCRIPTION: VMware has acknowledged some vulnerabilities and security issues in VMware ESX Server, which can be exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), or gain escalated privileges, and by malicious people to poison the DNS cache or cause a DoS. For more information: SA33338 SA35128 SA36425 SA36617 SA36707 SA36866 SA37086 SA37233 SA37426 SA37629 The vulnerabilities are reported in version 4.0. SOLUTION: Restrict network and local access to trusted users only. ORIGINAL ADVISORY: VMSA-2010-0004: http://lists.vmware.com/pipermail/security-announce/2010/000082.html OTHER REFERENCES: SA33338: http://secunia.com/advisories/33338/ SA35128: http://secunia.com/advisories/35128/ SA36425: http://secunia.com/advisories/36425/ SA36617: http://secunia.com/advisories/36617/ SA36707: http://secunia.com/advisories/36707/ SA36866: http://secunia.com/advisories/36866/ SA37086: http://secunia.com/advisories/37086/ SA37233: http://secunia.com/advisories/37233/ SA37426: http://secunia.com/advisories/37426/ SA37629: http://secunia.com/advisories/37629/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 17:53:14 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 02:53:14 +0100 Subject: [SEC] [SA38794] VMware vMA Update for Multiple Packages Message-ID: <201003050153.o251rE7f023390@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: VMware vMA Update for Multiple Packages SECUNIA ADVISORY ID: SA38794 VERIFY ADVISORY: http://secunia.com/advisories/38794/ DESCRIPTION: VMware has issued an update for multiple vMA packages. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or gain escalated privileges, and by malicious people to bypass certain security restrictions, poison the DNS cache, cause a DoS, or compromise a user's system. For more information: SA32127 SA32346 SA33338 SA34079 SA34267 SA34631 SA35128 SA36425 SA36617 SA36707 SA36810 SA36866 SA37086 SA37233 SA37426 SA37629 SOLUTION: Apply vMA 4.0 Patch 3. ORIGINAL ADVISORY: VMSA-2010-0004: http://lists.vmware.com/pipermail/security-announce/2010/000082.html OTHER REFERENCES: SA32127: http://secunia.com/advisories/32127/ SA32346: http://secunia.com/advisories/32346/ SA33338: http://secunia.com/advisories/33338/ SA34079: http://secunia.com/advisories/34079/ SA34267: http://secunia.com/advisories/34267/ SA34631: http://secunia.com/advisories/34631/ SA35128: http://secunia.com/advisories/35128/ SA36425: http://secunia.com/advisories/36425/ SA36617: http://secunia.com/advisories/36617/ SA36707: http://secunia.com/advisories/36707/ SA36810: http://secunia.com/advisories/36810/ SA36866: http://secunia.com/advisories/36866/ SA37086: http://secunia.com/advisories/37086/ SA37233: http://secunia.com/advisories/37233/ SA37426: http://secunia.com/advisories/37426/ SA37629: http://secunia.com/advisories/37629/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 18:06:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 03:06:33 +0100 Subject: [SEC] [SA38831] Drupal Internationalization Module Arbitrary Code Execution Vulnerability Message-ID: <201003050206.o2526XsT010852@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Drupal Internationalization Module Arbitrary Code Execution Vulnerability SECUNIA ADVISORY ID: SA38831 VERIFY ADVISORY: http://secunia.com/advisories/38831/ DESCRIPTION: A vulnerability has been reported in the Internationalization module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. Certain unspecified input is not properly sanitised before being used to translate the text. This can be exploited to execute arbitrary PHP code by passing a malicious string to the input filter. The vulnerability is reported in versions prior to 6.x-1.3 and 5.x-2.6. SOLUTION: Internationalization 6.x: Update to version 6.x-1.3. http://drupal.org/node/731590 Internationalization 5.x: Update to version 5.x-2.6. http://drupal.org/node/731586 PROVIDED AND/OR DISCOVERED BY: The vendor credits sinasquax and Antonio Ospite. ORIGINAL ADVISORY: SA-CONTRIB-2010-022: http://drupal.org/node/731632 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 18:20:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 03:20:32 +0100 Subject: [SEC] [SA38826] Drupal eTracker Module Script Insertion Vulnerability Message-ID: <201003050220.o252KWSe030750@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Drupal eTracker Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA38826 VERIFY ADVISORY: http://secunia.com/advisories/38826/ DESCRIPTION: A vulnerability has been reported in the eTracker module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the URL to unspecified parameters is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 6.x-1.2. SOLUTION: Update to version 6.x-1.2. http://drupal.org/node/731018 PROVIDED AND/OR DISCOVERED BY: The vendor credits Andreas Harder. ORIGINAL ADVISORY: SA-CONTRIB-2010-024: http://drupal.org/node/731682 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 18:41:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 03:41:35 +0100 Subject: [SEC] [SA38825] Drupal Workflow Module Script Insertion Vulnerability Message-ID: <201003050241.o252fZKo018506@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Drupal Workflow Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA38825 VERIFY ADVISORY: http://secunia.com/advisories/38825/ DESCRIPTION: A vulnerability has been reported in the Workflow module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the comment field of the workflow fieldset while using the Token module is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires that users have permissions to change the workflow state of a node and that the "Show a comment field in the workflow section of the editing form" or "Show a comment field in the workflow section of the workflow tab form" options are enabled. The vulnerability is reported in versions prior to 6.x-1.4 and 5.x-2.6. SOLUTION: Workflow 6.x: Update to version 6.x-1.4. http://drupal.org/node/731648 Workflow 5.x: Update to version 5.x-2.6. http://drupal.org/node/731644 PROVIDED AND/OR DISCOVERED BY: The vendor credits George Cassie. ORIGINAL ADVISORY: SA-CONTRIB-2010-023: http://drupal.org/node/731624 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 18:53:17 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 03:53:17 +0100 Subject: [SEC] [SA38803] Gentoo update for sudo Message-ID: <201003050253.o252rHQo005890@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Gentoo update for sudo SECUNIA ADVISORY ID: SA38803 VERIFY ADVISORY: http://secunia.com/advisories/38803/ DESCRIPTION: Gentoo has issued an update for sudo. This fixes multiple security issues, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA38659 SOLUTION: Update to "app-admin/sudo-1.7.2_p4" or later. ORIGINAL ADVISORY: GLSA 201003-01: http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml OTHER REFERENCES: SA38659: http://secunia.com/advisories/38659/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 19:09:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 04:09:09 +0100 Subject: [SEC] [SA38799] Cisco Digital Media Player Content Injection Vulnerability Message-ID: <201003050309.o25399R3026178@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Cisco Digital Media Player Content Injection Vulnerability SECUNIA ADVISORY ID: SA38799 VERIFY ADVISORY: http://secunia.com/advisories/38799/ DESCRIPTION: A vulnerability has been reported in Cisco Digital Media Player, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an unspecified error, which can be exploited to inject video or data content into a remote display. The vulnerability is reported in Cisco Digital Media Player versions prior to 5.2. SOLUTION: Software updates are available via the regular update channels. PROVIDED AND/OR DISCOVERED BY: The vendor credits the National Australia Bank's Security Assurance team. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmp.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 19:20:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 04:20:22 +0100 Subject: [SEC] [SA38827] Fedora update for automake Message-ID: <201003050320.o253KMAH013546@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for automake SECUNIA ADVISORY ID: SA38827 VERIFY ADVISORY: http://secunia.com/advisories/38827/ DESCRIPTION: Fedora has issued an update for automake. This fixes a security issue, which can be exploited by malicious, local users to manipulate certain data. For more information: SA37814 SOLUTION: Apply updated packages via the yum utility. Automake 1.4: "yum update automake14" Automake 1.5: "yum update automake15" Automake 1.6: "yum update automake16" Automake 1.7: "yum update automake17" ORIGINAL ADVISORY: FEDORA-2010-1148: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036439.html FEDORA-2010-1174: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036426.html FEDORA-2010-1718: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036419.html FEDORA-2010-3520: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036347.html FEDORA-2010-3563: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036413.html FEDORA-2010-3569: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036423.html FEDORA-2010-3573: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036428.html FEDORA-2010-3591: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036447.html OTHER REFERENCES: SA37814: http://secunia.com/advisories/37814/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 19:41:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 04:41:23 +0100 Subject: [SEC] [SA38754] Cisco Unified Communications Manager Denial of Service Vulnerabilities Message-ID: <201003050341.o253fNYX001284@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA38754 VERIFY ADVISORY: http://secunia.com/advisories/38754/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the processing of SCCP packets can be exploited to disrupt voice services via a specially crafted SCCP message. 2) An additional error in the processing of SCCP packets can be exploited to disrupt voice services via a specially crafted SCCP message. 3) Two errors in the processing of SIP messages can be exploited to disrupt voice services via a specially crafted SIP message. 4) An error in the CTI Manager can be exploited to interrupt CTI applications via a specially crafted packet sent to TCP port 2748. Please see the vendor's advisory for details on affected versions. SOLUTION: Cisco Unified Communications Manager 4.x: Update to version 4.3(2)SR2. Cisco Unified Communications Manager 6.x: Update to version 6.1(5). Cisco Unified Communications Manager 7.x: Update to version 7.1(3b)SU2. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Sipera VIPER Lab. 2-4) Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml OTHER REFERENCES: http://www.cisco.com/warp/public/707/cisco-amb-20100303-cucm.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 19:53:22 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 04:53:22 +0100 Subject: [SEC] [SA38781] Red Hat update for java-1.5.0-ibm Message-ID: <201003050353.o253rMQf021129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.5.0-ibm SECUNIA ADVISORY ID: SA38781 VERIFY ADVISORY: http://secunia.com/advisories/38781/ DESCRIPTION: Red Hat has issued an update for java-1.5.0-ibm. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data. For more information: SA38355 SOLUTION: Updated packages are available via Red Hat Network. http://rhn.redhat.com ORIGINAL ADVISORY: RHSA-2010:0130-1: https://rhn.redhat.com/errata/RHSA-2010-0130.html OTHER REFERENCES: SA38355: http://secunia.com/advisories/38355/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 20:06:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 05:06:24 +0100 Subject: [SEC] [SA38829] Fedora update for wireshark Message-ID: <201003050406.o2546OMm008569@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for wireshark SECUNIA ADVISORY ID: SA38829 VERIFY ADVISORY: http://secunia.com/advisories/38829/ DESCRIPTION: Fedora has issued an update for wireshark. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. For more information: SA38257 SOLUTION: Apply updated packages using the yum utility ("yum update wireshark"). ORIGINAL ADVISORY: FEDORA-2010-3556: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036415.html OTHER REFERENCES: SA38257: http://secunia.com/advisories/38257/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 4 20:41:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 05:41:26 +0100 Subject: [SEC] [SA38824] Cisco Unified Communications Manager 5 Denial of Service Vulnerabilities Message-ID: <201003050441.o254fQ20016225@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager 5 Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA38824 VERIFY ADVISORY: http://secunia.com/advisories/38824/ DESCRIPTION: Some vulnerabilities have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA38754 The vulnerabilities are reported in all 5.x versions. SOLUTION: Cisco Unified Communications Manager 5.1 reached the End of Software Maintenance on 2010-02-13. Upgrade to a supported version of Cisco Unified Communications Manager. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml OTHER REFERENCES: Cisco: http://www.cisco.com/warp/public/707/cisco-amb-20100303-cucm.shtml SA38754: http://secunia.com/advisories/38754/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 10:26:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 19:26:31 +0100 Subject: [SEC] [SA38857] OpenPNE Security Bypass Security Issue Message-ID: <201003051826.o25IQVEN003454@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: OpenPNE Security Bypass Security Issue SECUNIA ADVISORY ID: SA38857 VERIFY ADVISORY: http://secunia.com/advisories/38857/ DESCRIPTION: A security issue has been reported in OpenPNE, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error within the authentication mechanism, which can be exploited to bypass the authentication by supplying certain unspecified input. The security issue is reported in version 2.14.4. Other versions may also be affected. SOLUTION: Update to version 2.14.4.1 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.openpne.jp/archives/4612/ OTHER REFERENCES: JVN: http://jvn.jp/jp/JVN06874657/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 11:26:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 20:26:28 +0100 Subject: [SEC] [SA38853] VLC Media Player Bookmark Handling Memory Corruption Message-ID: <201003051926.o25JQS1o025174@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: VLC Media Player Bookmark Handling Memory Corruption SECUNIA ADVISORY ID: SA38853 VERIFY ADVISORY: http://secunia.com/advisories/38853/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a race condition error when creating bookmarks and can be exploited to corrupt memory by tricking a user into creating a bookmark while playing a specially crafted file. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 1.0.5. Other versions may also be affected. SOLUTION: Do not play untrusted files and/or do not use the bookmark feature. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic ORIGINAL ADVISORY: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 12:26:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 21:26:32 +0100 Subject: [SEC] [SA38855] BBSXP Cross-Site Scripting Vulnerability Message-ID: <201003052026.o25KQWPd014486@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: BBSXP Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38855 VERIFY ADVISORY: http://secunia.com/advisories/38855/ DESCRIPTION: liscker has discovered a vulnerability in BBSXP, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after e.g. AddPost.asp, AddTopic.asp, Admin_Default.asp, Bank.asp, Manage.asp, and ShowPost.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. The vulnerability is confirmed in version 2008 SP2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: liscker ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-03/0049.