Red Hat Security Advisory 2011-1243-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Thunderbird; however, affected certificates issued after this date cannot be re-enabled or used. All Thunderbird users should upgrade to this updated package, which resolves this issue. All running instances of Thunderbird must be restarted for the update to take effect.
a84407a2016081e8bda7c4f9f45b00c24167470f9687e5c422f4821fa7e4a5fbRed Hat Security Advisory 2011-1242-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. It was found that a Certificate Authority issued a fraudulent HTTPS certificate. This update renders any HTTPS certificates signed by that CA as untrusted, except for a select few. The now untrusted certificates that were issued before July 1, 2011 can be manually re-enabled and used again at your own risk in Firefox; however, affected certificates issued after this date cannot be re-enabled or used. All Firefox users should upgrade to these updated packages, which contain a backported patch. After installing the update, Firefox must be restarted for the changes to take effect.
a28c903f93557adfc798a97fc4731fe8bfcf56033b4aaa1c0fb1a1b29bf89b4bRed Hat Security Advisory 2011-1241-01 - eCryptfs is a stacked, cryptographic file system. It is transparent to the underlying file system and provides per-file granularity. eCryptfs is released as a Technology Preview for Red Hat Enterprise Linux 5 and 6. The setuid mount.ecryptfs_private utility allows users to mount an eCryptfs file system. This utility can only be run by users in the "ecryptfs" group. A race condition flaw was found in the way mount.ecryptfs_private checked the permissions of a requested mount point when mounting an encrypted file system. A local attacker could possibly use this flaw to escalate their privileges by mounting over an arbitrary directory.
6c5fc7a1ef62462fd1abff6cb7503e6efebb23451416bf6378dfd2e8325605e1Red Hat Security Advisory 2011-1240-01 - This is the 6-month notification of the End Of Life plans for Red Hat Enterprise Linux 4.
87858e568387be167f20a2f83ba5f89860586a61271a595d820c76dfcc53b921Red Hat Security Advisory 2011-1239-01 - This is the End of Life notification for Red Hat Enterprise Linux Extended Update Support Add-On (EUS) 4.7.
23eea8e167d4d7de5ea83163a19f1c04538d056c856eb093cb6f719d6adfd0acZero Day Initiative Advisory 11-277 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way QuickTime handles 'mp4v' codec information. When parsing the video description table it will read the size field preceding the 'mp4v' tag and use that size to create an allocation to hold the data. It will then copy the correct amount of data into that buffer, but then does some endian changes on a fixed portion of the buffer without checking its size. The resulting memory corruption could result in remote code execution under the context of the current user.
a8598a8dd78e944633f17973eabb78630fc2d2bc0e142ec4979cc064eb1bd91bDebian Linux Security Advisory 2300-1 - Several unauthorised SSL certificates have been found in the wild issued for the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in the NSS crypto libraries.
88447320d17198b74f9bc3124e1ce5f1ee288bf0f1bc1bce82542640bc3bad22Debian Linux Security Advisory 2299-1 - An unauthorized SSL certificate has been found in the wild issued the DigiNotar Certificate Authority, obtained through a security compromise with said company. Debian, like other software distributors, has as a precaution decided to disable the DigiNotar Root CA by default in its ca-certificates bundle.
901a4c373aed4d29e2788dd76a69feec112f18b77226050ddcea0edbcb0f0459SQL-Ledger versions 2.8.33 and below and LedgerSMB versions 1.2.24 and below suffer from a remote SQL injection vulnerability.
74ae2dd9a5dbeecf672c223648b93cc3b3ea5aeb23766d4edca33c4cbbb332c1Cisco Security Advisory - Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs that are running software versions prior to TC4.0.0 or F9.1 contain a vulnerability that could allow an attacker to cause a denial of service. Cisco has released free software updates that address this vulnerability.
d046775df4a222ab70f9a6dd8997e978c24f6aed99fd5b6420b1c55eb73c47ddSecunia Security Advisory - Multiple vulnerabilities have been discovered in vAuthenticate, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.
919c0b99aeeee787e577ab55872fd64d4e96c2f60f09bb449b8278bada9f7165Secunia Security Advisory - A vulnerability has been reported in Axway SecureTransport, which can be exploited by malicious people to disclose sensitive information.
89b1191c37e121297f7b7a318579d3e2f5ec9c371872f14793659156abd45c28Secunia Security Advisory - Two vulnerabilities have been reported in Opera, where one has unknown impacts and the other one can be exploited by malicious people to bypass certain security features.
f0946053e62addda8c2e0a78a10c6310c46d50717738dc045f3073579d7466aeSecunia Security Advisory - A weakness has been reported in Gigaset A580 IP, which can be exploited by malicious people to disclose sensitive information.
ce6e28d7917a5a0b918d17baf29d965d7217515ea50f8aff354f3ed54a17027fSecunia Security Advisory - Red Hat has issued an update for samba and cifs-utils. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting and request forgery attacks.
7d3e127a1c079668f6ac5bea78abc2b9cffd85449428f5d1f80234c28b9d2a12Secunia Security Advisory - Aung Khant has discovered a vulnerability in Jcow, which can be exploited by malicious people to conduct cross-site scripting attacks.
4b51d1e13cffdf0e68108c823026211a090b75a10f2ca8ec427d6b7e7aa11e6dSecunia Security Advisory - A vulnerability has been reported in Apache Tomcat, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions.
1647031376a460470a3fb43fc11dc01cf34c8685cd134665e48615040fc33a9bCisco Security Advisory - The Apache HTTPd server contains a denial of service vulnerability when it handles multiple, overlapping ranges. Multiple Cisco products may be affected by this vulnerability. Mitigations that can be deployed on Cisco devices within the network are available in the Cisco Applied Intelligence companion document listed in this advisory.
e3f873ef74fc9699c6df741f380df175d71fa69b431831e573d3f294b6c86326Secunia Security Advisory - Cisco has acknowledged a vulnerability in Cisco Wireless Control System (WCS), which can be exploited by malicious people to cause a DoS (Denial of Service).
921050f367ad0099aa2453fe28c8223b014b07a127ac08608da875ae622142d3Debian Linux Security Advisory 2298-1 - Two issues have been found in the Apache HTTPD web server.
6e9061b65381e052868f049909e87b71f3eed7d315e49b4ef1507f8c11074dbcSecunia Security Advisory - A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious users to disclose potentially sensitive information.
10d580cdd61d7088c7f5d9294a6c5bc238a0bb10eabf75bf3f2dab4bc0b39bdfSecunia Security Advisory - SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.
a35c84cacc64cd03385e2c16cabdc3deb961b863d928817ce04e4d6992cc180aSecunia Security Advisory - SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.
a1373d7c7a29e57bfe8c385b49efd6f9df3299e65cbfbd395d03558422a02cbfSecunia Security Advisory - SUSE has issued an update for MozillaThunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a vulnerable system.
b14d754ae680c58b90c250f07015ac1b84e2ae373afa1366913649fe1164f09cSecunia Security Advisory - SUSE has issued an update for java-1_4_2-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.
6e3c2c63c4ae305cfd59d1d54c8c503fcc913ad3555124c5b9fbea72db43bc3b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed