VARIoT IoT vulnerabilities database

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. WebKit is prone to a remote memory corruption vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. NOTE: This issue was previously covered in BID 42020 (Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues. The verification of md5 checksums and GPG signatures is performed automatically for you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2188-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano March 10, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : webkit Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2010-1783 CVE-2010-2901 CVE-2010-4199 CVE-2010-4040 CVE-2010-4492 CVE-2010-4493 CVE-2010-4577 CVE-2010-4578 CVE-2010-0474 CVE-2011-0482 CVE-2011-0778 Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. CVE-2010-2901 The rendering implementation in WebKit allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2010-4492 Use-after-free vulnerability in WebKit allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations. CVE-2010-4493 Use-after-free vulnerability in Webkit allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events CVE-2010-4577 The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to "Type Confusion." CVE-2010-4578 WebKit does not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale pointers." CVE-2011-0482 WebKit does not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document CVE-2011-0778 WebKit does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors. For the stable distribution (squeeze), these problems have been fixed in version 1.2.7-0+squeeze1 For the testing distribution (wheezy), and the unstable distribution (sid), these problems have been fixed in version 1.2.7-1 Security support for WebKit has been discontinued for the oldstable distribution (lenny). The current version in oldstable is not supported by upstream anymore and is affected by several security issues. Backporting fixes for these and any future issues has become unfeasible and therefore we need to drop our security support for the version in oldstable. We recommend that you upgrade your webkit packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk14wQsACgkQNxpp46476aoXmwCeKgjoeW/tk75Uh9AwrLtl/FHh GkwAn1jIKnQkWAe61ANCesQGGMK2BAuB =saVN -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; does not properly handle just-in-time (JIT) compiled JavaScript stubs, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to a "reentrancy issue.". This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-07-28-1. These issues affect versions prior to Safari 5.0.1 and 4.1.1 running on Apple Mac OS X, Windows 7, XP, and Vista. Attackers can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks may result in information disclosure, remote code execution, denial of service, or other consequences. This BID is being retired. The following individual records exist to better document these issues: 41884 Apple Safari Personal Address Book AutoFill Information Disclosure Weakness 42034 WebKit Inline Elements Remote Memory Corruption Vulnerability 42035 WebKit CVE-2010-1783 Remote Memory Corruption Vulnerability 42036 WebKit CSS Counters Remote Memory Corruption Vulnerability 42037 WebKit ':first-letter' and ':first-line' Pseudo-Elements Remote Memory Corruption Vulnerability 42038 WebKit CVE-2010-1787 Floating Elements Remote Memory Corruption Vulnerability 42039 Apple Safari RSS Feed Information Disclosure Vulnerability 42041 WebKit 'use' Element Handling Remote Memory Corruption Vulnerability 42042 WebKit Regular Expression Handling Remote Memory Corruption Vulnerability 42043 WebKit Just-In-Time Compiled JavaScript Stubs Remote Code Execution Vulnerability 42044 WebKit Element Focus Use-After-Free Remote Code Execution Vulnerability 42045 WebKit JavaScript Array Signedness Error Remote Code Execution Vulnerability 42046 WebKit 'foreignObject' Elements Use-After-Free Remote Code Execution Vulnerability 42048 WebKit JavaScript String Object Remote Heap Based Buffer Overflow Vulnerability 42049 WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. This fixes multiple vulnerabilities, some of which have an unknown impact while others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1006-1: http://www.ubuntu.com/usn/usn-1006-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Multiple packages, Multiple vulnerabilities fixed in 2011 Date: December 11, 2014 Bugs: #194151, #294253, #294256, #334087, #344059, #346897, #350598, #352608, #354209, #355207, #356893, #358611, #358785, #358789, #360891, #361397, #362185, #366697, #366699, #369069, #370839, #372971, #376793, #381169, #386321, #386361 ID: 201412-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. Please see the package list and CVE identifiers below for more information. Background ========== For more information on the packages listed in this GLSA, please see their homepage referenced in the ebuild. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 games-sports/racer-bin >= 0.5.0-r1 Vulnerable! 2 media-libs/fmod < 4.38.00 >= 4.38.00 3 dev-php/PEAR-Mail < 1.2.0 >= 1.2.0 4 sys-fs/lvm2 < 2.02.72 >= 2.02.72 5 app-office/gnucash < 2.4.4 >= 2.4.4 6 media-libs/xine-lib < 1.1.19 >= 1.1.19 7 media-sound/lastfmplayer < 1.5.4.26862-r3 >= 1.5.4.26862-r3 8 net-libs/webkit-gtk < 1.2.7 >= 1.2.7 9 sys-apps/shadow < 4.1.4.3 >= 4.1.4.3 10 dev-php/PEAR-PEAR < 1.9.2-r1 >= 1.9.2-r1 11 dev-db/unixODBC < 2.3.0-r1 >= 2.3.0-r1 12 sys-cluster/resource-agents < 1.0.4-r1 >= 1.0.4-r1 13 net-misc/mrouted < 3.9.5 >= 3.9.5 14 net-misc/rsync < 3.0.8 >= 3.0.8 15 dev-libs/xmlsec < 1.2.17 >= 1.2.17 16 x11-apps/xrdb < 1.0.9 >= 1.0.9 17 net-misc/vino < 2.32.2 >= 2.32.2 18 dev-util/oprofile < 0.9.6-r1 >= 0.9.6-r1 19 app-admin/syslog-ng < 3.2.4 >= 3.2.4 20 net-analyzer/sflowtool < 3.20 >= 3.20 21 gnome-base/gdm < 3.8.4-r3 >= 3.8.4-r3 22 net-libs/libsoup < 2.34.3 >= 2.34.3 23 app-misc/ca-certificates < 20110502-r1 >= 20110502-r1 24 dev-vcs/gitolite < 1.5.9.1 >= 1.5.9.1 25 dev-util/qt-creator < 2.1.0 >= 2.1.0 ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. ------------------------------------------------------------------- 25 affected packages Description =========== Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. * FMOD Studio * PEAR Mail * LVM2 * GnuCash * xine-lib * Last.fm Scrobbler * WebKitGTK+ * shadow tool suite * PEAR * unixODBC * Resource Agents * mrouted * rsync * XML Security Library * xrdb * Vino * OProfile * syslog-ng * sFlow Toolkit * GNOME Display Manager * libsoup * CA Certificates * Gitolite * QtCreator * Racer Impact ====== A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround ========== There are no known workarounds at this time. Resolution ========== All FMOD Studio users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/fmod-4.38.00" All PEAR Mail users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-Mail-1.2.0" All LVM2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-fs/lvm2-2.02.72" All GnuCash users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-office/gnucash-2.4.4" All xine-lib users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.19" All Last.fm Scrobbler users should upgrade to the latest version: # emerge --sync # emerge -a --oneshot -v ">=media-sound/lastfmplayer-1.5.4.26862-r3" All WebKitGTK+ users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-1.2.7" All shadow tool suite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-apps/shadow-4.1.4.3" All PEAR users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-php/PEAR-PEAR-1.9.2-r1" All unixODBC users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/unixODBC-2.3.0-r1" All Resource Agents users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=sys-cluster/resource-agents-1.0.4-r1" All mrouted users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/mrouted-3.9.5" All rsync users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/rsync-3.0.8" All XML Security Library users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-libs/xmlsec-1.2.17" All xrdb users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=x11-apps/xrdb-1.0.9" All Vino users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/vino-2.32.2" All OProfile users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/oprofile-0.9.6-r1" All syslog-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/syslog-ng-3.2.4" All sFlow Toolkit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/sflowtool-3.20" All GNOME Display Manager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-base/gdm-3.8.4-r3" All libsoup users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-libs/libsoup-2.34.3" All CA Certificates users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-misc/ca-certificates-20110502-r1" All Gitolite users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-vcs/gitolite-1.5.9.1" All QtCreator users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/qt-creator-2.1.0" Gentoo has discontinued support for Racer. We recommend that users unmerge Racer: # emerge --unmerge "games-sports/racer-bin" NOTE: This is a legacy GLSA. Updates for all affected architectures have been available since 2012. It is likely that your system is already no longer affected by these issues. References ========== [ 1 ] CVE-2007-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4370 [ 2 ] CVE-2009-4023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4023 [ 3 ] CVE-2009-4111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4111 [ 4 ] CVE-2010-0778 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0778 [ 5 ] CVE-2010-1780 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1780 [ 6 ] CVE-2010-1782 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1782 [ 7 ] CVE-2010-1783 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1783 [ 8 ] CVE-2010-1784 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1784 [ 9 ] CVE-2010-1785 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1785 [ 10 ] CVE-2010-1786 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1786 [ 11 ] CVE-2010-1787 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1787 [ 12 ] CVE-2010-1788 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1788 [ 13 ] CVE-2010-1790 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1790 [ 14 ] CVE-2010-1791 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1791 [ 15 ] CVE-2010-1792 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1792 [ 16 ] CVE-2010-1793 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1793 [ 17 ] CVE-2010-1807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1807 [ 18 ] CVE-2010-1812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1812 [ 19 ] CVE-2010-1814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1814 [ 20 ] CVE-2010-1815 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1815 [ 21 ] CVE-2010-2526 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2526 [ 22 ] CVE-2010-2901 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2901 [ 23 ] CVE-2010-3255 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3255 [ 24 ] CVE-2010-3257 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3257 [ 25 ] CVE-2010-3259 