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 13:26:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 22:26:33 +0100 Subject: [SEC] [SA38844] CSS Web Installer ActiveX Control Buffer Overflow Vulnerabilities Message-ID: <201003052126.o25LQX9S003782@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: CSS Web Installer ActiveX Control Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA38844 VERIFY ADVISORY: http://secunia.com/advisories/38844/ DESCRIPTION: Multiple vulnerabilities have been discovered in CSS Web Installer ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors when parsing arguments to the "InstallProduct()", "InstallProduct1()", and "InstallProduct2()" methods. This can be exploited to cause heap-based and stack-based buffer overflows via overly long arguments. Successful exploitation allows execution of arbitrary code. The vulnerabilities are confirmed in version 1.4.0.20327 and at least one is also reported in version 1.4.9508.605. Other versions may also be affected. SOLUTION: Set the kill-bit for the ActiveX control. PROVIDED AND/OR DISCOVERED BY: Nikolas Sotiriu Additional information provided by Secunia Research. ORIGINAL ADVISORY: http://sotiriu.de/adv/NSOADV-2010-006.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 14:20:36 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 23:20:36 +0100 Subject: [SEC] [SA38749] ePublisher WebWorks Help Cross-Site Scripting Vulnerabilities Message-ID: <201003052220.o25MKa8g025376@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: ePublisher WebWorks Help Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA38749 VERIFY ADVISORY: http://secunia.com/advisories/38749/ DESCRIPTION: Some vulnerabilities have been reported in ePublisher, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via URL parameters is not properly sanitised within the WebWorks Help files wwhsec.htm, wwhelp\wwhimpl\api.htm, wwhelp\wwhimpl, \common\html\frameset.htm, and wwhelp\wwhimpl\common\scripts\switch.js before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site using WebWorks Help 5.0. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply the patches and re-sync affected projects with the updated Stationery (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Alex Kouzemtchenko, stratsec. ORIGINAL ADVISORY: WebWorks: http://www.webworks.com/Security/2009-0001/ stratsec: http://www.stratsec.net/files/SS-09-001-Stratsec-VMWare%20WebWorks%20XSS%20Advisory%20v1.0.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 14:41:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 23:41:37 +0100 Subject: [SEC] [SA38854] J. River Media Jukebox MP3 Processing Buffer Overflow Message-ID: <201003052241.o25Mfbwo013136@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: J. River Media Jukebox MP3 Processing Buffer Overflow SECUNIA ADVISORY ID: SA38854 VERIFY ADVISORY: http://secunia.com/advisories/38854/ DESCRIPTION: Gjoko 'LiquidWorm' Krstic has discovered a vulnerability in J. River Media Jukebox, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error when processing MP3 files and can be exploited to cause a heap-based buffer overflow. The vulnerability is confirmed in version 12. Other versions may also be affected. SOLUTION: Do not open untrusted MP3 files. PROVIDED AND/OR DISCOVERED BY: Gjoko 'LiquidWorm' Krstic ORIGINAL ADVISORY: http://zeroscience.mk/en/vulnerabilities/ZSL-2010-4930.php ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 14:53:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 5 Mar 2010 23:53:30 +0100 Subject: [SEC] [SA38819] smartplugs "domain" SQL Injection Vulnerability Message-ID: <201003052253.o25MrUIA000499@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: smartplugs "domain" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38819 VERIFY ADVISORY: http://secunia.com/advisories/38819/ DESCRIPTION: Easy Laster has reported a vulnerability in smartplugs, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "domain" parameter in showplugs.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. SOLUTION: Reportedly, the vendor has released a hotfix, which fixes this vulnerability. Contact the vendor for more details. PROVIDED AND/OR DISCOVERED BY: Easy Laster ORIGINAL ADVISORY: http://4004securityproject.wordpress.com/2010/03/03/smartplugs-1-3-sql-injection-showplugs-php/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 15:06:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Mar 2010 00:06:34 +0100 Subject: [SEC] [SA38842] CA SiteMinder WebWorks Help Cross-Site Scripting Vulnerabilities Message-ID: <201003052306.o25N6YXh020413@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: CA SiteMinder WebWorks Help Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA38842 VERIFY ADVISORY: http://secunia.com/advisories/38842/ DESCRIPTION: Some vulnerabilities have been reported in CA SiteMinder, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA38749 The vulnerabilities are reported in CA SiteMinder releases 6.0 SP4 and prior. SOLUTION: Update to the latest service pack for SiteMinder 6.0 and remove older versions of the product documentation from servers. ORIGINAL ADVISORY: CA20100304-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=230857 OTHER REFERENCES: SA38749: http://secunia.com/advisories/38749/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 15:20:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Mar 2010 00:20:35 +0100 Subject: [SEC] [SA38823] Lotus Notes OLE File Parsing Integer Overflow Vulnerability Message-ID: <201003052320.o25NKZXp007904@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Lotus Notes OLE File Parsing Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA38823 VERIFY ADVISORY: http://secunia.com/advisories/38823/ DESCRIPTION: iDefense Labs has reported a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA38797 SOLUTION: Do not view untrusted OLE files in Lotus Notes. PROVIDED AND/OR DISCOVERED BY: Joshua J. Drake, iDefense Labs. ORIGINAL ADVISORY: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858 OTHER REFERENCES: SA38797: http://secunia.com/advisories/38797/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 15:41:54 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Mar 2010 00:41:54 +0100 Subject: [SEC] [SA38815] Avaya Products Firefox Multiple Vulnerabilities Message-ID: <201003052341.o25NfsSB028094@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Avaya Products Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38815 VERIFY ADVISORY: http://secunia.com/advisories/38815/ DESCRIPTION: Avaya has acknowledged some vulnerabilities in Avaya products, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system. For more information: SA38655 SOLUTION: The vendor recommends that local and network access to the affected systems be restricted until an update is available. ORIGINAL ADVISORY: ASA-2010-058: http://support.avaya.com/css/P8/documents/100075139 OTHER REFERENCES: SA38655: http://secunia.com/advisories/38655/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 15:53:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Mar 2010 00:53:48 +0100 Subject: [SEC] [SA38797] Autonomy KeyView OLE File Parsing Integer Overflow Vulnerability Message-ID: <201003052353.o25Nrm0x015507@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Autonomy KeyView OLE File Parsing Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA38797 VERIFY ADVISORY: http://secunia.com/advisories/38797/ DESCRIPTION: iDefense Labs has reported a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by an integer overflow error in kvolefio.dll when parsing OLE files and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 10.5. Other versions may also be affected. SOLUTION: Do not open OLE files in applications using the vulnerable library. PROVIDED AND/OR DISCOVERED BY: Joshua J. Drake, iDefense Labs. ORIGINAL ADVISORY: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 16:08:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Mar 2010 01:08:24 +0100 Subject: [SEC] [SA38847] SUSE update for MozillaFirefox and seamonkey Message-ID: <201003060008.o2608O5O003025@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox and seamonkey SECUNIA ADVISORY ID: SA38847 VERIFY ADVISORY: http://secunia.com/advisories/38847/ DESCRIPTION: SUSE has issued an update for MozillaFirefox and seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system. For more information: SA37242 SOLUTION: Apply updated packages. x86 Platform: openSUSE 11.2: http://download.opensuse.org/debug/update/11.2/rpm/i586/MozillaFirefox-debuginfo-3.5.8-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/MozillaFirefox-debugsource-3.5.8-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/mozilla-xulrunner191-debuginfo-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/mozilla-xulrunner191-debugsource-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/mozilla-xulrunner191-devel-debuginfo-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/mozilla-xulrunner191-gnomevfs-debuginfo-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/mozilla-xulrunner191-kde4-debuginfo-0.6-0.1.2.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/mozilla-xulrunner191-kde4-debugsource-0.6-0.1.2.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/python-xpcom191-debuginfo-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/seamonkey-debuginfo-2.0.3-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.2/rpm/i586/seamonkey-debugsource-2.0.3-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/MozillaFirefox-3.5.8-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/MozillaFirefox-branding-upstream-3.5.8-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/MozillaFirefox-translations-common-3.5.8-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/MozillaFirefox-translations-other-3.5.8-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-devel-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-gnomevfs-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-kde4-0.6-0.1.2.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-translations-common-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/mozilla-xulrunner191-translations-other-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/python-xpcom191-1.9.1.8-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/seamonkey-2.0.3-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/seamonkey-dom-inspector-2.0.3-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/seamonkey-irc-2.0.3-0.1.1.i586.rpm http://download.opensuse.org/update/11.2/rpm/i586/seamonkey-venkman-2.0.3-0.1.1.i586.rpm openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/i586/MozillaFirefox-debuginfo-3.0.18-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/MozillaFirefox-debugsource-3.0.18-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.i586.rpm http://download.opensuse.org/debug/update/11.1/rpm/i586/mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/MozillaFirefox-3.0.18-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/MozillaFirefox-branding-upstream-3.0.18-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/MozillaFirefox-translations-3.0.18-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner190-1.9.0.18-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner190-devel-1.9.0.18-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/mozilla-xulrunner190-translations-1.9.0.18-0.1.1.i586.rpm http://download.opensuse.org/update/11.1/rpm/i586/python-xpcom190-1.9.0.18-0.1.1.i586.rpm openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/i586/MozillaFirefox-debuginfo-3.0.18-0.1.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/MozillaFirefox-debugsource-3.0.18-0.1.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/mozilla-xulrunner190-debugsource-1.9.0.18-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/MozillaFirefox-3.0.18-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/MozillaFirefox-translations-3.0.18-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190-1.9.0.18-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190-devel-1.9.0.18-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/mozilla-xulrunner190-translations-1.9.0.18-0.1.i586.rpm Power PC Platform: openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/ppc/MozillaFirefox-debuginfo-3.0.18-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/MozillaFirefox-debugsource-3.0.18-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.ppc.rpm http://download.opensuse.org/debug/update/11.1/rpm/ppc/mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/MozillaFirefox-3.0.18-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/MozillaFirefox-branding-upstream-3.0.18-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/MozillaFirefox-translations-3.0.18-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner190-1.9.0.18-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner190-devel-1.9.0.18-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/mozilla-xulrunner190-translations-1.9.0.18-0.1.1.ppc.rpm http://download.opensuse.org/update/11.1/rpm/ppc/python-xpcom190-1.9.0.18-0.1.1.ppc.rpm openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/ppc/MozillaFirefox-debuginfo-3.0.18-0.1.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/MozillaFirefox-debugsource-3.0.18-0.1.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/mozilla-xulrunner190-debugsource-1.9.0.18-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/MozillaFirefox-3.0.18-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/MozillaFirefox-translations-3.0.18-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190-1.9.0.18-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190-64bit-1.9.0.18-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190-devel-1.9.0.18-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190-gnomevfs-64bit-1.9.0.18-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190-translations-1.9.0.18-0.1.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/mozilla-xulrunner190-translations-64bit-1.9.0.18-0.1.ppc.rpm x86-64 Platform: openSUSE 11.2: http://download.opensuse.org/debug/update/11.2/rpm/x86_64/MozillaFirefox-debuginfo-3.5.8-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/MozillaFirefox-debugsource-3.5.8-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/mozilla-xulrunner191-debuginfo-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/mozilla-xulrunner191-debuginfo-32bit-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/mozilla-xulrunner191-debugsource-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/mozilla-xulrunner191-devel-debuginfo-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/mozilla-xulrunner191-gnomevfs-debuginfo-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/mozilla-xulrunner191-gnomevfs-debuginfo-32bit-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/mozilla-xulrunner191-kde4-debuginfo-0.6-0.1.2.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/mozilla-xulrunner191-kde4-debugsource-0.6-0.1.2.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/python-xpcom191-debuginfo-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/seamonkey-debuginfo-2.0.3-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.2/rpm/x86_64/seamonkey-debugsource-2.0.3-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaFirefox-3.5.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaFirefox-branding-upstream-3.5.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaFirefox-translations-common-3.5.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/MozillaFirefox-translations-other-3.5.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-32bit-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-devel-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-gnomevfs-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-gnomevfs-32bit-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-kde4-0.6-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-translations-common-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/mozilla-xulrunner191-translations-other-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/python-xpcom191-1.9.1.8-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/seamonkey-2.0.3-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/seamonkey-dom-inspector-2.0.3-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/seamonkey-irc-2.0.3-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.2/rpm/x86_64/seamonkey-venkman-2.0.3-0.1.1.x86_64.rpm openSUSE 11.1: http://download.opensuse.org/debug/update/11.1/rpm/x86_64/MozillaFirefox-debuginfo-3.0.18-0.1.2.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/MozillaFirefox-debugsource-3.0.18-0.1.2.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/mozilla-xulrunner190-debuginfo-32bit-1.9.0.18-0.1.1.x86_64.rpm http://download.opensuse.org/debug/update/11.1/rpm/x86_64/mozilla-xulrunner190-debugsource-1.9.0.18-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaFirefox-3.0.18-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaFirefox-branding-upstream-3.0.18-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/MozillaFirefox-translations-3.0.18-0.1.2.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner190-1.9.0.18-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner190-32bit-1.9.0.18-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner190-devel-1.9.0.18-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner190-translations-1.9.0.18-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.1.x86_64.rpm http://download.opensuse.org/update/11.1/rpm/x86_64/python-xpcom190-1.9.0.18-0.1.1.x86_64.rpm openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/x86_64/mozilla-xulrunner190-debuginfo-1.9.0.18-0.1.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/mozilla-xulrunner190-debugsource-1.9.0.18-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/MozillaFirefox-3.0.18-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/MozillaFirefox-translations-3.0.18-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner190-1.9.0.18-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner190-32bit-1.9.0.18-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner190-devel-1.9.0.18-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner190-gnomevfs-1.9.0.18-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner190-gnomevfs-32bit-1.9.0.18-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner190-translations-1.9.0.18-0.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/mozilla-xulrunner190-translations-32bit-1.9.0.18-0.1.x86_64.rpm Sources: openSUSE 11.2: http://download.opensuse.org/update/11.2/rpm/src/MozillaFirefox-3.5.8-0.1.1.src.rpm http://download.opensuse.org/update/11.2/rpm/src/mozilla-xulrunner191-1.9.1.8-0.1.1.src.rpm http://download.opensuse.org/update/11.2/rpm/src/mozilla-xulrunner191-kde4-0.6-0.1.2.src.rpm http://download.opensuse.org/update/11.2/rpm/src/seamonkey-2.0.3-0.1.1.src.rpm openSUSE 11.1: http://download.opensuse.org/update/11.1/rpm/src/MozillaFirefox-3.0.18-0.1.1.src.rpm http://download.opensuse.org/update/11.1/rpm/src/MozillaFirefox-3.0.18-0.1.2.src.rpm http://download.opensuse.org/update/11.1/rpm/src/mozilla-xulrunner190-1.9.0.18-0.1.1.src.rpm openSUSE 11.0: http://download.opensuse.org/update/11.0/rpm/src/MozillaFirefox-3.0.18-0.1.src.rpm http://download.opensuse.org/update/11.0/rpm/src/mozilla-xulrunner190-1.9.0.18-0.1.src.rpm Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web: SLE SDK 10 SP3 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=630708f048967bcbe3d7e12e91204fcf http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d41075930b3e4dc43019336480f6a248 SUSE Linux Enterprise Server 10 SP3 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=630708f048967bcbe3d7e12e91204fcf http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d41075930b3e4dc43019336480f6a248 SUSE Linux Enterprise Desktop 10 SP3 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=630708f048967bcbe3d7e12e91204fcf http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=d41075930b3e4dc43019336480f6a248 SLE SDK 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=2755cbbc26038704cb28fe5609654649 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=92493341108c831de901f98149d82c69 SUSE Linux Enterprise Server 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=2755cbbc26038704cb28fe5609654649 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=92493341108c831de901f98149d82c69 SUSE Linux Enterprise Desktop 10 SP2 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=2755cbbc26038704cb28fe5609654649 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=92493341108c831de901f98149d82c69 SLES 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=deb36b8154e27ded345f064786253ca1 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5c9ba6a33f35e3ab788cbbefde6cf8a6 SLED 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=deb36b8154e27ded345f064786253ca1 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5c9ba6a33f35e3ab788cbbefde6cf8a6 SLE 11 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=deb36b8154e27ded345f064786253ca1 http://download.novell.com/index.jsp?search=Search&set_restricted=true&keywords=5c9ba6a33f35e3ab788cbbefde6cf8a6 ORIGINAL ADVISORY: SUSE-SA:2010:015: http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00001.html OTHER REFERENCES: SA37242: http://secunia.com/advisories/37242/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Mar 5 16:21:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 6 Mar 2010 01:21:09 +0100 Subject: [SEC] [SA38809] Symantec Products OLE File Parsing Integer Overflow Vulnerability Message-ID: <201003060021.o260L9cN022871@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Symantec Products OLE File Parsing Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA38809 VERIFY ADVISORY: http://secunia.com/advisories/38809/ DESCRIPTION: iDefense Labs has reported a vulnerability in various Symantec products, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA38797 SOLUTION: Please see the vendor's advisory for a list of fixes. PROVIDED AND/OR DISCOVERED BY: Joshua J. Drake, iDefense Labs. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20100304_00 iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=858 OTHER REFERENCES: SA38797: http://secunia.com/advisories/38797/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 10:27:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Mar 2010 19:27:27 +0100 Subject: [SEC] [SA38849] Ubuntu update for gnome-screensaver Message-ID: <201003081827.o28IRRuf004666@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Ubuntu update for gnome-screensaver SECUNIA ADVISORY ID: SA38849 VERIFY ADVISORY: http://secunia.com/advisories/38849/ DESCRIPTION: Ubuntu has issued an update for gnome-screensaver. This fixes a weakness, which can be exploited by malicious people with physical access to bypass certain security restrictions. For more information: SA38565 SOLUTION: Apply updated packages. -- Ubuntu 8.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu2.1.diff.gz Size/MD5: 9612 6be699dcee9fece9c466a64e792cce73 http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu2.1.dsc Size/MD5: 1876 a01ab7300a5da151236e9a21916923e6 http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0.orig.tar.gz Size/MD5: 2351712 bc9a89cc8a146b88dd844a212f1d7b7c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu2.1_amd64.deb Size/MD5: 1555572 7a7f89ace5e54f72090b7fcedb086db3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu2.1_i386.deb Size/MD5: 1538164 fa835001734e052ce9a11564efe56e03 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu2.1_lpia.deb Size/MD5: 1537264 a726d038c71545341afdb2a224c24905 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu2.1_powerpc.deb Size/MD5: 1563500 f8b0c692c4fc204599a727eb2c9624e6 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu2.1_sparc.deb Size/MD5: 1547504 91dd1e6cd5f574bda3cda18af09f3d49 -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu6.1.diff.gz Size/MD5: 11343 c73c5f68b94850272966c41dc2597353 http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu6.1.dsc Size/MD5: 1879 07c2b16b0109989db32c0334be335914 http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0.orig.tar.gz Size/MD5: 2351712 bc9a89cc8a146b88dd844a212f1d7b7c amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu6.1_amd64.deb Size/MD5: 1448284 8c6d47094ae8cb9c08a07cbfec8e4816 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu6.1_i386.deb Size/MD5: 1431876 484dad84cabe56534c4b71ef41efd588 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu6.1_lpia.deb Size/MD5: 1431312 f8094316f1272daea3e3c1efd92902d4 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu6.1_powerpc.deb Size/MD5: 1457084 7182af1a4f434a7105b3e5b82a4dfa6f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.24.0-0ubuntu6.1_sparc.deb Size/MD5: 1441116 0cb7171c755238f3e916594c664d3621 -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.5.diff.gz Size/MD5: 15733 83ebe53647460755684705710e36e896 http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.5.dsc Size/MD5: 1757 6009f51f8967671d5e19cfc31d6394e5 http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0.orig.tar.gz Size/MD5: 5069053 cdf328a0443a3cc30b4b2b36d9a99236 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.5_amd64.deb Size/MD5: 4186276 0de4fd7dbe92652da6abb4a0da360ca7 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.5_i386.deb Size/MD5: 4169778 806e2cea1aec193ce6eb8dd6b3f0b463 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.5_lpia.deb Size/MD5: 4170634 dda9049c711b0344a92e8e0862fccbb1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.5_powerpc.deb Size/MD5: 4180178 ec0f991d3cebdf2d3d89a369acfa9536 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/g/gnome-screensaver/gnome-screensaver_2.28.0-0ubuntu3.5_sparc.deb Size/MD5: 4178644 a2c8b28772363b5cbda5c14865b8ed49 ORIGINAL ADVISORY: USN-907-1: http://www.ubuntu.com/usn/USN-907-1 OTHER REFERENCES: SA38565: http://secunia.com/advisories/38565/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 11:27:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Mar 2010 20:27:00 +0100 Subject: [SEC] [SA38889] Cru Content CMS "file" File Disclosure Vulnerability Message-ID: <201003081927.o28JR0q4026396@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Cru Content CMS "file" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA38889 VERIFY ADVISORY: http://secunia.com/advisories/38889/ DESCRIPTION: A vulnerability has been reported in Cru Content CMS, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "file" parameter in cms/download.php is not properly sanitised before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: fx0 ORIGINAL ADVISORY: http://packetstormsecurity.org/1003-exploits/crucontent-disclose.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 12:26:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Mar 2010 21:26:56 +0100 Subject: [SEC] [SA38839] Perforce P4FTP FTP Plugin Denial of Service Message-ID: <201003082026.o28KQus0015721@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Perforce P4FTP FTP Plugin Denial of Service SECUNIA ADVISORY ID: SA38839 VERIFY ADVISORY: http://secunia.com/advisories/38839/ DESCRIPTION: A vulnerability has been discovered in Perforce P4FTP FTP Plugin, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a NULL pointer dereference error and can be exploited to cause p4ftpd to crash by sending a specially crafted packet to port 21/TCP. The vulnerability is confirmed in version 2009.2/228098. Other versions may also be affected. SOLUTION: Grant only trusted users network access to the affected service. PROVIDED AND/OR DISCOVERED BY: Evgeny Legerov, Intevydis ORIGINAL ADVISORY: http://intevydis.blogspot.com/2010/03/perforce.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 13:27:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Mar 2010 22:27:44 +0100 Subject: [SEC] [SA38850] SUSE update for kernel Message-ID: <201003082127.o28LRihH005069@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA38850 VERIFY ADVISORY: http://secunia.com/advisories/38850/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and potentially gain escalated privileges. For more information: SA37590 SA38317 SA38354 SA38502 SOLUTION: Apply updated packages. x86 Platform: openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-debug-debuginfo-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-debug-debugsource-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-default-debuginfo-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-default-debugsource-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-pae-debuginfo-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-pae-debugsource-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-source-debuginfo-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-vanilla-debuginfo-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-vanilla-debugsource-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-xen-debuginfo-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/debug/update/11.0/rpm/i586/kernel-xen-debugsource-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/acerhk-kmp-debug-0.5.35_2.6.25.20_0.7-98.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/acx-kmp-debug-20080210_2.6.25.20_0.7-4.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/appleir-kmp-debug-1.1_2.6.25.20_0.7-108.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/at76_usb-kmp-debug-0.17_2.6.25.20_0.7-2.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/atl2-kmp-debug-2.0.4_2.6.25.20_0.7-4.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/aufs-kmp-debug-cvs20080429_2.6.25.20_0.7-13.3.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/dazuko-kmp-debug-2.3.4.4_2.6.25.20_0.7-42.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/drbd-kmp-debug-8.2.6_2.6.25.20_0.7-0.2.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/gspcav-kmp-debug-01.00.20_2.6.25.20_0.7-1.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/iscsitarget-kmp-debug-0.4.15_2.6.25.20_0.7-63.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/ivtv-kmp-debug-1.0.3_2.6.25.20_0.7-66.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/kernel-debug-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/kernel-default-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/kernel-pae-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/kernel-source-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/kernel-syms-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/kernel-vanilla-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/kernel-xen-2.6.25.20-0.7.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/kqemu-kmp-debug-1.3.0pre11_2.6.25.20_0.7-7.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/nouveau-kmp-debug-0.10.1.20081112_2.6.25.20_0.7-0.4.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/omnibook-kmp-debug-20080313_2.6.25.20_0.7-1.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/pcc-acpi-kmp-debug-0.9_2.6.25.20_0.7-4.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/pcfclock-kmp-debug-0.44_2.6.25.20_0.7-207.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/tpctl-kmp-debug-4.17_2.6.25.20_0.7-189.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/uvcvideo-kmp-debug-r200_2.6.25.20_0.7-2.4.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/virtualbox-ose-kmp-debug-1.5.6_2.6.25.20_0.7-33.5.