[eddie5659]

Hiya

This thread is for all vulnerabilities in December. All previous ones can be found here:

http://forums.techguy.org/unix-linux...abilities.html

eddie

[eddie5659]

Sebastian Krahmer of SUSE Security found that the Mono System.Xml.Serialization class contained a /tmp race which potentially allows local attackers to execute code as the user using the Serialization method. This is tracked by the Mitre CVE ID CVE-2006-5072.

Affected Products:


Novell Linux Desktop 9
Open Enterprise Server
SLE SDK 10
SLES SDK 9
SUSE LINUX 10.1
SUSE LINUX 10.0
SUSE LINUX 9.3
SUSE SLED 10
SUSE SLES 10


http://www.linuxsecurity.com/content/view/126007/170/

eddie

[eddie5659]

Buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages that cause the make_printable_string function to return a longer string than expected while constructing a prompt. Updated packages have been patched to correct this issue.

http://www.linuxsecurity.com/content/view/126006/170/

eddie

[eddie5659]

Marco d'Itri discovered that thttpd, a small, fast and secure webserver, makes use of insecure temporary files when its logfiles are rotated, which might lead to a denial of service through a symlink attack. The original advisory for this issue didn't contain fixed packages for all supported architectures which are corrected in this update.

http://www.linuxsecurity.com/content/view/126008/170/

eddie

[eddie5659]

Teemu Salmela discovered a vulnerability in GNU tar that could allow a malicious user to overwrite arbitrary files by inducing the victim to attempt to extract a specially crafted tar file containing a GNUTYPE_NAMES record with a symbolic link

http://www.linuxsecurity.com/content/view/126009/170/

eddie

[eddie5659]

A buffer overflow was discovered in the Real Media input plugin in xine-lib. If a user were tricked into loading a specially crafted stream from a malicious server, the attacker could execute arbitrary code with the user's privileges.

http://www.linuxsecurity.com/content/view/126062/170/

eddie

[eddie5659]

A heap overflow was discovered in the OLE processing code in libgsf. If a user were tricked into opening a specially crafted OLE document, an attacker could execute arbitrary code with the user's privileges.

Versions Affected

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10


http://www.linuxsecurity.com/content/view/126061/170/

eddie

[eddie5659]

USN-390-1 fixed a vulnerability in evince. The original fix did not fully solve the problem, allowing for a denial of service in certain situations

Affected version

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10


http://www.linuxsecurity.com/content/view/126075/170/

eddie

[eddie5659]

USN-390-2 fixed vulnerabilities in evince. This update provides the corresponding update for evince-gtk.

Affected versions

Ubuntu 6.06 LTS
Ubuntu 6.10


http://www.linuxsecurity.com/content/view/126096/170/

eddie

[eddie5659]

Tavis Ormandy discovered that gnupg was incorrectly using the stack. If a user were tricked into processing a specially crafted message, an attacker could execute arbitrary code with the user's privileges

Affected versions

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10


http://www.linuxsecurity.com/content/view/126098/170/

eddie

[eddie5659]

New gnupg packages are available for Slackware 9.0, 9.1, 10.0, 10.1, 10.2, and 11.0 to fix security issues.

http://www.linuxsecurity.com/content/view/126095/170/

eddie

[eddie5659]

Updated GnuPG packages that fix two security issues are now available. This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


http://www.linuxsecurity.com/content/view/126082/170/

eddie

[eddie5659]

Updated mod_auth_kerb packages that fix a security flaw and a bug in multiple realm handling are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team.

Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


http://www.linuxsecurity.com/content/view/126081/170/

eddie

[eddie5659]

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the DocumentMedia header. Packages have been patched to correct this issue. Update: The patch used in the previous update still left the possibility of causing X to consume unusual amounts of memory if gv is used to view a carefully crafted image designed to exploit CVE-2006-5864. This update uses an improved patch to address this issue

http://www.linuxsecurity.com/content/view/126056/170/

eddie

[eddie5659]

Buffer overflow in the asmrp_eval function for the Real Media input plugin allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.

http://www.linuxsecurity.com/content/view/126076/170/

eddie