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3259 [ 26 ] CVE-2010-3362 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3362 [ 27 ] CVE-2010-3374 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3374 [ 28 ] CVE-2010-3389 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3389 [ 29 ] CVE-2010-3812 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3812 [ 30 ] CVE-2010-3813 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3813 [ 31 ] CVE-2010-3999 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3999 [ 32 ] CVE-2010-4042 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4042 [ 33 ] CVE-2010-4197 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4197 [ 34 ] CVE-2010-4198 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4198 [ 35 ] CVE-2010-4204 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4204 [ 36 ] CVE-2010-4206 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4206 [ 37 ] CVE-2010-4492 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4492 [ 38 ] CVE-2010-4493 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4493 [ 39 ] CVE-2010-4577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4577 [ 40 ] CVE-2010-4578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4578 [ 41 ] CVE-2011-0007 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0007 [ 42 ] CVE-2011-0465 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0465 [ 43 ] CVE-2011-0482 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0482 [ 44 ] CVE-2011-0721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0721 [ 45 ] CVE-2011-0727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0727 [ 46 ] CVE-2011-0904 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0904 [ 47 ] CVE-2011-0905 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0905 [ 48 ] CVE-2011-1072 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1072 [ 49 ] CVE-2011-1097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1097 [ 50 ] CVE-2011-1144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1144 [ 51 ] CVE-2011-1425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1425 [ 52 ] CVE-2011-1572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1572 [ 53 ] CVE-2011-1760 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1760 [ 54 ] CVE-2011-1951 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1951 [ 55 ] CVE-2011-2471 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2471 [ 56 ] CVE-2011-2472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2472 [ 57 ] CVE-2011-2473 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2473 [ 58 ] CVE-2011-2524 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2524 [ 59 ] CVE-2011-3365 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3365 [ 60 ] CVE-2011-3366 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3366 [ 61 ] CVE-2011-3367 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3367 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201412-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2014 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)

Directory traversal vulnerability in Cisco Internet Streamer, as used in Cisco Content Delivery System (CDS) 2.2.x, 2.3.x, 2.4.x, and 2.5.x before 2.5.7 allows remote attackers to read arbitrary files via a crafted URL. The Cisco CDS Internet Streamer webserver component is prone to a directory-traversal vulnerability. An unauthenticated attacker can exploit this issue to access sensitive information. Successful exploits may lead to other attacks. This issue is tracked by Cisco BugID CSCtd68063. Versions prior to Cisco Content Delivery System 2.5.7 are vulnerable. Remote attackers can read arbitrary files with the help of malformed URLs. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is posted at: http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml. Vulnerable Products +------------------ To determine the software version running on a Cisco Content Delivery Engine, log in to the device and issue the "show version" command line interface (CLI) command to display the system banner. On the same line of output, the version number will be provided. Content Delivery System Software Release 2.5.3 (build b8 Jan 21 2010) Version: cde200-2.5.3.8 Compiled 16:07:11 Jan 21 2010 by ipvbuild Compile Time Options: KQ SS System was restarted on Thu Jun 3 04:09:25 2010. The system has been up for 2 hours, 11 minutes, 27 seconds. cdn-cde# Alternatively the Content Delivery System Manager home page gives a brief summary of the software versions in use on all the devices in the content delivery system network. To view the software version running on a particular device, choose "Devices > Devices". The Devices Table page displays the software version for each device listed. For further information on finding the software version, refer to the "Maintaining the Internet Streamer CDS" at the following link: http://www.cisco.com/en/US/docs/video/cds/cda/is/2_5/configuration_guide/maint.html#wp1198510. No other Cisco products are currently known to be affected by this vulnerability. Details ======= The Cisco Internet Streamer application provides edge caching, content streaming, and downloads to subscriber IP devices such as PCs. This includes the password files used to hold admin account details and system logs. This vulnerability can be exploited over all open HTTP ports; TCP ports 80 (Default HTTP port), 443 (Default HTTPS port) and 8090 (Alternate HTTP and HTTPS port), as well as those that are configured as part of the HTTP proxy. In Cisco content delivery system software 2.5.3 and earlier, it is possible to configure "Enable Incoming Proxy", which when enabled, accepts incoming requests on configured ports, in addition to TCP port 80. The additional ports that the device will listen on for HTTP requests is defined in the "List of Incoming HTTP Ports" field, within "Devices > Devices > Application Control > Web > HTTP > HTTP Connections" of the content delivery system manager menu. For further information on HTTP settings, refer to the "Cisco Internet Streamer CDS 2.5 Software Configuration Guide - Configuring Devices" at the following link: http://www.cisco.com/en/US/docs/video/cds/cda/is/2_5/configuration_guide/configdevice.html. This vulnerability is documented in the Cisco Bug ID CSCtd68063 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-1577. Vulnerability Scoring Details +---------------------------- Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss * CSCtd68063 ("CDS Internet Streamer: Web Server Directory Traversal Vulnerability") CVSS Base Score - 7.8 Access Vector - Network Access Complexity - Low Authentication - Single Confidentiality Impact - Complete Integrity Impact - None Availability Impact - None CVSS Temporal Score - 6.4 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== An unauthenticated attacker may be able to exploit this issue to access sensitive information, including the password files and system logs, which could be leveraged to launch subsequent attacks. Software Versions and Fixes =========================== When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. The recommended release contains other software fixes that are recommended by Cisco. For further information please consult the release notes at the following link: http://www.cisco.com/en/US/docs/video/cds/cda/is/2_5/release_notes/CDS_RelNotes2_5_9.html#wp100128 +---------------------------------------+ | Cisco | | | | Content | | | | Delivery | First Fixed | Recommended | | System | Release | Release | | Software | | | | Release | | | |-----------+-------------+-------------| | | Vulnerable, | | | 2.2.x | Migrate to | | | | 2.5.7 or | | | | later | | |-----------+-------------+-------------| | | Vulnerable, | | | 2.3.x | Migrate to | | | | 2.5.7 or | | | | later | | |-----------+-------------+-------------| | | Vulnerable, | | | 2.4.x | Migrate to | | | | 2.5.7 or | | | | later | | |-----------+-------------+-------------| | 2.5.x | 2.5.7 | 2.5.9 | +---------------------------------------+ Workarounds =========== Service Rules +------------ As an interim step prior to upgrading the Cisco content delivery system software, it is possible to deny access to sensitive directories via service rules. The following example shows denying access to move up a directory level. This also caters for other directory moves, such as "\.\./", ".\./" or "\../": rule enable rule action block pattern-list 1 rule pattern-list 1 url-regex ^http://.*/../.* rule pattern-list 1 url-regex ^https://.*/../.* For more information on configuring service rules and for instructions on how to perform this via the content delivery system manager, consult the Cisco Internet Streamer CDS 2.5 Software Configuration Guide at the following link: http://www.cisco.com/en/US/docs/video/cds/cda/is/2_5/configuration_guide/configdevice.html#wp1773573. Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml. Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was reported to Cisco by BT and identified by Christopher Richardson & Simon John. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +-----------------------------------------------------------+ | Revision 1.0 | 2010 July 21 | Initial public release | +-----------------------------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html. This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at http://www.cisco.com/go/psirt. All rights reserved. +-------------------------------------------------------------------- Updated: Jul 21, 2010 Document ID: 112019 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkxHEIEACgkQ86n/Gc8U/uBiSQCeO8DOXUa1HP5mwVgPYQVkEVZJ fBAAnjNOGCtXhg/W5ktGiM+LNZ+Y5/Sg =Hf9O -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Cisco Content Delivery System Internet Streamer Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA40701 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40701/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40701 RELEASE DATE: 2010-07-22 DISCUSS ADVISORY: http://secunia.com/advisories/40701/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40701/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40701 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Content Delivery System, which can be exploited by malicious people to disclose sensitive information. This can be exploited to access arbitrary files (e.g. The vulnerability is reported in versions 2.2.x, 2.3.x, 2.4.x, and 2.5.x. SOLUTION: Update to version 2.5.7 or later. ORIGINAL ADVISORY: Cisco: http://www.cisco.com/warp/public/707/cisco-sa-20100721-spcdn.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor

The SAP J2EE engine is a core component of the SAP NetWeaver application platform, allowing Java solutions to be developed and executed within SAP. The J2EE engine includes a Web Services Navigator interface that allows remote attackers to perform cross-site scripting attacks by submitting malicious parameters to the interface. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials

Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. Apple iTunes is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI. Successful exploits can allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Apple iTunes is a free application available for multiple platforms that plays music and video content, as well as syncs content to iPods and Apple TVs

The SAP GUI is a graphical user interface client for SAP software. The SAPWADMXHTML ActiveX control has an unspecified error when processing the value of the \"tags\" property, constructing a malicious WEB page to entice user access to destroy heap memory. Successful exploitation of a vulnerability can execute arbitrary instructions in an application security context

Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568. Siemens SIMATIC WinCC is a multi-user system that provides complete monitoring and data acquisition (SCADA) functionality for the industrial sector, from single-user systems to redundant server and remote web client solutions. The Siemens SIMATIC WinCC data uses the built-in user name and password and does not inform the user that it needs to be modified. An attacker can use this information to read database data or inject code into a database. Siemens SIMATIC WinCC is affected by a vulnerability that allows attackers to bypass security. Successfully exploiting this issue may lead to further attacks. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Siemens SIMATIC WinCC Undocumented Database User Account SECUNIA ADVISORY ID: SA40682 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40682/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40682 RELEASE DATE: 2010-07-24 DISCUSS ADVISORY: http://secunia.com/advisories/40682/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40682/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40682 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to gain unauthorised access. SOLUTION: Restrict network access to the database to trusted users only. PROVIDED AND/OR DISCOVERED BY: Discovered in the wild. ORIGINAL ADVISORY: http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22 http://www.f-secure.com/weblog/archives/00001987.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight and Microsoft .NET Framework are prone to a remote code-execution vulnerability. Successful exploits will allow the attacker to execute arbitrary code within the context of the application. Failed exploit attempts will likely result in a denial-of-service condition. Mac OS X is an operating system used on Mac machines, based on the BSD system. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Microsoft Windows Shell Shortcut Parsing Vulnerability SECUNIA ADVISORY ID: SA40647 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40647/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40647 RELEASE DATE: 2010-07-17 DISCUSS ADVISORY: http://secunia.com/advisories/40647/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40647/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40647 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk) as certain parameters are not properly validated when attempting to load the icon. This can be exploited to automatically execute a program via a specially crafted shortcut. Successful exploitation requires that a user is e.g. tricked into inserting a removable media (when AutoPlay is enabled) or browse to the root folder of the removable media (when AutoPlay is disabled) using Windows Explorer or a similar file manager. Exploitation may also be possible via network shares and WebDAV shares. NOTE: This is currently being actively exploited in the wild via infected USB drives. SOLUTION: The vendor recommends disabling the displaying of icons for shortcuts (please see the Microsoft security advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/2286198.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . I. Microsoft has released updates to address the vulnerabilities. One of the bulletins released, MS10-046, addresses a previously identified vulnerability in the Windows Shell that is actively being exploited. This vulnerability was also described in US-CERT Vulnerability Note VU#940193. II. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for August 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for August 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx> * Microsoft Security Bulletin MS10-046 - <http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx> * US-CERT Vulnerability Note VU#940193 - <http://www.kb.cert.org/vuls/id/940193> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-222A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-222A Feedback VU#505527" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 10, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9 5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+ vgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP 6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8 at64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd ILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ== =TqKf -----END PGP SIGNATURE----- . 1) An error in the way Silverlight handles pointers can be exploited to corrupt memory by tricking a user into visiting a web site containing specially crafted Silverlight content. SOLUTION: Apply patches. 2) The vendor credits Eamon Nerbonne

Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability.". Microsoft Windows automatically executes code specified in shortcut (LNK and PIF) files. Microsoft Silverlight ActiveX control is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage. Successful exploits will allow the attacker to execute arbitrary code within the context of the application (typically Internet Explorer) that uses the ActiveX control. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Microsoft Windows Shell Shortcut Parsing Vulnerability SECUNIA ADVISORY ID: SA40647 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40647/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40647 RELEASE DATE: 2010-07-17 DISCUSS ADVISORY: http://secunia.com/advisories/40647/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40647/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40647 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in Windows Shell when parsing shortcuts (.lnk) as certain parameters are not properly validated when attempting to load the icon. This can be exploited to automatically execute a program via a specially crafted shortcut. Successful exploitation requires that a user is e.g. tricked into inserting a removable media (when AutoPlay is enabled) or browse to the root folder of the removable media (when AutoPlay is disabled) using Windows Explorer or a similar file manager. Exploitation may also be possible via network shares and WebDAV shares. NOTE: This is currently being actively exploited in the wild via infected USB drives. SOLUTION: The vendor recommends disabling the displaying of icons for shortcuts (please see the Microsoft security advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/2286198.mspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-222A Microsoft Updates for Multiple Vulnerabilities Original release date: August 10, 2010 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office * Internet Explorer * Microsoft .NET Framework * Microsoft Silverlight Overview Microsoft has released updates to address vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft .NET Framework, and Microsoft Silverlight. I. Description The Microsoft Security Bulletin Summary for August 2010 describes multiple vulnerabilities in Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft .NET framework, and Microsoft Silverlight. Microsoft has released updates to address the vulnerabilities. One of the bulletins released, MS10-046, addresses a previously identified vulnerability in the Windows Shell that is actively being exploited. This vulnerability was also described in US-CERT Vulnerability Note VU#940193. II. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for August 2010. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for August 2010 - <http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx> * Microsoft Security Bulletin MS10-046 - <http://www.microsoft.com/technet/security/bulletin/MS10-046.mspx> * US-CERT Vulnerability Note VU#940193 - <http://www.kb.cert.org/vuls/id/940193> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-222A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-222A Feedback VU#505527" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History August 10, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTGGh8j6pPKYJORa3AQKsFggAsrzo1PtpJq5GtMwN1fOuAXXPVmbka/U9 5pskj1MKlXDjWzxC47AAaG4fu7EQ/6flgDhzEifg89Xjmh74abZcwhPxbKHM5Y6+ vgrCmSwINZ0wKiWVmpi3mhIQ4rrjd9N2Db82xtHSv4VRDqpZ3HQreNgV06YsnvAP 6up4qCfL2qKzV7tr2/sCEmbMsjhjc7UK1BNGu1YWNxmHL/ypPF5Mjy7w0FFuOAE8 at64g4/unlRWEi42L+yq/54k41wi3X7s8XecpWgHlgtX9I6kyHKu7QijFB7kOiUd ILCTNCoF5xYIJ4Pdwgsj73rtmHotoRR1uLCLLr1Aisgxluqm61CJpQ== =TqKf -----END PGP SIGNATURE----- . 1) An error in the way Silverlight handles pointers can be exploited to corrupt memory by tricking a user into visiting a web site containing specially crafted Silverlight content. 2) An error in the .NET Framework when the CLR (Common Language Runtime) handles delegates to virtual methods can be exploited by a specially crafted .NET application or Silverlight application to execute arbitrary unmanaged code. SOLUTION: Apply patches. 2) The vendor credits Eamon Nerbonne

F5's FirePass server is a powerful network device that provides users with secure access to corporate networks through any standard web browser. The controller has an error when receiving the pre-login sequence token, and an attacker can exploit the vulnerability to access the login page from a non-compliant workstation using a token generated by a compatible workstation. Part of the input passed to the pre-login page lacks sufficient filtering before returning to the user, which can trigger a cross-site scripting attack, gain sensitive information, or gain unauthorized access to the application. F5 FirePass is prone to a security-bypass vulnerability. An attacker can exploit this issue to gain access to restricted content. This can lead to other attacks. F5 FirePass 5.5.2 and 6.1 are vulnerable; other versions may be affected. F5 FirePass is prone to a cross-site scripting vulnerability because the web interface fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: F5 FirePass Security Bypass and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA40611 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40611/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40611 RELEASE DATE: 2010-07-15 DISCUSS ADVISORY: http://secunia.com/advisories/40611/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40611/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40611 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in F5 FirePass, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. 2) Certain input passed to the pre-logon pages is not properly sanitised before being returned to the user. The vulnerabilities are reported in versions 5.5.2 and 6.1. SOLUTION: Apply hotfixes. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://support.f5.com/kb/en-us/solutions/public/11000/700/sol11797.html https://support.f5.com/kb/en-us/solutions/public/11000/700/sol11795.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The D-Link DAP-1160 is a small wireless AP. Send the correct format POST request to the following URL: http://IP_ADDR/apply.cgi?formhandler_func to change the device configuration, where IP_ADDR is the device IP address, and formhandler_func is the function used to complete the task, which will process the POST parameters in the request body. The formFilter() function included in it allows URL filtering operations to be performed on specific URLs. The provided URL is copied to a fixed-size stack buffer via a WEB page or by sending a properly formatted POST request. A buffer overflow can be triggered if a very long URL is provided. The D-Link DAP-1160 Web Administration Interface is prone to a remote buffer overflow vulnerability. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. D-Link DAP-1160 running firmware v120b06, v130b10, and v131b01 are vulnerable

Unspecified vulnerability in Oracle Sun Java System Application Server 8.0, 8.1, and 8.2; and GlassFish Enterprise Server 2.1.1; allows local users to affect confidentiality and integrity, related to the GUI. The 'GUI' sub component is affected. ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: Sun GlassFish Enterprise Server and Java System Application Server Unspecified Vulnerability SECUNIA ADVISORY ID: SA40610 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40610/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40610 RELEASE DATE: 2010-07-15 DISCUSS ADVISORY: http://secunia.com/advisories/40610/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40610/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40610 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Sun GlassFish Enterprise Server and Java System Application Server, which can be exploited by malicious, local users to manipulate or disclose certain data. The vulnerability is caused due to an unspecified error in the GUI component and can be exploited to manipulate or disclose certain data. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: It is currently unclear who reported the vulnerability as the Oracle Critical Patch Update for July 2010 only provides a bundled list of credits. This section will be updated when/if the original reporter provides more information. ORIGINAL ADVISORY: Oracle: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html#AppendixAS OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA10-194B Oracle Updates for Multiple Vulnerabilities Original release date: July 13, 2010 Last revised: -- Source: US-CERT Systems Affected * Oracle Database 11g Release 2, version 11.2.0.1 * Oracle Database 11g Release 1, version 11.1.0.7 * Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4 * Oracle Database 10g, version 10.1.0.5 * Oracle Database 9i Release 2, versions 9.2.0.8, 9.2.0.8DV * Oracle TimesTen In-Memory Database, versions 7.0.5.1.0, 7.0.5.2.0, 7.0.5.3.0, 7.0.5.4.0 * Oracle Secure Backup version 10.3.0.1 * Oracle Application Server, 10gR2, version 10.1.2.3.0 * Oracle Identity Management 10g, version 10.1.4.0.1 * Oracle WebLogic Server 11gR1 releases (10.3.1, 10.3.2 and 10.3.3) * Oracle WebLogic Server 10gR3 release (10.3.0) * Oracle WebLogic Server 10.0 through MP2 * Oracle WebLogic Server 9.0, 9.1, 9.2 through MP3 * Oracle WebLogic Server 8.1 through SP6 * Oracle WebLogic Server 7.0 through SP7 * Oracle JRockit R28.0.0 and earlier (JDK/JRE 5 and 6) * Oracle JRockit R27.6.6 and earlier (JDK/JRE 1.4.2, 5 and 6) * Oracle Business Process Management, versions 5.7.3, 6.0.5, 10.3.1, 10.3.2 * Oracle Enterprise Manager Grid Control 10g Release 5, version 10.2.0.5 * Oracle Enterprise Manager Grid Control 10g Release 1, version 10.1.0.6 * Oracle E-Business Suite Release 12, versions 12.0.4, 12.0.5, 12.0.6, 12.1.1 and 12.1.2 * Oracle E-Business Suite Release 11i, versions 11.5.10, 11.5.10.2 * Oracle Transportation Manager, Versions: 5.5.05.07, 5.5.06.00, 6.0.03 * PeopleSoft Enterprise Campus Solutions, version 9.0 * PeopleSoft Enterprise CRM, versions 9.0 and 9.1 * PeopleSoft Enterprise FSCM, versions 8.9, 9.0 and 9.1 * PeopleSoft Enterprise HCM, versions 8.9, 9.0 and 9.1 * PeopleSoft Enterprise PeopleTools, versions 8.49 and 8.50 * Oracle Sun Product Suite Overview The Oracle products and components listed above are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. I. Description The Oracle Critical Patch Update Advisory - July 2010 addresses 59 vulnerabilities in various Oracle products and components, including 21 vulnerabilities in Sun products. The Advisory provides information about affected components, access and authorization required for successful exploitation, and the impact from the vulnerabilities on data confidentiality, integrity, and availability. Oracle has associated CVE identifiers with the vulnerabilities addressed in this Critical Patch Update. If significant additional details about vulnerabilities and remediation techniques become available, we will update the Vulnerability Notes Database. II. Impact The impact of these vulnerabilities varies depending on the product, component, and configuration of the system. Potential consequences include the execution of arbitrary code or commands, information disclosure, and denial of service. Vulnerable components may be available to unauthenticated, remote attackers. An attacker who compromises an Oracle database may be able to access sensitive information. III. Solution Apply the appropriate patches or upgrade as specified in the Oracle Critical Patch Update Advisory - July 2010. Note that this document only lists newly corrected issues. Updates to patches for previously known issues are not listed. IV. References * Oracle Critical Patch Update Advisory - July 2010 - <http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2010.html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-194B.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-194B Feedback " in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History July 13, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTDzcAT6pPKYJORa3AQJQaQf/acWQGr1haaBqZfcM1+NBPBqeX9SajIk4 30wo+jCNHI4gQa2EmQj6AkZe1pgQn8k4UohQJFffDDQBoXSyJvZ2PXrL1/GvI/FG LLemUn5SyeSvSpPO15vtfWYHqX/sDjA/OD7D0o5gA7GFpiL21GrrfFrKR8PVlrxH oBxxdVN9q+/A04C8hDmH/lm/Q7vNC3P+UH7uJDOOJ+/58dEMi4OS8te3X3kClmhH ZXZWYu+kPJuRD8h/xKLRO9dXjRB6H9GclRnqUUTH3VLArR+mn2K/dM+hceF8DujO odrNm0rSsVKHfbIJWE1oxGAlcytLpSdo+pmZhKxajgR8++bhVrDF8g== =jzlQ -----END PGP SIGNATURE-----

The System Landscape Directory of SAP NetWeaver is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NetWeaver 6.4 through 7.02 are vulnerable.

The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504. Used for multiple products Apache Struts of XWork In OGNL For the expression evaluation of "#" ParameterInterceptors A vulnerability exists that bypasses the protection mechanism. XWork is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. Attackers can exploit this issue to manipulate server-side context objects with the privileges of the user running the application. Successful exploits can compromise the application and possibly the underlying computer. This issue is related to the vulnerability documented in BID 32101 (XWork 'ParameterInterceptor' Class OGNL Security Bypass Vulnerability); the implemented solution appears to have been incomplete. The component uses the ParameterInterceptors directive to parse the Object-Graph Navigation Language (OGNL) expressions that are implemented via a whitelist feature. An attacker could exploit this vulnerability by sending crafted requests that contain OGNL expressions to an affected system. An exploit could allow the attacker to execute arbitrary code on the targeted system. Cisco has released free software updates that address this vulnerability for all the affected products except Cisco Business Edition 3000 Series. Customers using Cisco Business Edition 3000 Series should contact their Cisco representative for available options. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: XWork "ParameterInterceptor" Security Bypass Vulnerability SECUNIA ADVISORY ID: SA40558 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40558/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40558 RELEASE DATE: 2010-07-13 DISCUSS ADVISORY: http://secunia.com/advisories/40558/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40558/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40558 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in XWork, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the "ParameterInterceptor" class improperly restricting access to server-side objects. This can be exploited to modify server-side objects and e.g. This is related to: SA32495 SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Meder Kydyraliev, Google Security Team ORIGINAL ADVISORY: http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0005 Synopsis: VMware vCenter Orchestrator remote code execution vulnerability Issue date: 2011-03-14 Updated on: 2011-03-14 (initial release of advisory) CVE numbers: CVE-2010-1870 - ------------------------------------------------------------------------ 1. Summary A vulnerability in VMware vCenter Orchestrator(vCO) could allow remote execution. 2. Relevant releases VMware vCenter Orchestrator 4.1 VMware vCenter Orchestrator 4.0 3. Problem Description VMware vCenter Orchestrator is an application to automate management tasks. It embeds Apache Struts (version 2.0.11) which is a third party component. The following vulnerability has been reported in Apache Struts 2.0.11 or earlier. A remote execution of code vulnerability could allow malicious users to bypass the '#'-usage protection built into the ParametersInterceptor, which could allow server side context objects to be manipulated. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1870 to this vulnerability. VMware would like to thank the Vulnerability Research Team of Digital Defense, Inc. for reporting this issue to us. Apache Struts version 2.0.11 and earlier also contain vulnerabilities which have not been assigned CVE names. This advisory also addresses these vulnerabilities described at the following URLs: * http://struts.apache.org/2.2.1/docs/s2-002.html * http://struts.apache.org/2.2.1/docs/s2-003.html * http://struts.apache.org/2.2.1/docs/s2-004.html Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Product Version on Apply Patch ============= ======== ======= ================= vCO 4.1 Windows vCO fix for Apache Struts * vCO 4.0 Windows vCO fix for Apache Struts * * Refer to VMware Knowledge Base article 1034175 for a workaround. 4. Solution Vmware vCenter Orchestrator --------------------------- vCenter Orchestrator workaround for Apache Struts http://kb.vmware.com/kb/1034175 5. References CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1870 - ------------------------------------------------------------------------ 6. Change log 2011-03-14 VMSA-2011-0005 Initial security advisory in conjunction with the release of an Apache Struts workaround for VMware vCenter Orchestrator on 2011-03-14. - ------------------------------------------------------------------------ 7. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: * security-announce at lists.vmware.com * bugtraq at securityfocus.com * full-disclosure at lists.grok.org.uk E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware security response policy http://www.vmware.com/support/policies/security_response.html General support life cycle policy http://www.vmware.com/support/policies/eos.html VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html Copyright 2011 VMware Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.8.3 (Build 4028) Charset: utf-8 wj8DBQFNfoXpS2KysvBH1xkRAiuiAJ9nyIgRIEiD4kYI7ZODRu/m0iJOQgCeIbKD J0gV3DRUWD3NMkMKC/ysvZE= =8K7w -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . For more information: SA40558 SOLUTION: Update to FishEye 2.3.3 and Crucible 2.3.3 or apply patches. For more information: SA40558 SOLUTION: Fixed in the SVN repository. Document Title: =============== LISTSERV Maestro Remote Code Execution Vulnerability References (Source): ==================== https://www.securifera.com/advisories/sec-2020-0001/ https://www.lsoft.com/products/maestro.asp Release Date: ============= 2020-10-20 Product & Service Introduction: =============================== LISTSERV Maestro is an enterprise email marketing solution and allows you to easily engage your subscribers with targeted, intelligence-based opt-in campaigns. It offers easy tracking, reporting and list segmentation in a complete email marketing and analytics package. Vulnerability Information: ============================== Class: CWE-917 : Expression Language (EL) Injection Impact: Remote Code Execution Remotely Exploitable: Yes Locally Exploitable: Yes CVE Name: CVE-2010-1870 Vulnerability Description: ============================== A unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, version 9.0-8 and prior. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services. Vulnerability Disclosure Timeline: ================================== 2020-10-12: Contact Vendor and Request Security Contact Info From Support Team 2020-10-12: Report Vulnerability Information to Vendor 2020-10-12: Vendor Confirms Submission 2020-10-13: Vendor Releases Patch 2020-10-13: Securifera Confirms With Vendor that the Patch Mitigates CVE-2010-1870 but suggest upgrading vulnerable struts library 2020-10-15: Vendor Approves Public Disclosure Affected Product(s): ==================== LISTSERV Maestro 9.0-8 and prior Severity Level: =============== High Proof of Concept (PoC): ======================= A proof of concept will not be provided at this time. Solution - Fix & Patch: ======================= Temporary patch: https://dropbox.lsoft.us/download/LMA9.0-8-patch-2020-10-13.zip Security Risk: ============== The security risk of this remote code execution vulnerability is estimated as high. (CVSS 10.0) Credits & Authors: ================== Securifera, Inc - b0yd (@rwincey) Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Securifera disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Securifera is not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Securifera or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any licenses, policies, or hack into any systems. Domains: www.securifera.com Contact: contact [at] securifera [dot] com Social: twitter.com/securifera Copyright C 2020 | Securifera, Inc

Heap-based buffer overflow in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted length value in a POST fragment header in a font file. FreeType is prone to multiple remote vulnerabilities, including: Multiple buffer-overflow vulnerabilities A remote code-execution vulnerability Multiple integer-overflow vulnerabilities An attacker can exploit these issues by enticing an unsuspecting victim to open a specially crafted font file. Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions. Versions prior to FreeType 2.4.0 are vulnerable. It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. Background ========== FreeType is a high-quality and portable font engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/freetype < 2.4.8 >= 2.4.8 Description =========== Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8" References ========== [ 1 ] CVE-2010-1797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 [ 2 ] CVE-2010-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 [ 3 ] CVE-2010-2498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 [ 4 ] CVE-2010-2499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 [ 5 ] CVE-2010-2500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 [ 6 ] CVE-2010-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 [ 7 ] CVE-2010-2520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 [ 8 ] CVE-2010-2527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 [ 9 ] CVE-2010-2541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 [ 10 ] CVE-2010-2805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 [ 11 ] CVE-2010-2806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 [ 12 ] CVE-2010-2807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 [ 13 ] CVE-2010-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 [ 14 ] CVE-2010-3053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 [ 15 ] CVE-2010-3054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 [ 16 ] CVE-2010-3311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 [ 17 ] CVE-2010-3814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 [ 18 ] CVE-2010-3855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 [ 19 ] CVE-2011-0226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 [ 20 ] CVE-2011-3256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 [ 21 ] CVE-2011-3439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA40586 SA40816 SA45628 SA46575 SA46839 SA48268 SOLUTION: Apply updated packages via the zypper package manager. A heap buffer overflow was discovered in the bytecode support. The bytecode support is NOT enabled per default in Mandriva due to previous patent claims, but packages by PLF is affected (CVE-2010-2520). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520 http://savannah.nongnu.org/bugs/index.php?30082 http://savannah.nongnu.org/bugs/index.php?30083 http://savannah.nongnu.org/bugs/index.php?30106 http://savannah.nongnu.org/bugs/index.php?30248 http://savannah.nongnu.org/bugs/index.php?30249 http://savannah.nongnu.org/bugs/index.php?30263 http://savannah.nongnu.org/bugs/index.php?30306 http://savannah.nongnu.org/bugs/index.php?30361 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: a350e339a4fe6a22f36657cabbe6141a 2008.0/i586/libfreetype6-2.3.5-2.3mdv2008.0.i586.rpm bc9f891fe8d8a8c714d2534e06ad43d4 2008.0/i586/libfreetype6-devel-2.3.5-2.3mdv2008.0.i586.rpm a50784f5664168dc977a3ddcd493086a 2008.0/i586/libfreetype6-static-devel-2.3.5-2.3mdv2008.0.i586.rpm 1d1dbb9f37f74602796924f7ca63dce8 2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5ab49d2b55215d52399a254cf50a1956 2008.0/x86_64/lib64freetype6-2.3.5-2.3mdv2008.0.x86_64.rpm f820a98378b967322135bb10b75327c5 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.3mdv2008.0.x86_64.rpm 61ff08937d8ae39f41a1851b2b042ff3 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.3mdv2008.0.x86_64.rpm 1d1dbb9f37f74602796924f7ca63dce8 2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm Mandriva Linux 2009.0: f017f08c4b65d81140aa847e61c234a4 2009.0/i586/libfreetype6-2.3.7-1.2mdv2009.0.i586.rpm e2a712f6d532fa7cede07ff456b1f659 2009.0/i586/libfreetype6-devel-2.3.7-1.2mdv2009.0.i586.rpm b7b0c9acd3e79d7df842a0b8708386d2 2009.0/i586/libfreetype6-static-devel-2.3.7-1.2mdv2009.0.i586.rpm 2a9fe20c41938453790e8554dd7a38b2 2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 06e1c0b0330ea7485f0a1058e3ea410c 2009.0/x86_64/lib64freetype6-2.3.7-1.2mdv2009.0.x86_64.rpm 2e8d45b79ca52ec58b701b058d5042e5 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.2mdv2009.0.x86_64.rpm 73758504e74f747a577ba14f91d1fff6 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdv2009.0.x86_64.rpm 2a9fe20c41938453790e8554dd7a38b2 2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm Mandriva Linux 2009.1: df9d47720ebf2d9dcc3574a3b28f1f41 2009.1/i586/libfreetype6-2.3.9-1.3mdv2009.1.i586.rpm 32517c3e3680189ababc2bfb316dcbca 2009.1/i586/libfreetype6-devel-2.3.9-1.3mdv2009.1.i586.rpm 35577f7a2056c88f572f6bd646332b9a 2009.1/i586/libfreetype6-static-devel-2.3.9-1.3mdv2009.1.i586.rpm 2bd93e051bc87216b866f2e342868cda 2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 93d370c19ed7db70983a379745fd26c0 2009.1/x86_64/lib64freetype6-2.3.9-1.3mdv2009.1.x86_64.rpm 7f10623f49b55097ac9eafab3b47b0f4 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.3mdv2009.1.x86_64.rpm 739ba87a09510c56db2efddcf7b025a6 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.3mdv2009.1.x86_64.rpm 2bd93e051bc87216b866f2e342868cda 2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm Mandriva Linux 2010.0: 6d902cc9de35aa3be96aedc53e42fbc8 2010.0/i586/libfreetype6-2.3.11-1.1mdv2010.0.i586.rpm 15499b1ad5daf5e8eef7bd02081b2b9a 2010.0/i586/libfreetype6-devel-2.3.11-1.1mdv2010.0.i586.rpm ed079e1c8bba12831544e89f41f61902 2010.0/i586/libfreetype6-static-devel-2.3.11-1.1mdv2010.0.i586.rpm 26c3d66563a661b2d5dd4320006608e8 2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: a74b2d177174752d43977810e821c6c7 2010.0/x86_64/lib64freetype6-2.3.11-1.1mdv2010.0.x86_64.rpm 9c50ecf9f507944ee152f5984a79db8c 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.1mdv2010.0.x86_64.rpm 3522e4b48ea9970bdd6aabfb22aa0edd 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.1mdv2010.0.x86_64.rpm 26c3d66563a661b2d5dd4320006608e8 2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 0f19f70a4e6d8c02beab6648c23b8285 2010.1/i586/libfreetype6-2.3.12-1.1mdv2010.1.i586.rpm 5a934ad9a2f448f9329ec6af80333111 2010.1/i586/libfreetype6-devel-2.3.12-1.1mdv2010.1.i586.rpm 241e874e820a0970f98b707b8291c340 2010.1/i586/libfreetype6-static-devel-2.3.12-1.1mdv2010.1.i586.rpm 592e74e5a310612d4e1b8660e94a712b 2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 0771262b102961d7edc94575528d5948 2010.1/x86_64/lib64freetype6-2.3.12-1.1mdv2010.1.x86_64.rpm 01f630dde7c5896f9152e2a1d1ad141d 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.1mdv2010.1.x86_64.rpm 9c8e3745e78491cdfb2a039181de7e86 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.1mdv2010.1.x86_64.rpm 592e74e5a310612d4e1b8660e94a712b 2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm Corporate 4.0: b47474a48a5374b118a03dedb32675df corporate/4.0/i586/libfreetype6-2.1.10-9.10.20060mlcs4.i586.rpm ddd413cc050cc9bb5b36339b749f784a corporate/4.0/i586/libfreetype6-devel-2.1.10-9.10.20060mlcs4.i586.rpm 96eccead61eb74c0ca706349f27fd318 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.10.20060mlcs4.i586.rpm 3d08f8107cc7abab6570adb06b985ea2 corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6b01ebbb7476d3cc2d2a469d4250df63 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.10.20060mlcs4.x86_64.rpm 9ace9cf4dee54ad6a78b126f3ff1cdd6 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.10.20060mlcs4.x86_64.rpm 7a17d135bb1d36852c271fa353e50da0 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.10.20060mlcs4.x86_64.rpm 3d08f8107cc7abab6570adb06b985ea2 corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm Mandriva Enterprise Server 5: ab6b886c00b3956805885f42bb480d19 mes5/i586/libfreetype6-2.3.7-1.2mdvmes5.1.i586.rpm 184fc3238d6f761a727a51582d0ff2ff mes5/i586/libfreetype6-devel-2.3.7-1.2mdvmes5.1.i586.rpm b414bb7c2e78d7606a096bcda6ea2730 mes5/i586/libfreetype6-static-devel-2.3.7-1.2mdvmes5.1.i586.rpm d9fefde1ace3f7127c95fffb678b56bc mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 011bff1c7507d1c5b9039f9c48865f5e mes5/x86_64/lib64freetype6-2.3.7-1.2mdvmes5.1.x86_64.rpm 9a0b94b603f3765dc61590af87016b46 mes5/x86_64/lib64freetype6-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm ef94a826eb1218e9f6d027f50c1abad5 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm d9fefde1ace3f7127c95fffb678b56bc mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMQy2YmqjQ0CJFipgRAltfAJ4x+MQOm7pdWHXtx2uj6129UFUHWwCfcRSu ff6oX1VrH4m/hTnNaqDy5Nw= =XCr9 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: FreeType Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40586 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40586/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40586 RELEASE DATE: 2010-07-14 DISCUSS ADVISORY: http://secunia.com/advisories/40586/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40586/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40586 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to various errors when processing specially crafted font files, which can be exploited to e.g. cause memory corruptions and heap-based buffer overflows by e.g. tricking a user into opening specially crafted fonts in an application using the library. SOLUTION: Update to version 2.4.0. PROVIDED AND/OR DISCOVERED BY: Robert Swiecki ORIGINAL ADVISORY: Robert Swiecki: http://www.swiecki.net/security.html FreeType: http://savannah.nongnu.org/bugs/index.php?30082 http://savannah.nongnu.org/bugs/index.php?30083 http://savannah.nongnu.org/bugs/index.php?30106 http://savannah.nongnu.org/bugs/index.php?30248 http://savannah.nongnu.org/bugs/index.php?30249 http://savannah.nongnu.org/bugs/index.php?30263 http://savannah.nongnu.org/bugs/index.php?30306 http://savannah.nongnu.org/bugs/index.php?30361 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2070-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 14, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : freetype Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. Also, several buffer overflows were found in the included demo programs. For the stable distribution (lenny), these problems have been fixed in version 2.3.7-2+lenny2. For the unstable distribution (sid), these problems have been fixed in version 2.4.0-1. We recommend that you upgrade your freetype packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1 arm architecture (ARM) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkw+GCUACgkQXm3vHE4uylrkywCgy9GpS2XDmy5Y+pj3JOVAwpFs mWwAn1lQsDqPntOyBssbJ901IHmL8FW/ =Y+AX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-963-1 July 20, 2010 freetype vulnerabilities CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.7 Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.3 Ubuntu 9.04: libfreetype6 2.3.9-4ubuntu0.2 Ubuntu 9.10: libfreetype6 2.3.9-5ubuntu0.1 Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.1 After a standard system update you need to restart your session to make all the necessary changes. Details follow: Robert Święcki discovered that FreeType did not correctly handle certain malformed font files. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.7.diff.gz Size/MD5: 66378 53a1e74f47f7370e6cedfd49ef33f82a http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.7.dsc Size/MD5: 719 4f1ab392b150b45f00d7084a2fda2e3f http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 717700 ef25a872834db5b57de8cba1b9d198bb http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 440434 6f785a8660ca70a43e36157b9d5db23a http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 133890 558c68a334e4bb3ebbf9bb2058234d17 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_amd64.udeb Size/MD5: 251848 1cf31177a65df3bb23712a9620937724 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 677528 9551dffd9a301d368c799a38f7161bb4 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 415952 5605ecc4398f4e1c5fa8822233b36e9b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 117280 bb7fd6d1f7eb762cf355d8c34c3da705 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_i386.udeb Size/MD5: 227420 27670bac197089a9588b7167679e7f05 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 708556 09c6d8c9859b29f777e017d4532d7d6b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 430594 56625ca1fa70f5859a8e293a98421547 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 134270 ef77dec93e203f782865a3142d88c180 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_powerpc.udeb Size/MD5: 241644 b140c31ea68f78e54096ad60e1b214d0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 683840 184e946cc8d89d1d169b4047e27c92b0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 411518 a420b09b4f205bf6e55e7aa4782c88fc http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 120116 9c8db36770be6466ef897314ea4abc4b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_sparc.udeb Size/MD5: 222590 905398b9656ebc72cc70b7bdca894ab2 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.3.diff.gz Size/MD5: 37126 04fe68272c3a06e116a13e89f1ea4f13 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.3.dsc Size/MD5: 907 b46efc68ee637cb27c2a76d4594b5615 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 694110 b35305e27ad2531fd774c19748efde7b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 361814 cec5f15ce8a397d8212f764ff7e25f0b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 221334 56fd8a5204e014256105d1e7d833f275 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_amd64.udeb Size/MD5: 258230 21b232b84b12f335843504b49d9ff284 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 663244 3f15ca19cbe6fc05840409958cea65b1 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 346772 99afdc331b475c43beda28d4459ff4e5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 201222 d8487d4840b48cc60370daddc3fc61ab http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_i386.udeb Size/MD5: 243290 a9a85de7d9467d99e5fec169bfaa9908 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 665008 d19873caab8d82d40d046cf98350fb98 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 346972 580b60a5a20371df70d770e5b45d3d67 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 205460 dadb0d5ffc952504953c15d41d0a2356 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_lpia.udeb Size/MD5: 244160 d60ef9b4abdb4d345c382c3950075544 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 687172 978bb494ab76f8a150dc9f1886df2873 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 357724 f6c2693b012c775e7f85bea30e7d6ac7 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 235556 7c13b39c41718a3e7e594a08a9c42fd9 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_powerpc.udeb Size/MD5: 254440 80ad8bcba1a39760e217dc91f447aacd sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 657974 d1d6d8ab63f4e6624b1c7b69756d02f9 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 331648 8b2df436ad35d4c71c90ebfe1ed86c5d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 199746 4da2f86265e6a7714fbe0bde32f22154 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_sparc.udeb Size/MD5: 227682 dcf258655d624daa833a315fa68af6ae Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.2.diff.gz Size/MD5: 39290 799e4e568b9806952f927c4b3a896f87 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.2.dsc Size/MD5: 1311 ea7ece62a87ca6a90244d4a419ac6259 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 729182 0db366c000c726419ef46d0d2047adcd http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_amd64.udeb Size/MD5: 272744 96613f4e2ed3cc1217c9ac9ad2e8f8fa http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 406484 9580234639381beaf1e1e0ba1707b7e5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 226422 89ab56c75fbe22efb8140ca82960ddfd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 697534 1cf3d4991a00804ea20d7898cfddd6ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_i386.udeb Size/MD5: 257702 f96e5175f5ebfb858718498a5ac62971 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 391938 509d532cba962f210ee2223d51f7f001 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 198728 7930d58edf1ab1c3380e102b82ac5170 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 698598 a88f33a3010d4b7f8d331dd0346b22d4 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_lpia.udeb Size/MD5: 257644 6aed18309e225f9b1413f5c85696d725 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 392384 40c1a93c1b72421ca40f0a7b80f91882 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 201552 a9d7be5b254bead82386687714cf778e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 719872 60ff1a115a7254f82b8d80b6c6ef6b74 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_powerpc.udeb Size/MD5: 265648 72e68838b98843ff0515af3b854065f0 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 399740 ce2b8574754fb9a6c08bfdff0f3b8aa4 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 227856 fa508302d46bb73c1b2a13aa11871239 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 689132 c3d269891e090d405b2cf7da96e77341 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_sparc.udeb Size/MD5: 238116 7487d5f6c08361212430bca6261ef016 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 371970 95d02ed537411018ac66a3a91bc82093 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 201374 5c0f80146fd1366e88c75fd427b04f56 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.1.diff.gz Size/MD5: 38847 6694e4319b4b87a7366381ff0f4066ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.1.dsc Size/MD5: 1311 4aacd927d22517066aa795b0b4637c57 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 730814 04cbd59abf8eb133c93b5052881758c5 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_amd64.udeb Size/MD5: 274918 10491ab571ad8cc4314b53ae3a905809 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 408744 d9ed733aef1661ebe41bbc7cbf2c4f82 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 230716 be893e6cffe7985b67d8cfa4a52ed99d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 696776 9d749fe8de579cb210a0da29681ef8f0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_i386.udeb Size/MD5: 258496 1fdd1a45327b4289e58fae36a93a6de7 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 393238 5a0daf57499a91de25f76ccea6274279 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 195654 d7f4aafc59c8d61608ff6469356945d3 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 699162 446907e7a2853e3e27ad182fc87dd763 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_lpia.udeb Size/MD5: 259118 7d849cb8ef0ecafcacd8805aa5704f21 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 393668 9d9b9fcffa4bf4551b7f82a8a817b967 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 198448 5a680f80d2ae1815a4ab891cfeab51c9 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 719470 dc2557d025bf350eca70fb9b12e77a72 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_powerpc.udeb Size/MD5: 264240 017ed182ca776de01b1f4a31c28807f3 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 398432 673f831700bd5078dab940620328d16d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 203786 ad1d3625e2712b5290c1abdcf46c556f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 690882 474956a99bd530921143a5deaedb922a http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_sparc.udeb Size/MD5: 240326 43beb7cf66c7e9473280672381d539b2 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 374390 636de364e467d9400a8237ef636b5bb4 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 195772 0152eff0742d67f470d6a7e5d79ba410 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.1.diff.gz Size/MD5: 37792 91c5ee03d36da51a835976e0ff1c688e http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.1.dsc Size/MD5: 1313 34b2898a751164cadbd59572bf0eacc8 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 739366 b8e244fef49b2422e180b5fc37d4fc7b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_amd64.udeb Size/MD5: 277296 09c42186549e22f61dedc77f162bade9 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 434322 e62e542678e479a90938357c14f0a86a http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 221370 39c8dcc460781359a5283df0aba0792d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 704664 64c3751c6f9341a4bd432cccc4d611ae http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_i386.udeb Size/MD5: 260696 636de26225eae8f7c480738545ecaeae http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 418488 db37df9fc07ace0ef2ded4d9a7a91637 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 188672 cc48be4e042eb3215c50bec8ed566a91 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 727760 c1f31e0952484cb3a154c30d8efabe2e http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_powerpc.udeb Size/MD5: 266454 89a1057d4e013fae1c7265199a3b6627 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 423818 28a622d650c3c9e0db13a20f1d69acb1 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 196646 44a6cb7e6084c96fb95e36723e187b56 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 707062 4a3a0b8a2b1a3e3d19a219ebef461380 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_sparc.udeb Size/MD5: 250700 e827e5ab700b21f343e44a4da45253b7 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 407810 423b481bec4b66ec2375c34a6ce4e153 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 198278 0c059b0b2d188a61c50ea61aeededad8

Integer overflow in the gray_render_span function in smooth/ftgrays.c in FreeType before 2.4.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font file. FreeType is prone to multiple remote vulnerabilities, including: Multiple buffer-overflow vulnerabilities A remote code-execution vulnerability Multiple integer-overflow vulnerabilities An attacker can exploit these issues by enticing an unsuspecting victim to open a specially crafted font file. Successful exploits may allow attackers to execute arbitrary code in the context of applications that use the affected library. Failed exploit attempts will likely result in denial-of-service conditions. Versions prior to FreeType 2.4.0 are vulnerable. It can be used to rasterize and map characters into bitmaps and provide support for other font-related businesses. Background ========== FreeType is a high-quality and portable font engine. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/freetype < 2.4.8 >= 2.4.8 Description =========== Multiple vulnerabilities have been discovered in FreeType. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All FreeType users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/freetype-2.4.8" References ========== [ 1 ] CVE-2010-1797 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1797 [ 2 ] CVE-2010-2497 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2497 [ 3 ] CVE-2010-2498 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2498 [ 4 ] CVE-2010-2499 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2499 [ 5 ] CVE-2010-2500 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2500 [ 6 ] CVE-2010-2519 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2519 [ 7 ] CVE-2010-2520 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2520 [ 8 ] CVE-2010-2527 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2527 [ 9 ] CVE-2010-2541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2541 [ 10 ] CVE-2010-2805 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2805 [ 11 ] CVE-2010-2806 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2806 [ 12 ] CVE-2010-2807 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2807 [ 13 ] CVE-2010-2808 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2808 [ 14 ] CVE-2010-3053 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3053 [ 15 ] CVE-2010-3054 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3054 [ 16 ] CVE-2010-3311 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3311 [ 17 ] CVE-2010-3814 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3814 [ 18 ] CVE-2010-3855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3855 [ 19 ] CVE-2011-0226 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0226 [ 20 ] CVE-2011-3256 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3256 [ 21 ] CVE-2011-3439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3439 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201201-09.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA40586 SA40816 SA45628 SA46575 SA46839 SA48268 SOLUTION: Apply updated packages via the zypper package manager. A heap buffer overflow was discovered in the bytecode support. The bytecode support is NOT enabled per default in Mandriva due to previous patent claims, but packages by PLF is affected (CVE-2010-2520). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2497 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2498 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2499 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2500 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2519 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2520 http://savannah.nongnu.org/bugs/index.php?30082 http://savannah.nongnu.org/bugs/index.php?30083 http://savannah.nongnu.org/bugs/index.php?30106 http://savannah.nongnu.org/bugs/index.php?30248 http://savannah.nongnu.org/bugs/index.php?30249 http://savannah.nongnu.org/bugs/index.php?30263 http://savannah.nongnu.org/bugs/index.php?30306 http://savannah.nongnu.org/bugs/index.php?30361 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: a350e339a4fe6a22f36657cabbe6141a 2008.0/i586/libfreetype6-2.3.5-2.3mdv2008.0.i586.rpm bc9f891fe8d8a8c714d2534e06ad43d4 2008.0/i586/libfreetype6-devel-2.3.5-2.3mdv2008.0.i586.rpm a50784f5664168dc977a3ddcd493086a 2008.0/i586/libfreetype6-static-devel-2.3.5-2.3mdv2008.0.i586.rpm 1d1dbb9f37f74602796924f7ca63dce8 2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: 5ab49d2b55215d52399a254cf50a1956 2008.0/x86_64/lib64freetype6-2.3.5-2.3mdv2008.0.x86_64.rpm f820a98378b967322135bb10b75327c5 2008.0/x86_64/lib64freetype6-devel-2.3.5-2.3mdv2008.0.x86_64.rpm 61ff08937d8ae39f41a1851b2b042ff3 2008.0/x86_64/lib64freetype6-static-devel-2.3.5-2.3mdv2008.0.x86_64.rpm 1d1dbb9f37f74602796924f7ca63dce8 2008.0/SRPMS/freetype2-2.3.5-2.3mdv2008.0.src.rpm Mandriva Linux 2009.0: f017f08c4b65d81140aa847e61c234a4 2009.0/i586/libfreetype6-2.3.7-1.2mdv2009.0.i586.rpm e2a712f6d532fa7cede07ff456b1f659 2009.0/i586/libfreetype6-devel-2.3.7-1.2mdv2009.0.i586.rpm b7b0c9acd3e79d7df842a0b8708386d2 2009.0/i586/libfreetype6-static-devel-2.3.7-1.2mdv2009.0.i586.rpm 2a9fe20c41938453790e8554dd7a38b2 2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 06e1c0b0330ea7485f0a1058e3ea410c 2009.0/x86_64/lib64freetype6-2.3.7-1.2mdv2009.0.x86_64.rpm 2e8d45b79ca52ec58b701b058d5042e5 2009.0/x86_64/lib64freetype6-devel-2.3.7-1.2mdv2009.0.x86_64.rpm 73758504e74f747a577ba14f91d1fff6 2009.0/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdv2009.0.x86_64.rpm 2a9fe20c41938453790e8554dd7a38b2 2009.0/SRPMS/freetype2-2.3.7-1.2mdv2009.0.src.rpm Mandriva Linux 2009.1: df9d47720ebf2d9dcc3574a3b28f1f41 2009.1/i586/libfreetype6-2.3.9-1.3mdv2009.1.i586.rpm 32517c3e3680189ababc2bfb316dcbca 2009.1/i586/libfreetype6-devel-2.3.9-1.3mdv2009.1.i586.rpm 35577f7a2056c88f572f6bd646332b9a 2009.1/i586/libfreetype6-static-devel-2.3.9-1.3mdv2009.1.i586.rpm 2bd93e051bc87216b866f2e342868cda 2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 93d370c19ed7db70983a379745fd26c0 2009.1/x86_64/lib64freetype6-2.3.9-1.3mdv2009.1.x86_64.rpm 7f10623f49b55097ac9eafab3b47b0f4 2009.1/x86_64/lib64freetype6-devel-2.3.9-1.3mdv2009.1.x86_64.rpm 739ba87a09510c56db2efddcf7b025a6 2009.1/x86_64/lib64freetype6-static-devel-2.3.9-1.3mdv2009.1.x86_64.rpm 2bd93e051bc87216b866f2e342868cda 2009.1/SRPMS/freetype2-2.3.9-1.3mdv2009.1.src.rpm Mandriva Linux 2010.0: 6d902cc9de35aa3be96aedc53e42fbc8 2010.0/i586/libfreetype6-2.3.11-1.1mdv2010.0.i586.rpm 15499b1ad5daf5e8eef7bd02081b2b9a 2010.0/i586/libfreetype6-devel-2.3.11-1.1mdv2010.0.i586.rpm ed079e1c8bba12831544e89f41f61902 2010.0/i586/libfreetype6-static-devel-2.3.11-1.1mdv2010.0.i586.rpm 26c3d66563a661b2d5dd4320006608e8 2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: a74b2d177174752d43977810e821c6c7 2010.0/x86_64/lib64freetype6-2.3.11-1.1mdv2010.0.x86_64.rpm 9c50ecf9f507944ee152f5984a79db8c 2010.0/x86_64/lib64freetype6-devel-2.3.11-1.1mdv2010.0.x86_64.rpm 3522e4b48ea9970bdd6aabfb22aa0edd 2010.0/x86_64/lib64freetype6-static-devel-2.3.11-1.1mdv2010.0.x86_64.rpm 26c3d66563a661b2d5dd4320006608e8 2010.0/SRPMS/freetype2-2.3.11-1.1mdv2010.0.src.rpm Mandriva Linux 2010.1: 0f19f70a4e6d8c02beab6648c23b8285 2010.1/i586/libfreetype6-2.3.12-1.1mdv2010.1.i586.rpm 5a934ad9a2f448f9329ec6af80333111 2010.1/i586/libfreetype6-devel-2.3.12-1.1mdv2010.1.i586.rpm 241e874e820a0970f98b707b8291c340 2010.1/i586/libfreetype6-static-devel-2.3.12-1.1mdv2010.1.i586.rpm 592e74e5a310612d4e1b8660e94a712b 2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm Mandriva Linux 2010.1/X86_64: 0771262b102961d7edc94575528d5948 2010.1/x86_64/lib64freetype6-2.3.12-1.1mdv2010.1.x86_64.rpm 01f630dde7c5896f9152e2a1d1ad141d 2010.1/x86_64/lib64freetype6-devel-2.3.12-1.1mdv2010.1.x86_64.rpm 9c8e3745e78491cdfb2a039181de7e86 2010.1/x86_64/lib64freetype6-static-devel-2.3.12-1.1mdv2010.1.x86_64.rpm 592e74e5a310612d4e1b8660e94a712b 2010.1/SRPMS/freetype2-2.3.12-1.1mdv2010.1.src.rpm Corporate 4.0: b47474a48a5374b118a03dedb32675df corporate/4.0/i586/libfreetype6-2.1.10-9.10.20060mlcs4.i586.rpm ddd413cc050cc9bb5b36339b749f784a corporate/4.0/i586/libfreetype6-devel-2.1.10-9.10.20060mlcs4.i586.rpm 96eccead61eb74c0ca706349f27fd318 corporate/4.0/i586/libfreetype6-static-devel-2.1.10-9.10.20060mlcs4.i586.rpm 3d08f8107cc7abab6570adb06b985ea2 corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6b01ebbb7476d3cc2d2a469d4250df63 corporate/4.0/x86_64/lib64freetype6-2.1.10-9.10.20060mlcs4.x86_64.rpm 9ace9cf4dee54ad6a78b126f3ff1cdd6 corporate/4.0/x86_64/lib64freetype6-devel-2.1.10-9.10.20060mlcs4.x86_64.rpm 7a17d135bb1d36852c271fa353e50da0 corporate/4.0/x86_64/lib64freetype6-static-devel-2.1.10-9.10.20060mlcs4.x86_64.rpm 3d08f8107cc7abab6570adb06b985ea2 corporate/4.0/SRPMS/freetype2-2.1.10-9.10.20060mlcs4.src.rpm Mandriva Enterprise Server 5: ab6b886c00b3956805885f42bb480d19 mes5/i586/libfreetype6-2.3.7-1.2mdvmes5.1.i586.rpm 184fc3238d6f761a727a51582d0ff2ff mes5/i586/libfreetype6-devel-2.3.7-1.2mdvmes5.1.i586.rpm b414bb7c2e78d7606a096bcda6ea2730 mes5/i586/libfreetype6-static-devel-2.3.7-1.2mdvmes5.1.i586.rpm d9fefde1ace3f7127c95fffb678b56bc mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm Mandriva Enterprise Server 5/X86_64: 011bff1c7507d1c5b9039f9c48865f5e mes5/x86_64/lib64freetype6-2.3.7-1.2mdvmes5.1.x86_64.rpm 9a0b94b603f3765dc61590af87016b46 mes5/x86_64/lib64freetype6-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm ef94a826eb1218e9f6d027f50c1abad5 mes5/x86_64/lib64freetype6-static-devel-2.3.7-1.2mdvmes5.1.x86_64.rpm d9fefde1ace3f7127c95fffb678b56bc mes5/SRPMS/freetype2-2.3.7-1.2mdvmes5.