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/vmware-kmp-debug-2008.04.14_2.6.25.20_0.7-21.1.i586.rpm http://download.opensuse.org/update/11.0/rpm/i586/wlan-ng-kmp-debug-0.2.8_2.6.25.20_0.7-107.1.i586.rpm Platform Independent: openSUSE 11.0: http://download.opensuse.org/update/11.0/rpm/noarch/kernel-docs-2.6.25.20-0.7.noarch.rpm Power PC Platform: openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-default-debuginfo-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-default-debugsource-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-kdump-debuginfo-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-kdump-debugsource-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-ppc64-debuginfo-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-ppc64-debugsource-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-ps3-debuginfo-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-ps3-debugsource-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-vanilla-debuginfo-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/debug/update/11.0/rpm/ppc/kernel-vanilla-debugsource-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/kernel-default-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/kernel-kdump-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/kernel-ppc64-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/kernel-ps3-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/kernel-source-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/kernel-syms-2.6.25.20-0.7.ppc.rpm http://download.opensuse.org/update/11.0/rpm/ppc/kernel-vanilla-2.6.25.20-0.7.ppc.rpm x86-64 Platform: openSUSE 11.0: http://download.opensuse.org/debug/update/11.0/rpm/x86_64/kernel-debug-debuginfo-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/kernel-debug-debugsource-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/kernel-default-debuginfo-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/kernel-default-debugsource-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/kernel-source-debuginfo-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/kernel-vanilla-debuginfo-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/kernel-vanilla-debugsource-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/kernel-xen-debuginfo-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/debug/update/11.0/rpm/x86_64/kernel-xen-debugsource-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/acx-kmp-debug-20080210_2.6.25.20_0.7-4.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/appleir-kmp-debug-1.1_2.6.25.20_0.7-108.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/at76_usb-kmp-debug-0.17_2.6.25.20_0.7-2.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/atl2-kmp-debug-2.0.4_2.6.25.20_0.7-4.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/aufs-kmp-debug-cvs20080429_2.6.25.20_0.7-13.3.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/dazuko-kmp-debug-2.3.4.4_2.6.25.20_0.7-42.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/drbd-kmp-debug-8.2.6_2.6.25.20_0.7-0.2.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/gspcav-kmp-debug-01.00.20_2.6.25.20_0.7-1.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/iscsitarget-kmp-debug-0.4.15_2.6.25.20_0.7-63.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/ivtv-kmp-debug-1.0.3_2.6.25.20_0.7-66.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/kernel-debug-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/kernel-default-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/kernel-source-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/kernel-syms-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/kernel-vanilla-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/kernel-xen-2.6.25.20-0.7.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/kqemu-kmp-debug-1.3.0pre11_2.6.25.20_0.7-7.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/nouveau-kmp-debug-0.10.1.20081112_2.6.25.20_0.7-0.4.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/omnibook-kmp-debug-20080313_2.6.25.20_0.7-1.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/pcc-acpi-kmp-debug-0.9_2.6.25.20_0.7-4.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/pcfclock-kmp-debug-0.44_2.6.25.20_0.7-207.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/uvcvideo-kmp-debug-r200_2.6.25.20_0.7-2.4.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/virtualbox-ose-kmp-debug-1.5.6_2.6.25.20_0.7-33.5.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/vmware-kmp-debug-2008.04.14_2.6.25.20_0.7-21.1.x86_64.rpm http://download.opensuse.org/update/11.0/rpm/x86_64/wlan-ng-kmp-debug-0.2.8_2.6.25.20_0.7-107.1.x86_64.rpm Sources: openSUSE 11.0: http://download.opensuse.org/update/11.0/rpm/src/kernel-debug-2.6.25.20-0.7.nosrc.rpm http://download.opensuse.org/update/11.0/rpm/src/kernel-default-2.6.25.20-0.7.nosrc.rpm http://download.opensuse.org/update/11.0/rpm/src/kernel-docs-2.6.25.20-0.7.src.rpm http://download.opensuse.org/update/11.0/rpm/src/kernel-kdump-2.6.25.20-0.7.nosrc.rpm http://download.opensuse.org/update/11.0/rpm/src/kernel-pae-2.6.25.20-0.7.nosrc.rpm http://download.opensuse.org/update/11.0/rpm/src/kernel-ppc64-2.6.25.20-0.7.nosrc.rpm http://download.opensuse.org/update/11.0/rpm/src/kernel-ps3-2.6.25.20-0.7.nosrc.rpm http://download.opensuse.org/update/11.0/rpm/src/kernel-source-2.6.25.20-0.7.src.rpm http://download.opensuse.org/update/11.0/rpm/src/kernel-syms-2.6.25.20-0.7.src.rpm http://download.opensuse.org/update/11.0/rpm/src/kernel-vanilla-2.6.25.20-0.7.nosrc.rpm http://download.opensuse.org/update/11.0/rpm/src/kernel-xen-2.6.25.20-0.7.nosrc.rpm ORIGINAL ADVISORY: SUSE-SA:2010:016: http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00003.html OTHER REFERENCES: SA37590: http://secunia.com/advisories/37590/ SA38317: http://secunia.com/advisories/38317/ SA38354: http://secunia.com/advisories/38354/ SA38502: http://secunia.com/advisories/38502/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 14:21:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Mar 2010 23:21:03 +0100 Subject: [SEC] [SA38816] Perforce Server Multiple Vulnerabilities Message-ID: <201003082221.o28ML3vZ026659@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Perforce Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38816 VERIFY ADVISORY: http://secunia.com/advisories/38816/ DESCRIPTION: Some vulnerabilities and a weakness have been reported in Perforce Server, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service). 1) An error in the processing of certain packets can be exploited to cause the Perforce server process "p4s.exe" to crash by sending a specially crafted packet to port 1666/TCP. 2) An error in the processing of certain packets can be exploited to cause an infinite loop in the "p4s.exe" process by sending a specially crafted packet to port 1666/TCP. These vulnerabilities are related to: SA36580 3) An error in the processing of password change requests can be exploited to perform an unauthorised change a user's password. 4) Journal and log files are stored world-readable and in clear text. 5) An error in the handling of sockets can be exploited to hijack the application's socket and e.g. gain sensitive information. SOLUTION: Restrict network access to the affected service. PROVIDED AND/OR DISCOVERED BY: 1, 2) Reportedly modules for VulnDisco Pack. 3-5) McAfee, including Stuart McClure, Shanit Gupta, Carric Dooley, Vitaly Zaytsev, Xiao Bo Chen, Kris Kaspersky, Michael Spohn, and Ryan Permeh. ORIGINAL ADVISORY: Intevydis: http://intevydis.blogspot.com/2010/03/perforce.html McAfee: http://resources.mcafee.com/forms/Aurora_VDTRG_WP OTHER REFERENCES: SA36580: http://secunia.com/advisories/36580/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 14:42:15 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Mar 2010 23:42:15 +0100 Subject: [SEC] [SA38821] Perforce P4Web Client Two Vulnerabilities Message-ID: <201003082242.o28MgFWE014443@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Perforce P4Web Client Two Vulnerabilities SECUNIA ADVISORY ID: SA38821 VERIFY ADVISORY: http://secunia.com/advisories/38821/ DESCRIPTION: Two vulnerabilities have been reported in Perforce P4Web Client, which can be exploited by malicious users to bypass certain security restrictions. 1) An error in the web interface when controlling access to certain functionality can be exploited to e.g. perform certain actions with escalated privileges. 2) An error in the handling of workspaces can be exploited to overwrite arbitrary files via directory traversal attacks. Successful exploitation of vulnerability #2 potentially allows overwriting files with system privileges, but may be dependent on vulnerability #1. SOLUTION: Grant only trusted users network access to the affected service. PROVIDED AND/OR DISCOVERED BY: McAfee, including Stuart McClure, Shanit Gupta, Carric Dooley, Vitaly Zaytsev, Xiao Bo Chen, Kris Kaspersky, Michael Spohn, and Ryan Permeh. ORIGINAL ADVISORY: McAfee: http://resources.mcafee.com/forms/Aurora_VDTRG_WP ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 14:53:55 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 8 Mar 2010 23:53:55 +0100 Subject: [SEC] [SA38837] phpBB Feed Permissions Security Issue Message-ID: <201003082253.o28Mrtbv001856@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: phpBB Feed Permissions Security Issue SECUNIA ADVISORY ID: SA38837 VERIFY ADVISORY: http://secunia.com/advisories/38837/ DESCRIPTION: A security issue has been reported in phpBB, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error within the feeds mechanism, which can be exploited to bypass forum and topic restrictions and view restricted content. Successful exploitation requires feeds to be enabled for forums or topics. The security issue is reported in version 3.0.7. SOLUTION: Update to version 3.0.7PL1 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195 http://www.phpbb.com/bugs/phpbb3/58595 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 15:06:56 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 00:06:56 +0100 Subject: [SEC] [SA38891] Pre E-Learning Portal "course_ID" SQL Injection Vulnerability Message-ID: <201003082306.o28N6uiM021747@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Pre E-Learning Portal "course_ID" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38891 VERIFY ADVISORY: http://secunia.com/advisories/38891/ DESCRIPTION: NoGe has reported a vulnerability in Pre E-Learning Portal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "course_ID" parameter in search_result.asp (when "courses" is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: NoGe ORIGINAL ADVISORY: http://evilc0de.blogspot.com/2010/03/pre-e-learning-portal-sql-injection.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 15:21:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 00:21:00 +0100 Subject: [SEC] [SA38788] Sparta Systems TrackWise TeamAccess Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201003082321.o28NL0T1009262@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Sparta Systems TrackWise TeamAccess Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA38788 VERIFY ADVISORY: http://secunia.com/advisories/38788/ DESCRIPTION: Yaniv Miron has reported some vulnerabilities in Sparta Systems TrackWise TeamAccess, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after TeamAccess/Login/ and TeamAccess/BatchEditProgress.html/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: Yaniv Miron aka "Lament" ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-03/0022.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 15:42:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 00:42:18 +0100 Subject: [SEC] [SA38848] rPath update for postgresql Message-ID: <201003082342.o28NgI1R029473@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: rPath update for postgresql SECUNIA ADVISORY ID: SA38848 VERIFY ADVISORY: http://secunia.com/advisories/38848/ DESCRIPTION: rPath has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to gain escalated privileges and cause a DoS (Denial of Service) and by malicious people to bypass certain security restrictions and conduct spoofing attacks. For more information: SA36660 SA37663 SOLUTION: Update to the latest versions. postgresql=conary.rpath.com at rpl:1/8.1.19-0.1-1 postgresql-server=conary.rpath.com at rpl:1/8.1.19-0.1-1 ORIGINAL ADVISORY: rPSA-2010-0012: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012 OTHER REFERENCES: SA36660: http://secunia.com/advisories/36660/ SA37663: http://secunia.com/advisories/37663/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 15:53:59 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 00:53:59 +0100 Subject: [SEC] [SA38846] rPath update for gzip Message-ID: <201003082353.o28Nrxcl016888@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: rPath update for gzip SECUNIA ADVISORY ID: SA38846 VERIFY ADVISORY: http://secunia.com/advisories/38846/ DESCRIPTION: rPath has issued an update for gzip. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA38132 SA38220 SOLUTION: Update to the latest version. gzip=conary.rpath.com at rpl:1/1.3.5-4.1-1 ORIGINAL ADVISORY: rPSA-2010-0013: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0013 OTHER REFERENCES: SA38132: http://secunia.com/advisories/38132/ SA38220: http://secunia.com/advisories/38220/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 16:07:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 01:07:09 +0100 Subject: [SEC] [SA38838] rPath update for mysql Message-ID: <201003090007.o29079gm004378@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: rPath update for mysql SECUNIA ADVISORY ID: SA38838 VERIFY ADVISORY: http://secunia.com/advisories/38838/ DESCRIPTION: rPath has issued an update for mysql. This fixes some security issues and some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and cause a DoS (Denial of Service) and by malicious people to conduct script insertion and spoofing attacks. For more information: SA30134 SA31769 SA32072 SA35767 SA37372 SOLUTION: Update to the latest versions. mysql=conary.rpath.com at rpl:1/5.0.88-0.1-1 mysql-bench=conary.rpath.com at rpl:1/5.0.88-0.1-1 mysql-server=conary.rpath.com at rpl:1/5.0.88-0.1-1 ORIGINAL ADVISORY: rPSA-2010-0014: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0014 OTHER REFERENCES: SA30134: http://secunia.com/advisories/30134/ SA31769: http://secunia.com/advisories/31769/ SA32072: http://secunia.com/advisories/32072/ SA35767: http://secunia.com/advisories/35767/ SA37372: http://secunia.com/advisories/37372/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 16:21:21 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 01:21:21 +0100 Subject: [SEC] [SA38872] Bigforum "id" SQL Injection Vulnerability Message-ID: <201003090021.o290LLfH024309@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Bigforum "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38872 VERIFY ADVISORY: http://secunia.com/advisories/38872/ DESCRIPTION: A vulnerability has been discovered in Bigforum, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in profil.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 4.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Ctacok ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 16:42:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 01:42:33 +0100 Subject: [SEC] [SA38851] rPath update for gnome-ssh-askpass and openssh Message-ID: <201003090042.o290gXic012097@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: rPath update for gnome-ssh-askpass and openssh SECUNIA ADVISORY ID: SA38851 VERIFY ADVISORY: http://secunia.com/advisories/38851/ DESCRIPTION: rPath has issued an update for gnome-ssh-askpass and openssh. This fixes a vulnerability, which can be exploited by malicious people to disclose sensitive information. For more information: SA32760 SOLUTION: Update to the latest versions. gnome-ssh-askpass=conary.rpath.com at rpl:1/5.3p1-0.3-1 openssh=conary.rpath.com at rpl:1/5.3p1-0.3-1 openssh-client=conary.rpath.com at rpl:1/5.3p1-0.3-1 openssh-server=conary.rpath.com at rpl:1/5.3p1-0.3-1 ORIGINAL ADVISORY: rPSA-2010-0011: http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0011 OTHER REFERENCES: SA32760: http://secunia.com/advisories/32760/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 16:54:04 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 01:54:04 +0100 Subject: [SEC] [SA38894] Energizer DUO Charger Software Backdoor Security Issue Message-ID: <201003090054.o290s4MA031928@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Energizer DUO Charger Software Backdoor Security Issue SECUNIA ADVISORY ID: SA38894 VERIFY ADVISORY: http://secunia.com/advisories/38894/ DESCRIPTION: A security issue has been reported in Energizer DUO Charger Software, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to a backdoor (Arucer.dll) placed in the Windows system32 directory by the installer software. This can be exploited to e.g. send and receive files or execute arbitrary code on an affected machine via commands sent to port 7777/TCP. NOTE: The backdoor is configured to start automatically on system start. SOLUTION: Uninstall the software and remove "Arucer.dll" from the Windows system32 directory. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Ed Schaller. ORIGINAL ADVISORY: VU#154421: http://www.kb.cert.org/vuls/id/154421 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 17:07:18 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 02:07:18 +0100 Subject: [SEC] [SA38887] Slackware update for mozilla-firefox Message-ID: <201003090107.o2917I3A019413@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Slackware update for mozilla-firefox SECUNIA ADVISORY ID: SA38887 VERIFY ADVISORY: http://secunia.com/advisories/38887/ DESCRIPTION: Slackware has issued an update for mozilla-firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks or compromise a user's system. For more information: SA37242 SOLUTION: Apply updated packages. -- Slackware 11.0 -- ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/mozilla-firefox-3.0.18-i686-1.tgz ORIGINAL ADVISORY: SSA:2010-065-01: http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.332913 OTHER REFERENCES: SA37242: http://secunia.com/advisories/37242/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 17:21:12 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 02:21:12 +0100 Subject: [SEC] [SA38871] Yahoo! Player Playlist Processing Buffer Overflow Message-ID: <201003090121.o291LCZW006924@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Yahoo! Player Playlist Processing Buffer Overflow SECUNIA ADVISORY ID: SA38871 VERIFY ADVISORY: http://secunia.com/advisories/38871/ DESCRIPTION: Mr.tro0oqy has discovered a vulnerability in Yahoo! Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing playlist entries. This can be exploited to cause a stack-based buffer overflow via e.g. an M3U file having an overly long entry. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.5.01.409. Other versions may also be affected. SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: Mr.tro0oqy ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 17:42:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 02:42:38 +0100 Subject: [SEC] [SA38866] Fedora update for fetchmail Message-ID: <201003090142.o291gcRB027134@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for fetchmail SECUNIA ADVISORY ID: SA38866 VERIFY ADVISORY: http://secunia.com/advisories/38866/ DESCRIPTION: Fedora has issued an update for fetchmail. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA38391 SOLUTION: Apply updated packages via the yum utility ("yum update fetchmail"). ORIGINAL ADVISORY: FEDORA-2010-3800: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036632.html OTHER REFERENCES: SA38391: http://secunia.com/advisories/38391/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 17:54:05 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 02:54:05 +0100 Subject: [SEC] [SA38867] Fedora update for drupal Message-ID: <201003090154.o291s5gk014544@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for drupal SECUNIA ADVISORY ID: SA38867 VERIFY ADVISORY: http://secunia.com/advisories/38867/ DESCRIPTION: Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and bypass certain security restrictions. For more information: SA38835 SOLUTION: Apply updated packages via the yum utility ("yum update drupal"). ORIGINAL ADVISORY: FEDORA-2010-3787: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036619.html FEDORA-2010-3739: http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036583.html OTHER REFERENCES: SA38835: http://secunia.com/advisories/38835/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 18:07:26 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 03:07:26 +0100 Subject: [SEC] [SA38870] Bild Flirt Community "id" SQL Injection Vulnerability Message-ID: <201003090207.o2927QiZ002026@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Bild Flirt Community "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38870 VERIFY ADVISORY: http://secunia.com/advisories/38870/ DESCRIPTION: Easy Laster has reported a vulnerability in Bild Flirt Community, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster ORIGINAL ADVISORY: http://4004securityproject.wordpress.com/2010/03/07/bild-flirt-system-v2-0-index-php-id-sql-injection/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Mar 8 18:21:09 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 03:21:09 +0100 Subject: [SEC] [SA38865] Fedora update for sudo Message-ID: <201003090221.o292L9mb021950@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for sudo SECUNIA ADVISORY ID: SA38865 VERIFY ADVISORY: http://secunia.com/advisories/38865/ DESCRIPTION: Fedora has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA38659 SOLUTION: Apply updated packages via the yum utility ("yum update sudo"). ORIGINAL ADVISORY: FEDORA-2010-3359: https://admin.fedoraproject.org/updates/sudo-1.7.2p5-1.fc12 OTHER REFERENCES: SA38659: http://secunia.com/advisories/38659/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 10:26:25 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 19:26:25 +0100 Subject: [SEC] [SA38791] Microsoft Windows Movie Maker Buffer Overflow Vulnerability Message-ID: <201003091826.o29IQPlH016070@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Movie Maker Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA38791 VERIFY ADVISORY: http://secunia.com/advisories/38791/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the bundled Movie Maker application when parsing project files. This can be exploited to cause a buffer overflow when viewing a specially crafted file. Successful exploitation may allow execution of arbitrary code. NOTE: Systems running Windows 7 do not bundle Movie Maker and are, therefore, not affected by default. SOLUTION: Apply patches. Windows XP SP2/SP3 and Movie Maker 2.1: http://www.microsoft.com/downloads/details.aspx?familyid=6301E462-02BE-4B9A-BAE9-7C4821B42D2D Windows XP Professional x64 Edition SP2 and Movie Maker 2.1: http://www.microsoft.com/downloads/details.aspx?familyid=CAE81585-D0DF-41B8-9277-CA02F1265056 Windows Vista (optionally with SP1/SP2) and Movie Maker 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=AE2E9B75-1616-4FE3-91BB-E2E28252FF1C Windows Vista (optionally with SP1/SP2) and Movie Maker 2.6: http://www.microsoft.com/downloads/details.aspx?familyid=CA2D1118-CA64-419D-86AF-9396E61B90B0 Windows Vista x64 Edition (optionally with SP1/SP2) and Movie Maker 6.0: http://www.microsoft.com/downloads/details.aspx?familyid=E27F353E-DEB6-4D61-8808-C751D20A42A1 Windows Vista x64 Edition (optionally with SP1/SP2) and Movie Maker 2.6: http://www.microsoft.com/downloads/details.aspx?familyid=6A1F4126-97F2-4AEE-BFE1-05BD13A0667B Windows 7 for 32-bit Systems and Movie Maker 2.6: http://www.microsoft.com/downloads/details.aspx?familyid=822254EB-2EA6-47A5-B5F8-45EF8EE53447 Windows 7 for x64-based Systems and Movie Maker 2.6: http://www.microsoft.com/downloads/details.aspx?familyid=0FBF3063-1C2D-408C-A7B5-0C5857593C6F NOTE: Some links may not currently work as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. PROVIDED AND/OR DISCOVERED BY: Currently not available as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. ORIGINAL ADVISORY: MS10-016 (KB975561): http://www.microsoft.com/technet/security/bulletin/ms10-016.mspx NOTE: The link may not currently work as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 11:32:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 20:32:41 +0100 Subject: [SEC] [SA38805] Microsoft Office Excel Multiple Vulnerabilities Message-ID: <201003091932.o29JWfL8013771@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Microsoft Office Excel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38805 VERIFY ADVISORY: http://secunia.com/advisories/38805/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. 1) An error in the parsing of records can be exploited to corrupt memory via a specially crafted file. 2) An error in the parsing of sheet object types can be exploited to corrupt memory via a specially crafted file. 3) An error in the parsing of MDXTUPLE records can be exploited to cause a heap-based buffer overflow via a specially crafted file. 4) An error in the parsing of MDXSET records can be exploited to cause a heap-based buffer overflow via a specially crafted file. 5) An error in the parsing of FNGROUPNAME records may result in the use of uninitialised memory via a specially crafted file. 6) An error in the parsing of XLSX files and may allow code execution via a specially crafted file. 7) An error in the parsing of DbOrParamQry records can be exploited to corrupt memory via a specially crafted file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply patches. Microsoft Office Excel 2002 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=E0136F62-60CE-4EBD-8660-BE81EBA29AE8 Microsoft Office Excel 2003 SP3: http://www.microsoft.com/downloads/details.aspx?familyid=7E42793E-747B-48DA-968A-1EC29EA37151 Microsoft Office Excel 2007 SP1: http://www.microsoft.com/downloads/details.aspx?familyid=03429F8A-8AAB-4A59-97E4-7CE047F100A5 Microsoft Office Excel 2007 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=03429F8A-8AAB-4A59-97E4-7CE047F100A5 Microsoft Office 2004 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=ae5936f8-fe3f-4d23-a37c-d80f228e475e Microsoft Office 2008 for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=e0ed1569-ab2f-407c-b728-4eddc463c385 Open XML File Format Converter for Mac: http://www.microsoft.com/downloads/details.aspx?FamilyID=4c5487d5-c912-4087-8c83-769e3fb78ea9 Microsoft Office Excel Viewer SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=010D0A4D-02A4-4142-963B-A38CD06CC897 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1/SP2: http://www.microsoft.com/downloads/details.aspx?familyid=314F076E-8F9D-46C2-B666-86599A02BF15 Microsoft Office SharePoint Server 2007 SP1 (32-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=94DDF6EF-3392-4D77-A02B-3BC0470721CD Microsoft Office SharePoint Server 2007 SP2 (32-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=94DDF6EF-3392-4D77-A02B-3BC0470721CD Microsoft Office SharePoint Server 2007 SP1 (64-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=06F6BFFB-3FAD-4FB5-878B-39550812E9B5 Microsoft Office SharePoint Server 2007 SP2 (64-bit editions): http://www.microsoft.com/downloads/details.aspx?familyid=06F6BFFB-3FAD-4FB5-878B-39550812E9B5 NOTE: Some links may not currently work as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. PROVIDED AND/OR DISCOVERED BY: Currently not available as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. ORIGINAL ADVISORY: MS10-017 (KB980150, KB978471, KB978474, KB978382, KB980837, KB980839, KB980840, KB978383, KB978380, KB979439): http://www.microsoft.com/technet/security/bulletin/ms10-017.mspx NOTE: The link may not currently work as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 12:26:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 21:26:31 +0100 Subject: [SEC] [SA38860] Internet Explorer Unspecified Code Execution Vulnerability Message-ID: <201003092026.o29KQVIw014950@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Internet Explorer Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA38860 VERIFY ADVISORY: http://secunia.com/advisories/38860/ DESCRIPTION: A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified use-after-free error and can be exploited by e.g. tricking a user into viewing a specially crafted web page. Successful exploitation allows execution of arbitrary code. NOTE: The vulnerability is currently being actively exploited. SOLUTION: Do not visit untrusted sites. Set the Internet zone security setting to "High" or disable Active Scripting support. PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: http://www.microsoft.com/technet/security/advisory/981374.mspx OTHER REFERENCES: http://blogs.technet.com/msrc/archive/2010/03/09/security-advisory-981374-released.aspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 13:26:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 22:26:35 +0100 Subject: [SEC] [SA38858] SSH Tectia Audit Player Multiple Vulnerabilities Message-ID: <201003092126.o29LQZrQ004274@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: SSH Tectia Audit Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38858 VERIFY ADVISORY: http://secunia.com/advisories/38858/ DESCRIPTION: SSH Communications has acknowledged a security issue and some vulnerabilities in SSH Tectia Audit Player, which can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, manipulate certain data, and cause a DoS (Denial of Service). For more information: SA33338 SA34138 SA34411 SA36238 SA37291 SOLUTION: Update to version 2.0.13. ORIGINAL ADVISORY: http://www.ssh.com/documents/33/SSHTectiaGuardian_2.0.2b_Releasenotes.txt OTHER REFERENCES: SA33338: http://secunia.com/advisories/33338/ SA34138: http://secunia.com/advisories/34138/ SA34411: http://secunia.com/advisories/34411/ SA36238: http://secunia.com/advisories/36238/ SA37291: http://secunia.com/advisories/37291/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 14:20:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 23:20:34 +0100 Subject: [SEC] [SA38845] Microsoft Producer Project File Parsing Buffer Overflow Message-ID: <201003092220.o29MKYle025873@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Microsoft Producer Project File Parsing Buffer Overflow SECUNIA ADVISORY ID: SA38845 VERIFY ADVISORY: http://secunia.com/advisories/38845/ DESCRIPTION: A vulnerability has been reported in Microsoft Producer 2003, which can be exploited by malicious people to compromise a user's system. For more information: SA38791 SOLUTION: A security update for Microsoft Producer 2003 is currently not available. PROVIDED AND/OR DISCOVERED BY: Currently not available as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. ORIGINAL ADVISORY: MS10-016 (KB975561): http://www.microsoft.com/technet/security/bulletin/ms10-016.mspx NOTE: The link may not currently work as this advisory was rushed since information about the upcoming Microsoft security bulletins was purposefully leaked by a third party. OTHER REFERENCES: SA38791: http://secunia.com/advisories/38791/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 14:41:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 23:41:45 +0100 Subject: [SEC] [SA38873] bbsmax "action" Cross-Site Scripting Vulnerability Message-ID: <201003092241.o29MfjYW013662@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: bbsmax "action" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38873 VERIFY ADVISORY: http://secunia.com/advisories/38873/ DESCRIPTION: Liscker has reported a vulnerability in bbsmax, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "action" parameter to post.aspx is not properly sanitised before being returned to the user in info.aspx. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 4.2.1. Other versions may also be affected. SOLUTION: Update to version 4.2.3. PROVIDED AND/OR DISCOVERED BY: Liscker ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-03/0061.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 14:53:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 9 Mar 2010 23:53:34 +0100 Subject: [SEC] [SA38856] MediaWiki Multiple Vulnerabilities Message-ID: <201003092253.o29MrYhR001044@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: MediaWiki Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38856 VERIFY ADVISORY: http://secunia.com/advisories/38856/ DESCRIPTION: A vulnerability and a security issue have been reported in MediaWiki, which can be exploited by malicious users to disclose sensitive information and bypass certain security restrictions. 1) An error exists within the CSS validation function which can be exploited to disclose potentially sensitive information by displaying external images in wiki pages. Successful exploitation requires "Editor" permissions to wiki pages. The vulnerability is reported in versions prior to 1.15.2. 