Gentoo Linux Security Advisory GLSA 200710-07 - Reinhard Max discovered a boundary error in Tk when processing an interlaced GIF with two frames where the second is smaller than the first one. Versions less than 8.4.15-r1 are affected.
6af99de5f09c5966ca3d185d72e9400e77f3b6b37a1166b04d3184d53ef2113f
Gentoo Linux Security Advisory GLSA 200710-06 - Moritz Jodeit reported an off-by-one error in the SSL_get_shared_ciphers() function, resulting from an incomplete fix of CVE-2006-3738. A flaw has also been reported in the BN_from_montgomery() function in crypto/bn/bn_mont.c when performing Montgomery multiplication. Versions less than 0.9.8e-r3 are affected.
0b7f742d6f45bd21e2f630fffb548c74e417ec802f803d9f557efab7654c51fd
Gentoo Linux Security Advisory GLSA 200710-05 - Raphael Marichez discovered that the DataLoader::doStart() method creates temporary files in an insecure manner and executes them. Versions less than 1.5.7 are affected.
773613846f6d77270c88683f54fd3dac922a3c1da0be8a29a45eb1eeac6516d1
Gentoo Linux Security Advisory GLSA 200710-04 - Robert Buchholz of the Gentoo Security team discovered that the flac_buffer_copy() function does not correctly handle FLAC streams with variable block sizes which leads to a heap-based buffer overflow. Versions less than 1.0.17-r1 are affected.
cb6be2c374e0dbf08552c7a74d4275119375285f4d3baeb02a4840bc3cb7b298
Gentoo Linux Security Advisory GLSA 200710-03 - David Thiel of iSEC Partners discovered a heap-based buffer overflow in the _01inverse() function in res0.c and a boundary checking error in the vorbis_info_clear() function in info.c. libvorbis is also prone to several Denial of Service vulnerabilities in form of infinite loops and invalid memory access with unknown impact. Versions less than 1.2.0 are affected.
7a907b2348ce906142b3aba0da5822b07995f88558fb4c797503d30416a2a1e2
Gentoo Linux Security Advisory GLSA 200710-02 - Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate() and gdImageCreateTrueColor() functions of the GD library which can cause heap-based buffer overflows. Gerhard Wagner discovered an integer overflow in the chunk_split() function that can lead to a heap-based buffer overflow. Its incomplete fix caused incorrect buffer size calculation due to precision loss, also resulting in a possible heap-based buffer overflow. A buffer overflow in the sqlite_decode_binary() of the SQLite extension found by Stefan Esser that was addressed in PHP 5.2.1 was not fixed correctly. Versions less than 5.2.4_p20070914-r2 are affected.
0954c820cef174c83409c66ee739a3d9955c800b776a51d4b17c9452a9f19875
The CarolinaCon 2008 Call For Papers is now open. It's an annual technology conference to enhance local and global awareness of current technology issues and developments, provide affordable technology education sessions to the unwashed masses, deliver varied/informative/interesting presentations on a wide variety of InfoSec/hacking/technology/science topics, and mix in enough entertainment and side contests/challenges to make for a truly fun event. It will be taking place March 28th through the 30th in Chapel Hill, NC, USA.
b2131f497fe1b4a3c1c6d8e33cfb7735b888ad4158afb9d07ca3a284a188f157
Debian Security Advisory 1362-2 - A problem was discovered in lighttpd, a fast webserver with minimal memory footprint, which could allow the execution of arbitary code via the overflow of CGI variables when mod_fcgi was enabled. This updated advisory correctly patches the security issue, which was not handled in DSA-1362-1.
8f2ce185c7b6d39f79b8a50243c553a71135c01a934c8220d4cd825f5884f2bf
Secunia Security Advisory - HP has issued an update for Apache. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, cause a DoS (Denial of Service), or compromise a vulnerable system.
adf69b7e2b3ff9c4bf08a8fe7140d5833f411da205f40bdc00b8874def4225a1
Secunia Security Advisory - Red Hat has issued an update for kdebase. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct spoofing attacks.
0a71914446b2a0509444795815be2f0aa4451c0f3a6a0c9fd7c8c1c3a1bb6ebf
Secunia Security Advisory - Debian has issued an update for xen-utils. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions or gain escalated privileges.
cb3ad53be1f8525947e08c92bafc8de72b9cf4186877dc21d6fcea5cbe3fd9c1
Secunia Security Advisory - Red Hat has issued an update for kdelibs. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks.
a223f38e6248360354a9acd303c4cb9e96151381fa57a5acc1a5ae8ad4e43905
Secunia Security Advisory - SnIpEr_SA has reported a vulnerability in SkaDate, which can be exploited by malicious people to disclose sensitive information.
e1f591cf48d07daf3b032ed3e675479be03eaf9feffc44f8bb595c870bbd3e0a
Secunia Security Advisory - Some vulnerabilities have been reported in AlsaPlayer, which potentially can be exploited by malicious people to compromise a user's system.
e654ea33618ce6c4ed493c6d18c5a4593f6aa4e20bcb90a8c2a363d935ffae03
Secunia Security Advisory - rPath has issued an update for elinks. This fixes a weakness, which can be exploited by malicious people to disclose sensitive information.
5a3e5495c4c5d2bb5ba822242a22a486993412d9bacaaf6f6a8e7782e377fffb
sqlninja is a small tool to exploit SQL injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable database server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a database Server when a SQL injection vulnerability has been discovered. It is written in perl and runs on Unix-like boxes.
e1f2978750e3d86dc04e6d185157d4936156bc2761f67fb73ff822ccd721f704
Kismet is an 802.11 layer 2 wireless network sniffer. It can sniff 802.11b, 802.11a, and 802.11g traffic. It is capable of sniffing using almost any wireless card supported in Linux, which currently divide into cards handled by libpcap and the Linux-Wireless extensions (such as Cisco Aironet), and cards supported by the Wlan-NG project which use the Prism/2 chipset (such as Linksys, Dlink, and Zoom). Besides Linux, Kismet also supports FreeBSD, OpenBSD and Mac OS X systems. Features Multiple packet capture sources, Runtime network sorting by AP MAC address (bssid), IP block detection via ARP and DHCP packet dissection, Cisco product detection via CDP, Ethereal and tcpdump compatible file logging, Airsnort-compatible "interesting" (cryptographically weak) logging, Secure SUID behavior, GPS devices and wireless devices fingerprinting. Kismet also includes a tool called gpsmap that can be used to create maps from logged GPS data.
023e7f47039c1ad8615052e464f76a3cd496a423449b931036d127c56d58b2b9
Nuface is a web-based administration tool that generates Edenwall, NuFW, or simple Netfilter firewall rules. It features a high level abstraction on the security policy set by the administrator, and works internally on an XML data scheme. Its philosophy is to let you agglomerate subjects, resources, or protocols into meta-objects, and use those meta objects to generate ACLs, which are then interpreted as netfilter rules by Nupyf, the internal XML parser. This tool may easily be extended to support firewall implementations other than Netfilter.
7074f84bb3bf6e05073cf78ed90da0d8a4fa43fbec2741dbfcaa357117a7f8e5
SnortSMS is a highly configurable sensor management system that provides the ability to remotely administer Snort [and Barnyard] based Intrusion Detection Systems (IDS), push configuration files, add/edit rules, and monitor system health and statistics, all from a simple and clean Web interface console. Whether you have one or multiple Snort sensors, it can help unify and synchronize all sensor configurations.
9e67221d06ccef9d285cdd521f9843717495626dabe06fa5e22e8c571417d262