2) The security issue is caused due to a missing user permissions check within the "thumb.php" script. This can be exploited to view restricted images in private wikis. Success exploitation requires an image access authentication scheme to be configured e.g. via "img_auth.php" script. The security issue is reported in version 1.5 and later. SOLUTION: Update to version 1.15.2 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 15:06:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 00:06:38 +0100 Subject: [SEC] [SA38879] lshell Command and Path Restriction Bypass Security Issues Message-ID: <201003092306.o29N6cHg020974@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: lshell Command and Path Restriction Bypass Security Issues SECUNIA ADVISORY ID: SA38879 VERIFY ADVISORY: http://secunia.com/advisories/38879/ DESCRIPTION: Some security issues have been reported in lshell, which can be exploited by malicious, local users to bypass certain security restrictions. The security issues are caused due to lshell not properly verifying certain commands, which can be exploited to bypass the path restriction functionality and execute restricted commands. The security issues are reported in versions prior to 0.9.9. SOLUTION: Update to version 0.9.10. PROVIDED AND/OR DISCOVERED BY: Adrien Urban ORIGINAL ADVISORY: http://lshell.ghantoos.org/Changelog ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 15:20:46 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 00:20:46 +0100 Subject: [SEC] [SA38882] TikiWiki CMS/Groupware Multiple Vulnerabilities Message-ID: <201003092320.o29NKkEs008481@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: TikiWiki CMS/Groupware Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38882 VERIFY ADVISORY: http://secunia.com/advisories/38882/ DESCRIPTION: Some vulnerabilities have been reported in TikiWiki CMS/Groupware, where one has an unknown impact and the other can be exploited by malicious people to conduct SQL injection attacks. 1) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) An unspecified error exists related to the Standard Remember method for persistent login. No further information is currently available. The vulnerabilities are reported in versions prior to 3.5. SOLUTION: Update to version 3.5. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Mateusz Drygas 2) Reported by the vendor. ORIGINAL ADVISORY: http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25429 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25196 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 15:41:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 00:41:31 +0100 Subject: [SEC] [SA38881] Dovecot Mailbox Large Header Denial of Service Message-ID: <201003092341.o29NfVWR028682@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Dovecot Mailbox Large Header Denial of Service SECUNIA ADVISORY ID: SA38881 VERIFY ADVISORY: http://secunia.com/advisories/38881/ DESCRIPTION: A vulnerability has been reported in Dovecot, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain large headers, which can be exploited to cause a high CPU load by sending a specially crafted email to the system. Successful exploitation requires that the "mbox" mail directory format is used. The vulnerability is reported in versions prior to 1.2.11 of the 1.2.x branch. The 1.0.x and 1.1.x branches are not affected. SOLUTION: Update to version 1.2.11. PROVIDED AND/OR DISCOVERED BY: Stan Hoeppner and Kostik ORIGINAL ADVISORY: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html http://dovecot.org/pipermail/dovecot/2010-February/047190.html http://dovecot.org/pipermail/dovecot/2010-February/047058.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 15:53:27 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 00:53:27 +0100 Subject: [SEC] [SA38886] DZ Auktionshaus "V4.rgo" "id" SQL Injection Vulnerability Message-ID: <201003092353.o29NrR7A016103@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: DZ Auktionshaus "V4.rgo" "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38886 VERIFY ADVISORY: http://secunia.com/advisories/38886/ DESCRIPTION: Easy Laster has reported a vulnerability in DZ Auktionshaus "V4.rgo", which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in news.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Filter malicious requests using a proxy. PROVIDED AND/OR DISCOVERED BY: Easy Laster ORIGINAL ADVISORY: http://4004securityproject.wordpress.com/2010/03/08/dz-auktionshaus-v4-rgo-id-news-php-sql-injection/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 16:06:30 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 01:06:30 +0100 Subject: [SEC] [SA38307] eclime Multiple Vulnerabilities Message-ID: <201003100006.o2A06UmW003579@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: eclime Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38307 VERIFY ADVISORY: http://secunia.com/advisories/38307/ DESCRIPTION: Some vulnerabilities have been discovered in eclime, which can be exploited by malicious people to conduct SQL injection, cross-site scripting, and session fixation attacks. 1) Input passed to the "email_address" and "password" parameters in login.php (when "action" is set to "process") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed to the "keywords" parameter in advanced_search_result.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "ex" parameter in admin/includes/version.php (when "action" is set to "init") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) An error in the handling of sessions in the administrative section can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. The vulnerabilities are confirmed in version 1.1.0b. Other versions may also be affected. SOLUTION: Update to version 1.1.1b. PROVIDED AND/OR DISCOVERED BY: 1 - 3) Reported by Russ McRee via Secunia. 4) Reported by an anonymous person. ORIGINAL ADVISORY: http://www.eclime.com/forum/viewtopic.php?f=21&t=248 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 16:20:45 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 01:20:45 +0100 Subject: [SEC] [SA38859] eGroupWare Cross-Site Scripting and Arbitrary Command Execution Vulnerabilities Message-ID: <201003100020.o2A0Kjkg023505@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: eGroupWare Cross-Site Scripting and Arbitrary Command Execution Vulnerabilities SECUNIA ADVISORY ID: SA38859 VERIFY ADVISORY: http://secunia.com/advisories/38859/ DESCRIPTION: Some vulnerabilities have been discovered in eGroupWare, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system 1) Input passed to the "lang" parameter in login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "spellchecker_lang" parameter in phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php is not properly sanitised before being used. This can be exploited to execute arbitrary shell commands. The vulnerabilities are confirmed in version 1.6.002. Prior versions may also be affected. SOLUTION: Update to version 1.6.003. PROVIDED AND/OR DISCOVERED BY: The vendor credits Nahuel Grisolia. ORIGINAL ADVISORY: http://www.egroupware.org/news?category_id=95&item=93 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 16:41:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 01:41:31 +0100 Subject: [SEC] [SA38899] HP Performance Insight Arbitrary Command Execution Vulnerability Message-ID: <201003100041.o2A0fVjH011289@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: HP Performance Insight Arbitrary Command Execution Vulnerability SECUNIA ADVISORY ID: SA38899 VERIFY ADVISORY: http://secunia.com/advisories/38899/ DESCRIPTION: A vulnerability has been reported in HP Performance Insight, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary commands. The vulnerability is reported in version 5.4 and earlier running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply patches. http://support.openview.hp.com/selfsolve/patches HP-UX (IA): PI54IA_00001 or subsequent HP-UX (PA): PI54PA_00001 or subsequent Linux RedHat4ES: PI54LIN_00001 or subsequent Solaris: PI54SOL_00001 or subsequent Windows: PI54WIN_00001 or subsequent PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous researcher working with the TippingPoint Zero Day Initiative ORIGINAL ADVISORY: HPSBMA02489 SSRT090065: https://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02033170 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 16:53:31 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 01:53:31 +0100 Subject: [SEC] [SA38892] Debian update for typo3-src Message-ID: <201003100053.o2A0rVKX031135@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Debian update for typo3-src SECUNIA ADVISORY ID: SA38892 VERIFY ADVISORY: http://secunia.com/advisories/38892/ DESCRIPTION: Debian has issued an update for typo3-src. This fixes a security issue and some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions For more information: SA38668 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny3.dsc Size/MD5 checksum: 1008 2b5fae60fae3e6a6aac0abab77878aab http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5.orig.tar.gz Size/MD5 checksum: 8144727 75b2e5db6ac586fb6176f329be452159 http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src_4.2.5-1+lenny3.diff.gz Size/MD5 checksum: 128331 a6c5d19786ea0cb438dca15a5e4cd03d Architecture independent packages: http://security.debian.org/pool/updates/main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny3_all.deb Size/MD5 checksum: 8201908 b9597dd425a73b6cb89bdc3724fcb02f http://security.debian.org/pool/updates/main/t/typo3-src/typo3_4.2.5-1+lenny3_all.deb Size/MD5 checksum: 133890 7322ee4dbabfb7b8a9ad34541a750777 ORIGINAL ADVISORY: DSA-2008-1: http://lists.debian.org/debian-security-announce/2010/msg00048.html OTHER REFERENCES: SA38668: http://secunia.com/advisories/38668/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 17:06:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 02:06:33 +0100 Subject: [SEC] [SA38804] Samba "CAP_DAC_OVERRIDE" File Permissions Security Bypass Message-ID: <201003100106.o2A16XEJ018602@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Samba "CAP_DAC_OVERRIDE" File Permissions Security Bypass SECUNIA ADVISORY ID: SA38804 VERIFY ADVISORY: http://secunia.com/advisories/38804/ DESCRIPTION: A vulnerability has been reported in Samba, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due Samba processes inheriting the "CAP_DAC_OVERRIDE" capability flag, which can be exploited to e.g. read and write to files without having the proper permissions. The vulnerability is reported in versions 3.3.11, 3.4.6, and 3.5.0. Prior versions are not affected. Note: Successful exploitation requires that the system offers support for capabilities and that Samba has been compiled with support for libcap. SOLUTION: Update to version 3.3.12, 3.4.7, and 3.5.1 or apply patches. http://www.samba.org/samba/ftp/ -- Patches -- Samba 3.3.11: http://us1.samba.org/samba/ftp/patches/security/samba-3.3.11-CVE-2010-0728.patch Samba 3.4.6: http://us1.samba.org/samba/ftp/patches/security/samba-3.4.6-CVE-2010-0728.patch Samba 3.5.0: http://us1.samba.org/samba/ftp/patches/security/samba-3.5.0-CVE-2010-0728.patch PROVIDED AND/OR DISCOVERED BY: Andreas Matthus ORIGINAL ADVISORY: http://us1.samba.org/samba/security/CVE-2010-0728.html https://bugzilla.samba.org/show_bug.cgi?id=7222 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 17:20:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 02:20:40 +0100 Subject: [SEC] [SA38787] Eshbel Priority Cross-Site Scripting Vulnerability Message-ID: <201003100120.o2A1Kemv006108@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Eshbel Priority Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38787 VERIFY ADVISORY: http://secunia.com/advisories/38787/ DESCRIPTION: Yaniv Miron has reported a vulnerability in Eshbel Priority, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL is not properly sanitised before being returned to the user within the marketgate/PriHtml.dll script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters and character sequences in a proxy. PROVIDED AND/OR DISCOVERED BY: Yaniv Miron aka "Lament" ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2010-03/0013.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 17:41:23 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 02:41:23 +0100 Subject: [SEC] [SA38841] Juniper Networks Secure Access "row" Cross-Site Scripting Vulnerability Message-ID: <201003100141.o2A1fNM0026302@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Juniper Networks Secure Access "row" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38841 VERIFY ADVISORY: http://secunia.com/advisories/38841/ DESCRIPTION: Niels Heinen has reported a vulnerability in Juniper Networks Secure Access, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "row" parameter in editbk.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in Secure Access running IVE OS version 6.0. Other versions may also be affected. SOLUTION: Reportedly fixed in version 6.3R7, 6.4R5, and 6.5R2. PROVIDED AND/OR DISCOVERED BY: Niels Heinen of Logica Nederland B.V. ORIGINAL ADVISORY: Niels Heinen: http://archives.neohapsis.com/archives/bugtraq/2010-03/0051.html Juniper Networks: https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumbe r=PSN-2010-02-660&viewMode=view ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 17:53:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 02:53:28 +0100 Subject: [SEC] [SA38896] TikiWiki CMS/Groupware Multiple Vulnerabilities Message-ID: <201003100153.o2A1rSTH013728@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: TikiWiki CMS/Groupware Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38896 VERIFY ADVISORY: http://secunia.com/advisories/38896/ DESCRIPTION: Some vulnerabilities have been reported in TikiWiki CMS/Groupware, one of which has an unspecified impact and others that can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct SQL injection attacks. 1) Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) An error in the user_logout() method can be exploited to perform certain restricted actions. 3) An unspecified error exists related to the Standard Remember method for persistent login. No further information is currently available. The vulnerabilities are reported in versions prior to 4.2. SOLUTION: Update to version 4.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://info.tikiwiki.org/article86-Tiki-Announces-3-5-and-4-2-Releases http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25435 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25424 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=25046 http://tikiwiki.svn.sourceforge.net/viewvc/tikiwiki?view=rev&revision=24734 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 18:06:28 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 03:06:28 +0100 Subject: [SEC] [SA38840] SpamAssassin Milter Plugin Shell Command Injection Message-ID: <201003100206.o2A26SBp001168@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: SpamAssassin Milter Plugin Shell Command Injection SECUNIA ADVISORY ID: SA38840 VERIFY ADVISORY: http://secunia.com/advisories/38840/ DESCRIPTION: A vulnerability has been discovered in the SpamAssassin Milter Plugin, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to input not being properly sanitised in the "mlfi_envrcpt" function in spamass-milter.cpp before using it in a call to "popen()", which can be exploited to inject and execute arbitrary shell commands. The vulnerability is confirmed in version 0.3.1. Other versions may also be affected. SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: Kingcope ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 18:20:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 03:20:37 +0100 Subject: [SEC] [SA38814] Fedora update for bournal Message-ID: <201003100220.o2A2Kaig021126@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for bournal SECUNIA ADVISORY ID: SA38814 VERIFY ADVISORY: http://secunia.com/advisories/38814/ DESCRIPTION: Fedora has issued an update for bournal. This fixes multiple security issues, which can be exploited by malicious, local users to disclose sensitive information and to perform certain actions with escalated privileges. For more information: SA38554 SA38723 SOLUTION: Apply updated packages via the yum utility ("yum update bournal"). ORIGINAL ADVISORY: FEDORA-2010-3301: https://admin.fedoraproject.org/updates/bournal-1.4.1-1.fc11 FEDORA-2010-3221: https://admin.fedoraproject.org/updates/bournal-1.4.1-1.fc12 OTHER REFERENCES: SA38554: http://secunia.com/advisories/38554/ SA38723: http://secunia.com/advisories/38723/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 18:41:24 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 03:41:24 +0100 Subject: [SEC] [SA38863] Linux Kernel Video Output Status Denial of Service Message-ID: <201003100241.o2A2fOmO008906@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Linux Kernel Video Output Status Denial of Service SECUNIA ADVISORY ID: SA38863 VERIFY ADVISORY: http://secunia.com/advisories/38863/ DESCRIPTION: A security issue has been reported in the Linux kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The security issue is caused due to an error while reading the status of video output devices on certain ThinkPad platforms. This can be exploited to cause a kernel crash by reading data from /proc/acpi/ibm/video. SOLUTION: Fixed in 2.6.34-rc1. PROVIDED AND/OR DISCOVERED BY: Reported by Jidanni in a Debian bug report. ORIGINAL ADVISORY: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565790 http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.34-rc1 http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Mar 9 18:53:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 03:53:32 +0100 Subject: [SEC] [SA38843] Fedora update for curl Message-ID: <201003100253.o2A2rW05028751@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for curl SECUNIA ADVISORY ID: SA38843 VERIFY ADVISORY: http://secunia.com/advisories/38843/ DESCRIPTION: Fedora has issued an update for curl. This fixes a security issue, which can potentially be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA38427 SOLUTION: Apply updated packages via the yum utility ("yum update curl"). ORIGINAL ADVISORY: FEDORA-2010-2762: https://admin.fedoraproject.org/updates/curl-7.19.7-7.fc12 OTHER REFERENCES: SA38427: http://secunia.com/advisories/38427/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 10 10:26:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 19:26:34 +0100 Subject: [SEC] [SA37673] XnView DICOM Parsing Integer Overflow Vulnerability Message-ID: <201003101826.o2AIQYlI020622@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: XnView DICOM Parsing Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA37673 VERIFY ADVISORY: http://secunia.com/advisories/37673/ DESCRIPTION: Secunia Research has discovered a vulnerability in XnView, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file. The vulnerability is confirmed in version 1.96.5 and 1.97. Other versions may also be affected. SOLUTION: Update to version 1.97.2. PROVIDED AND/OR DISCOVERED BY: Stefan Cornelius, Secunia Research ORIGINAL ADVISORY: Secunia: http://secunia.com/secunia_research/2009-60/ XnView: http://newsgroup.xnview.com/viewtopic.php?f=35&t=19469 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 10 11:26:33 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 20:26:33 +0100 Subject: [SEC] [SA38852] Apache HTTP Server "mod_isapi" Module Unloading Vulnerability Message-ID: <201003101926.o2AJQXp0009934@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server "mod_isapi" Module Unloading Vulnerability SECUNIA ADVISORY ID: SA38852 VERIFY ADVISORY: http://secunia.com/advisories/38852/ DESCRIPTION: A vulnerability has been reported in Apache HTTP Server, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information see vulnerability #2 in: SA38776 SOLUTION: Fixed in the SVN repository. http://svn.apache.org/viewvc?view=revision&revision=920961 ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_20.html OTHER REFERENCES: SA38776: http://secunia.com/advisories/38776/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 10 12:26:40 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 21:26:40 +0100 Subject: [SEC] [SA38739] Employee Timeclock Software Multiple Vulnerabilities Message-ID: <201003102026.o2AKQeKp031687@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Employee Timeclock Software Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38739 VERIFY ADVISORY: http://secunia.com/advisories/38739/ DESCRIPTION: Secunia Research has discovered some vulnerabilities in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to disclose sensitive information and conduct SQL injection attacks. 1) The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name. 2) Input passed to the "username" and "password" parameters in auth.php and login_action.php is not properly sanitised before being used in SQL queries. This can be exploited to modify SQL queries by injecting arbitrary SQL code. 3) The application passes the database password via the command line to the "mysqldump" utility, which potentially can be exploited to disclose the password via the process list. The vulnerabilities are confirmed in version 0.99. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not use the database backup functionality and restrict access to existing backup files. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2010-10/ http://secunia.com/secunia_research/2010-11/ http://secunia.com/secunia_research/2010-12/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 10 13:26:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 22:26:38 +0100 Subject: [SEC] [SA38897] MH Products Kleinanzeigenmarkt "c" SQL Injection Vulnerability Message-ID: <201003102126.o2ALQcNZ021000@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: MH Products Kleinanzeigenmarkt "c" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38897 VERIFY ADVISORY: http://secunia.com/advisories/38897/ DESCRIPTION: A vulnerability has been reported in MH Products Kleinanzeigenmarkt , which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "c" parameter to search.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. NOTE: This can further be exploited to conduct cross-site scripting attacks via SQL error messages. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Easy Laster ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 10 14:20:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 23:20:34 +0100 Subject: [SEC] [SA38893] Jevci Siparis Formu Database Disclosure Security Issue Message-ID: <201003102220.o2AMKYS1010175@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Jevci Siparis Formu Database Disclosure Security Issue SECUNIA ADVISORY ID: SA38893 VERIFY ADVISORY: http://secunia.com/advisories/38893/ DESCRIPTION: A security issue has been reported in Jevci Siparis Formu, which can be exploited by malicious people to disclose sensitive information. The security issue is caused due to the "siparis.mdb" database file being stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information by downloading the file. SOLUTION: Place the database file outside the web root. PROVIDED AND/OR DISCOVERED BY: indoushka ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 10 14:42:00 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 23:42:00 +0100 Subject: [SEC] [SA38912] Kandidat CMS "contentcenter" Cross-Site Scripting Vulnerability Message-ID: <201003102242.o2AMg0Gr030402@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Kandidat CMS "contentcenter" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38912 VERIFY ADVISORY: http://secunia.com/advisories/38912/ DESCRIPTION: A vulnerability has been discovered in Kandidat CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "contentcenter" parameter in media/upload.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.3.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Inj3ct0r ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 10 14:53:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 10 Mar 2010 23:53:41 +0100 Subject: [SEC] [SA38876] Fedora update for samba Message-ID: <201003102253.o2AMrfBa017817@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Fedora update for samba SECUNIA ADVISORY ID: SA38876 VERIFY ADVISORY: http://secunia.com/advisories/38876/ DESCRIPTION: Fedora has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. For more information: SA38804 SOLUTION: Apply updated packages via the yum utility ("yum update samba"). ORIGINAL ADVISORY: FEDORA-2010-4050: https://admin.fedoraproject.org/updates/samba-3.4.7-0.50.fc11 OTHER REFERENCES: SA38804: http://secunia.com/advisories/38804/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 10 15:06:44 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Mar 2010 00:06:44 +0100 Subject: [SEC] [SA38890] NUs Newssystem "id" SQL Injection Vulnerability Message-ID: <201003102306.o2AN6iOX005295@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: NUs Newssystem "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38890 VERIFY ADVISORY: http://secunia.com/advisories/38890/ DESCRIPTION: A vulnerability has been discovered in NUs Newssystem, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter in NUs.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.02. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: n3w7u ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Mar 10 15:20:47 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Mar 2010 00:20:47 +0100 Subject: [SEC] [SA38868] Debian update for tdiary Message-ID: <201003102320.o2ANKlDL025215@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Debian update for tdiary SECUNIA ADVISORY ID: SA38868 VERIFY ADVISORY: http://secunia.com/advisories/38868/ DESCRIPTION: Debian has issued an update for tdiary. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA38742 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.2.1-1+lenny1.dsc Size/MD5 checksum: 1083 3256337487cc7177ac6a20a5815c2e5e http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.2.1-1+lenny1.diff.gz Size/MD5 checksum: 28848 47109a3e807f5595fb580a3eed3ce2a6 http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.2.1.orig.tar.gz Size/MD5 checksum: 4207143 41bd634fc4a8a6ffe93f70d33c826865 Architecture independent packages: http://security.debian.org/pool/updates/main/t/tdiary/tdiary-theme_2.2.1-1+lenny1_all.deb Size/MD5 checksum: 3671582 e23890cfcdbd50cf8edd68dea769f8ec http://security.debian.org/pool/updates/main/t/tdiary/tdiary-contrib_2.2.1-1+lenny1_all.deb Size/MD5 checksum: 209268 4425e9c291d09015b1d89eba2d345155 http://security.debian.org/pool/updates/main/t/tdiary/tdiary-plugin_2.2.1-1+lenny1_all.deb Size/MD5 checksum: 270084 c27fa1b2a89f4bc7edb08332aa0270ab http://security.debian.org/pool/updates/main/t/tdiary/tdiary-mode_2.2.1-1+lenny1_all.deb Size/MD5 checksum: 36916 9fee97c0332c554040f646660c22b54d http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.2.1-1+lenny1_all.deb Size/MD5 checksum: 201722 cf6df3658938bc5df5839f29cd51d34e ORIGINAL ADVISORY: DSA-2009-1: http://www.us.debian.org/security/2010/dsa-2009 OTHER REFERENCES: SA38742: http://secunia.com/advisories/38742/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 11 10:26:32 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Mar 2010 19:26:32 +0100 Subject: [SEC] [SA38913] Drupal TinyMCE Module Script Insertion Vulnerability Message-ID: <201003111826.o2BIQWkn018078@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Drupal TinyMCE Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA38913 VERIFY ADVISORY: http://secunia.com/advisories/38913/ DESCRIPTION: A vulnerability has been reported in the TinyMCE module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Input passed to the TinyMCE module is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires "administer tinymce" permission. The vulnerability is reported in versions prior to 5.x-1.11. SOLUTION: Update to version 5.x-1.11. http://drupal.org/node/737176 PROVIDED AND/OR DISCOVERED BY: The vendor credits Justin C. Klein Keane. ORIGINAL ADVISORY: SA-CONTRIB-2010-025: http://drupal.org/node/738302 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 11 11:26:34 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Mar 2010 20:26:34 +0100 Subject: [SEC] [SA38901] Debian update for kvm Message-ID: <201003111926.o2BJQY8Q007414@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Debian update for kvm SECUNIA ADVISORY ID: SA38901 VERIFY ADVISORY: http://secunia.com/advisories/38901/ DESCRIPTION: Debian has issued an update for kvm. This fixes some vulnerabilities, which can be exploited by malicious, local users in a KVM guest to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA38405 SA38499 SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5.dsc Size/MD5 checksum: 1341 14718fcd8584519702b567233d31abd6 http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg.orig.tar.gz Size/MD5 checksum: 3250251 899a66ae2ea94e994e06f637e1afef4a http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5.diff.gz Size/MD5 checksum: 51204 40d0b0ba8df5fbd8cfc0c837b0da4db2 Architecture independent packages: http://security.debian.org/pool/updates/main/k/kvm/kvm-source_72+dfsg-5~lenny5_all.deb Size/MD5 checksum: 159990 7a50d4ad7242107fa3443fcf6a30197d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5_amd64.deb Size/MD5 checksum: 1110560 df3bcd5f384fc054863dac9947f60ddb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/kvm/kvm_72+dfsg-5~lenny5_i386.deb Size/MD5 checksum: 1034558 4f74cdb89f87634ef7c44c2a2d488a1a ORIGINAL ADVISORY: DSA-2010-1: http://lists.debian.org/debian-security-announce/2010/msg00050.html OTHER REFERENCES: SA38405: http://secunia.com/advisories/38405/ SA38499: http://secunia.com/advisories/38499/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 11 12:27:03 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Mar 2010 21:27:03 +0100 Subject: [SEC] [SA38880] Ubuntu update for dpkg Message-ID: <201003112027.o2BKR3gh029179@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Ubuntu update for dpkg SECUNIA ADVISORY ID: SA38880 VERIFY ADVISORY: http://secunia.com/advisories/38880/ DESCRIPTION: Ubuntu has issued an update for dpkg. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data or compromise a vulnerable system. The vulnerability is caused due to an error in dpkg-source when unpacking source packages. This can be exploited to modify arbitrary files outside of the intended destination directory. SOLUTION: Apply updated packages. -- Ubuntu 6.06 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1.dsc Size/MD5: 760 34441c52e805649411aefadcf436c498 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1.tar.gz Size/MD5: 3605915 fff28ddf0f4817c3ecbcc5444ce7a452 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.13.11ubuntu7.1_all.deb Size/MD5: 163246 0422c23c508b70a10351558490d74d56 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_amd64.deb Size/MD5: 1910180 0f671a7f4397f7e644f049c475e931db http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_amd64.deb Size/MD5: 126800 97ee0be20c06746e8896bc1ebce5ea4b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_i386.deb Size/MD5: 1866112 544fd3d266045aebe103d70ab8b7509f http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_i386.deb Size/MD5: 117076 4dba6966f8d12302ecb46c58e1969ff1 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_powerpc.deb Size/MD5: 1898810 c32bbc1af794165bb4a23c454d37ec26 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_powerpc.deb Size/MD5: 127240 82fba117821acdc09b3662ca754052bf sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.13.11ubuntu7.1_sparc.deb Size/MD5: 1878838 3dfb5489e39febdd95abff4033f59d39 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.13.11ubuntu7.1_sparc.deb Size/MD5: 118940 e508264b3c4b7cb997a4ed087d089703 -- Ubuntu 8.04 LTS -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1.dsc Size/MD5: 1208 2a22d05fa34b6b04d5a17263bfe4f0d6 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1.tar.gz Size/MD5: 6390427 178b735e17fde21579df4ca26bfa6e67 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.16.6ubuntu4.1_all.deb Size/MD5: 559370 40325831979d41736a7d185cac8fbd00 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_amd64.deb Size/MD5: 2348266 4593b864a8d6a60adf493f9a1e6b635b http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_amd64.deb Size/MD5: 413652 f634c625575e29267e22ff8770d0590b i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_i386.deb Size/MD5: 2295972 d3054a2d2e7b382d01203f9020854c45 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_i386.deb Size/MD5: 405256 407e3696ed9ceeecc64b7ba3c95a9340 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_lpia.deb Size/MD5: 2296428 719d6602689db30cd1f7f7f1ae893c4f http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_lpia.deb Size/MD5: 406182 7067d8bb99e5b61d76b76bc9a6d9045b powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_powerpc.deb Size/MD5: 2349398 7091950bd709fe1703068d65ab9e92fb http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_powerpc.deb Size/MD5: 417724 3f8f2ad7d3e5a4489c0273a2cbbc694b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.16.6ubuntu4.1_sparc.deb Size/MD5: 2304870 8154035a4d26b6ecb3244ad436fd6a06 http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.16.6ubuntu4.1_sparc.deb Size/MD5: 406124 9369a5fe72e587105a85818cd1e01b95 -- Ubuntu 8.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3.dsc Size/MD5: 1374 b31bf239dbb395dedb8b8913006f424b http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3.tar.gz Size/MD5: 6667294 5e976d2038d4f4e7c091ff0a5a9d6287 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.20ubuntu6.3_all.deb Size/MD5: 612902 a23c54c5bb99d9ce8f0f3d3b34515622 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_amd64.deb Size/MD5: 2278804 90f46bebbae90673a1d4061f7d69eb9d http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_amd64.deb Size/MD5: 414836 b27191cafff2143d90453efcc758b466 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_i386.deb Size/MD5: 2230408 7e8a9e7997148da06dc2175d2b3a0249 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_i386.deb Size/MD5: 406610 a3e5a0a62c42671a5ccdd68fdf3ef186 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_lpia.deb Size/MD5: 2229312 a50c5d32e2bbe16d4f75d987295bfcec http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_lpia.deb Size/MD5: 406868 5c5c03bee5447f51c7fe9c8acf48e072 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_powerpc.deb Size/MD5: 2268434 20bcc6e0351ddc88ea0f0114ccd9fddc http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_powerpc.deb Size/MD5: 416446 63ab7115e4a551c4060db078b2e99c65 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.20ubuntu6.3_sparc.deb Size/MD5: 2235650 ebf0beecfc3cf739cb45d4e02e432ea2 http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.20ubuntu6.3_sparc.deb Size/MD5: 407274 eddb7ffd933d842d372ad5cca7f61ccc -- Ubuntu 9.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1.dsc Size/MD5: 1374 966f0d0737c4b468b297110b090c3ec8 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1.tar.gz Size/MD5: 6857872 af3f9838a9f61354f02f1376094dd387 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.14.24ubuntu1.1_all.deb Size/MD5: 643570 f8183801f8337e8f05d3f4f500839ee4 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_amd64.deb Size/MD5: 2402910 7e11960c3370d46ff85f6fbfb74cbb9c http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_amd64.deb Size/MD5: 418624 5410f79d5e0f97d16ed6fecfde8b1878 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_i386.deb Size/MD5: 2354476 d02b003cba30d3bb8b7ad76c3d6dcd75 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_i386.deb Size/MD5: 410460 483f6e495f85b2bee9e28f3176798c1f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_lpia.deb Size/MD5: 2352378 f9aae3bcecc6bf90a79430896b79c640 http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_lpia.deb Size/MD5: 410520 81dd12b39aa98e98f41a29c1b9058036 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_powerpc.deb Size/MD5: 2393240 25dca2b3b4a883a08d16837e9a35b911 http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_powerpc.deb Size/MD5: 420232 7467a2ea13d2e78b187f6bcefb55bf4b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.14.24ubuntu1.1_sparc.deb Size/MD5: 2360038 e90d547b96a88831053304d18343a5ef http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.14.24ubuntu1.1_sparc.deb Size/MD5: 411142 ea1b073a035a0b14d90bd36e41f63533 -- Ubuntu 9.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1.dsc Size/MD5: 1369 f882af2befea5a4b083bd0b92e332df4 http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1.tar.gz Size/MD5: 7046069 8b5a0f7410f1a275cc696383afacf621 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg-dev_1.15.4ubuntu2.1_all.deb Size/MD5: 573258 63b13346961f9bf2d36f2661bcce1b18 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_amd64.deb Size/MD5: 2170832 456e1befb49374eb295c8f5c0e634adc http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_amd64.deb Size/MD5: 333910 865568f183c69e5f99ae6bfd3c701628 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_i386.deb Size/MD5: 2126260 df700c2e82786fb0ba11b1ba293af49e http://security.ubuntu.com/ubuntu/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_i386.deb Size/MD5: 325634 c03e628356ca458881f95af0f74f28e9 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_lpia.deb Size/MD5: 2104834 d82b8607c7b2002c450536b92abc1024 http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_lpia.deb Size/MD5: 326974 75b5575b0e1321d5f8c01f01724970b2 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_powerpc.deb Size/MD5: 2171106 408fc498138e077016de2b63892c9bb4 http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_powerpc.deb Size/MD5: 333172 2efebdb20f9dc76f97b59340c1800995 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/d/dpkg/dpkg_1.15.4ubuntu2.1_sparc.deb Size/MD5: 2133260 a4dda0dea25fa3e484796a8e211c7dda http://ports.ubuntu.com/pool/main/d/dpkg/dselect_1.15.4ubuntu2.1_sparc.deb Size/MD5: 327004 09180d098f2c2dbed84a9f90097dd8fc PROVIDED AND/OR DISCOVERED BY: The vendor credits William Grant. ORIGINAL ADVISORY: USN-909-1: http://www.ubuntu.com/usn/USN-909-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 11 13:26:38 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Mar 2010 22:26:38 +0100 Subject: [SEC] [SA38884] Super Ad Blocker Multiple Vulnerabilities Message-ID: <201003112126.o2BLQcLp018494@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Super Ad Blocker Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38884 VERIFY ADVISORY: http://secunia.com/advisories/38884/ DESCRIPTION: Luka Milkovic has reported some vulnerabilities in Super Ad Blocker, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. 1) The SABProcEnum.sys kernel driver passes user-space pointers in calls to e.g. ZwQueryObject(). This can be exploited to cause a NULL-pointer dereference and crash an affected system via specially crafted IOCTLs. 2) A boundary error exists in SABKUTIL.sys when processing user-space registration requests. This can be exploited to cause a buffer overflow with process ID values and cause a system crash. 3) An error exists in SABKUTIL.sys when processing IOCTL_SABKUTIL_ZWOPENPROCESS requests. This can be exploited to corrupt kernel memory and cause a system crash via invalid parameters passed to ZwOpenProcess(). 4) The SABKUTIL.sys driver passes user-mode parameters to the ZwQueryValueKey() function. This can be exploited to overwrite arbitrary memory and potentially gain escalated privileges via a specially crafted IOCTL_SABKUTIL_QUERY_VALUE request. 5) The SABKUTIL.sys driver provides wrappers against registry and file functions. This can be exploited to read arbitrary files and registry keys, or write to arbitrary registry keys via specially crafted IOCTLs. 6) SABKUTIL.sys allows unrestricted access to the SetVistaTokenInformation() function. This can be exploited to cause a crash or gain escalated privileges via a specially crafted IOCTL_SABKUTIL_SET_VISTA_TOKEN_INFORMATION request. 7) An error in SABKUTIL.sys can be exploited to gain escalated privileges via a specially crafted IOCTL_SABKUTIL_SET_VISTA_PRIVILEGES_FOR_CURRENT_PROCESS request. The vulnerabilities are reported in version 4.6.1000. Other versions may also be affected. SOLUTION: Restrict local access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Luka Milkovic ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0195.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 11 14:20:48 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Mar 2010 23:20:48 +0100 Subject: [SEC] [SA38917] SUPERAntiSpyware Multiple Vulnerabilities Message-ID: <201003112220.o2BMKmaw007685@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: SUPERAntiSpyware Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38917 VERIFY ADVISORY: http://secunia.com/advisories/38917/ DESCRIPTION: Luka Milkovic has reported some vulnerabilities in SUPERAntiSpyware, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges. 1) The SASENUM.sys kernel driver passes user-space pointers in calls to e.g. ZwQueryObject(). This can be exploited to cause a NULL-pointer dereference and crash an affected system via specially crafted IOCTLs. 2) A boundary error exists in SASKUTIL.sys when processing user-space registration requests. This can be exploited to cause a buffer overflow with process ID values and cause a system crash. 3) An error exists in SASKUTIL.sys when processing IOCTL_SABKUTIL_ZWOPENPROCESS requests. This can be exploited to corrupt kernel memory and cause a system crash via invalid parameters passed to ZwOpenProcess(). 4) The SASKUTIL.sys driver passes user-mode parameters to the ZwQueryValueKey() function. This can be exploited to overwrite arbitrary memory and potentially gain escalated privileges via a specially crafted IOCTL_SABKUTIL_QUERY_VALUE request. 5) The SASKUTIL.sys driver provides wrappers against registry and file functions. This can be exploited to read arbitrary files and registry keys, and modify arbitrary registry keys via specially crafted IOCTLs. 6) SASKUTIL.sys allows unrestricted access to the SetVistaTokenInformation() function. This can be exploited to cause a crash or gain escalated privileges via a specially crafted IOCTL_SABKUTIL_SET_VISTA_TOKEN_INFORMATION request. 7) An error in SASKUTIL.sys can be exploited to gain escalated privileges via a specially crafted IOCTL_SABKUTIL_SET_VISTA_PRIVILEGES_FOR_CURRENT_PROCESS request. The vulnerabilities are reported in version 4.33.1000. Other versions may also be affected. SOLUTION: Update to version 4.34.1000, which fixes some of the vulnerabilities. Restrict local access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Luka Milkovic ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0195.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 11 14:41:35 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Mar 2010 23:41:35 +0100 Subject: [SEC] [SA38895] ViewVC Query View Cross-Site Scripting Vulnerabilities Message-ID: <201003112241.o2BMfZp7027886@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: ViewVC Query View Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA38895 VERIFY ADVISORY: http://secunia.com/advisories/38895/ DESCRIPTION: Some vulnerabilities have been discovered in ViewVC, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to various parameters of the directory query view is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the directory query view is enabled. SOLUTION: Update to version 1.0.10 and 1.1.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2313&r2=2342&pathrev=HEAD http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?r1=2326&r2=2325&pathrev=2326 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 11 14:53:41 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 11 Mar 2010 23:53:41 +0100 Subject: [SEC] [SA38907] Debian update for dpkg Message-ID: <201003112253.o2BMrfQB015323@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Debian update for dpkg SECUNIA ADVISORY ID: SA38907 VERIFY ADVISORY: http://secunia.com/advisories/38907/ DESCRIPTION: Debian has issued an update for dpkg. This fixes a vulnerability, which can be exploited by malicious people to manipulate certain data and compromise a vulnerable system. The vulnerability is caused due to an error in dpkg-source when unpacking source packages. This can be exploited to modify arbitrary files outside of the intended destination directory. SOLUTION: Apply updated packages. -- Debian GNU/Linux 5.0 alias lenny -- Source archives: http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.dsc Size/MD5 checksum: 1544 7cf187bdb138606465a626f30da65423 http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29.tar.gz Size/MD5 checksum: 6849885 4326172a959b5b6484b4bc126e9f628d Architecture independent packages: http://security.debian.org/pool/updates/main/d/dpkg/dpkg-dev_1.14.29_all.deb Size/MD5 checksum: 770984 76f021d6ddbbd0726f123cc993f55b40 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_alpha.deb Size/MD5 checksum: 2446040 96fe37e062b47c64faf2e16463265d15 http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_alpha.deb Size/MD5 checksum: 814066 bc68e19e69ec46a769780a68fef862a8 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_amd64.deb Size/MD5 checksum: 2400244 0e38c74c3fd8cd11d3112b950e1fd42a http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_amd64.deb Size/MD5 checksum: 800106 6e1ef50a9e0821d4087ffd22aa71d031 arm architecture (ARM) http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_arm.deb Size/MD5 checksum: 2364912 308e279965adbc2d10a1131978b71fc1 http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_arm.deb Size/MD5 checksum: 798628 d891c19e779426db56070820c52ed52e armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_armel.deb Size/MD5 checksum: 797176 3ade9a406bb32f8e82205d78572c6f6a http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_armel.deb Size/MD5 checksum: 2361596 6e781e9051ecb40ae4b3dc89226d5f60 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_hppa.deb Size/MD5 checksum: 2414914 dea419be797918c210c7f2ea81b968a2 http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_hppa.deb Size/MD5 checksum: 812730 1b7ad0f69ef081f68c50df9023581d6f i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_i386.deb Size/MD5 checksum: 800424 66ebb60ebc836702afbe8cae59a39f35 http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_i386.deb Size/MD5 checksum: 2354472 d81c926899c940f03190ea74bfbecb7f ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_ia64.deb Size/MD5 checksum: 2606008 72fc1c9a4081e5d90bb1f7735b334f2b http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_ia64.deb Size/MD5 checksum: 842398 3ae67b486742d05ab49fe82c5d56521f mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_mips.deb Size/MD5 checksum: 2406768 78bd15417766928cc79d1950b02a0fac http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_mips.deb Size/MD5 checksum: 809606 a897741ac7876f70f9e69477eab3fe12 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_mipsel.deb Size/MD5 checksum: 811048 85bc3ad6ef312571f1e707f7b6136fd3 http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_mipsel.deb Size/MD5 checksum: 2402126 4ac9b517d9a39e37d05f0efdc131b93f powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_powerpc.deb Size/MD5 checksum: 2398050 3b98a0fe1f17e38905d189676fec7246 http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_powerpc.deb Size/MD5 checksum: 808874 88e02c80992df57289ce52b5cc032c3d s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_s390.deb Size/MD5 checksum: 2409406 7ca42e53f5a74e7381307fd5ca19b7a8 http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_s390.deb Size/MD5 checksum: 800334 161afe75a681ff023995bc5764e49947 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/d/dpkg/dpkg_1.14.29_sparc.deb Size/MD5 checksum: 2357888 2e1be7c5b81f5c9e66946396922b40ff http://security.debian.org/pool/updates/main/d/dpkg/dselect_1.14.29_sparc.deb Size/MD5 checksum: 798754 4709cd55f7f47a5fe2e82df17c019821 PROVIDED AND/OR DISCOVERED BY: The vendor credits William Grant. ORIGINAL ADVISORY: http://www.us.debian.org/security/2010/dsa-2011 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Mar 11 15:06:37 2010 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 12 Mar 2010 00:06:37 +0100 Subject: [SEC] [SA38916] Microsoft Windows HTML Help File Processing Vulnerability Message-ID: <201003112306.o2BN6b3J002805@CRON-IX-2.intnet> ---------------------------------------------------------------------- Use WSUS to deploy 3rd party patches Public BETA http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Microsoft Windows HTML Help File Processing Vulnerability SECUNIA ADVISORY ID: SA38916 VERIFY ADVISORY: http://s