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMQy2YmqjQ0CJFipgRAltfAJ4x+MQOm7pdWHXtx2uj6129UFUHWwCfcRSu ff6oX1VrH4m/hTnNaqDy5Nw= =XCr9 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- "From 2007 to 2009 vulnerabilities in a typical end-user PC almost doubled from about 220 to 420." Non-Microsoft software to blame for increase in vulnerabilities affecting typical Windows end-users, read more: http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf ---------------------------------------------------------------------- TITLE: FreeType Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40586 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40586/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40586 RELEASE DATE: 2010-07-14 DISCUSS ADVISORY: http://secunia.com/advisories/40586/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40586/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40586 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to various errors when processing specially crafted font files, which can be exploited to e.g. cause memory corruptions and heap-based buffer overflows by e.g. tricking a user into opening specially crafted fonts in an application using the library. SOLUTION: Update to version 2.4.0. PROVIDED AND/OR DISCOVERED BY: Robert Swiecki ORIGINAL ADVISORY: Robert Swiecki: http://www.swiecki.net/security.html FreeType: http://savannah.nongnu.org/bugs/index.php?30082 http://savannah.nongnu.org/bugs/index.php?30083 http://savannah.nongnu.org/bugs/index.php?30106 http://savannah.nongnu.org/bugs/index.php?30248 http://savannah.nongnu.org/bugs/index.php?30249 http://savannah.nongnu.org/bugs/index.php?30263 http://savannah.nongnu.org/bugs/index.php?30306 http://savannah.nongnu.org/bugs/index.php?30361 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-2070-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff July 14, 2010 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : freetype Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. Also, several buffer overflows were found in the included demo programs. For the stable distribution (lenny), these problems have been fixed in version 2.3.7-2+lenny2. For the unstable distribution (sid), these problems have been fixed in version 2.4.0-1. We recommend that you upgrade your freetype packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.dsc Size/MD5 checksum: 1219 a5930e5dfa3757bed045a67b7ef0e3e2 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7.orig.tar.gz Size/MD5 checksum: 1567540 c1a9f44fde316470176fd6d66af3a0e8 http://security.debian.org/pool/updates/main/f/freetype/freetype_2.3.7-2+lenny2.diff.gz Size/MD5 checksum: 36156 f1cb13247588b40f8f6c9d232df7efde alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 775180 d9d1a2680550113aab5a5aa23998458e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 411954 63d800f83bd77f18b9307cd77b5cfd1d http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_alpha.deb Size/MD5 checksum: 253784 b95be0af80d58e4e0818dd9b66447d9e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_alpha.udeb Size/MD5 checksum: 296564 6e080492ee03692588c5953b36bade6d amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_amd64.udeb Size/MD5 checksum: 269680 4c9e6efc6c36f0867c74dde033b97ac8 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 223010 5b9c55fc8ef35251ccdc3c1d22b13edd http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 713084 b5933f78399f7d690f786fb7f04d1eca http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_amd64.deb Size/MD5 checksum: 385600 741877f101eef1dd6f77aead47ddbba1 arm architecture (ARM) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 205134 624b8b38b6cea2d569c70a18a5f78934 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_arm.udeb Size/MD5 checksum: 242180 d7c5020f9cb5417378b80571bc2eccd4 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 686080 a12f9cb0b5f76071ed204cfdcc571cd5 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_arm.deb Size/MD5 checksum: 356996 ff79207089cce445fa6d0514156f12cf armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 684278 7654ae1ba45138f11c53da2acce6055c http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 210040 2d05fa53273572a89c81c9085a291fee http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_armel.udeb Size/MD5 checksum: 236524 727d731977efad369b51fdc28d42bade http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_armel.deb Size/MD5 checksum: 353412 0bd84857e81e20c777cfaa5cf75532f2 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 390130 633e25d7f8c8c618d9bae093ccb82ce3 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 226818 cddac3930a33e08d60652f33c9a74951 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_hppa.deb Size/MD5 checksum: 724826 9b77d359086e5379ded04c10e2acd20e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_hppa.udeb Size/MD5 checksum: 273756 4e144120db5dcbf29368b95a783e55ca i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 198154 db88552ea82caf3939e7b0cf50aaacd6 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 369100 303fa098f2a6ae9b96dda6911f0bd7fb http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_i386.deb Size/MD5 checksum: 681856 df21b1a3835e262d844f60f9da27b279 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_i386.udeb Size/MD5 checksum: 254120 bfb155340e5d588d06f09901b508661b ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 530172 3eb3af7df07000f3f77046c21476d336 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_ia64.udeb Size/MD5 checksum: 415500 a7790020bc8e89e29d22ba21de275386 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 331586 c0c579a4f47c6239c33cf1b139850d1c http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_ia64.deb Size/MD5 checksum: 876158 52006540c63793635d2dcac9f8179dbf mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 716244 e62cde7460caa83b189326abbe6a5347 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 370118 606f0b24f3694f40eb5331e8d74c4f3b http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mips.deb Size/MD5 checksum: 215180 33b08b6b36a20501276e657c3613701e http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mips.udeb Size/MD5 checksum: 253874 fe4977d926f17b3cbc338ea9926fec40 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_mipsel.udeb Size/MD5 checksum: 254212 58be71c203785b01889176e8b028afac http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 215322 f376b04c5b8450a03b7299a86cc4a586 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 369756 412a79e35817f664f76dcaab0df63a59 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_mipsel.deb Size/MD5 checksum: 716552 3bc89b0f776eaaf3fcd5ec8f6373b599 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 379634 a6f5c6e8ff755639559e55973ec1074d http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 708420 6596bcb33887463503ad0507b216e4ed http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_powerpc.deb Size/MD5 checksum: 233050 40ee5ec08547be283b808d3afd5f97ba http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_powerpc.udeb Size/MD5 checksum: 262690 ed1fff07f9e2f763ca481b2f8599e4af s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 383824 3fbd3dc038b0ac35b961a964cb1147e6 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 225144 04291aff7589607427d175721aafe8c3 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_s390.udeb Size/MD5 checksum: 268070 d565627ddbf45d36920a27b8f42c1f55 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_s390.deb Size/MD5 checksum: 698596 f161a20932cbdbb2ccf4d3a30a555231 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 351162 9f308ff70921739fffbbfe9fca486a87 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 679330 4bee549927cdfc3b52fc62a5f16b3d49 http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.3.7-2+lenny2_sparc.udeb Size/MD5 checksum: 235344 ed806b039d7d8868ae9f7c89fe794629 http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.3.7-2+lenny2_sparc.deb Size/MD5 checksum: 200794 49a26fa64c57498279481a4786919055 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkw+GCUACgkQXm3vHE4uylrkywCgy9GpS2XDmy5Y+pj3JOVAwpFs mWwAn1lQsDqPntOyBssbJ901IHmL8FW/ =Y+AX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . =========================================================== Ubuntu Security Notice USN-963-1 July 20, 2010 freetype vulnerabilities CVE-2010-2498, CVE-2010-2499, CVE-2010-2500, CVE-2010-2519, CVE-2010-2520, CVE-2010-2527 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libfreetype6 2.1.10-1ubuntu2.7 Ubuntu 8.04 LTS: libfreetype6 2.3.5-1ubuntu4.8.04.3 Ubuntu 9.04: libfreetype6 2.3.9-4ubuntu0.2 Ubuntu 9.10: libfreetype6 2.3.9-5ubuntu0.1 Ubuntu 10.04 LTS: libfreetype6 2.3.11-1ubuntu2.1 After a standard system update you need to restart your session to make all the necessary changes. Details follow: Robert Święcki discovered that FreeType did not correctly handle certain malformed font files. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.7.diff.gz Size/MD5: 66378 53a1e74f47f7370e6cedfd49ef33f82a http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10-1ubuntu2.7.dsc Size/MD5: 719 4f1ab392b150b45f00d7084a2fda2e3f http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.1.10.orig.tar.gz Size/MD5: 1323617 adf145ce51196ad1b3054d5fb032efe6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 717700 ef25a872834db5b57de8cba1b9d198bb http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 440434 6f785a8660ca70a43e36157b9d5db23a http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_amd64.deb Size/MD5: 133890 558c68a334e4bb3ebbf9bb2058234d17 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_amd64.udeb Size/MD5: 251848 1cf31177a65df3bb23712a9620937724 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 677528 9551dffd9a301d368c799a38f7161bb4 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 415952 5605ecc4398f4e1c5fa8822233b36e9b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_i386.deb Size/MD5: 117280 bb7fd6d1f7eb762cf355d8c34c3da705 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_i386.udeb Size/MD5: 227420 27670bac197089a9588b7167679e7f05 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 708556 09c6d8c9859b29f777e017d4532d7d6b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 430594 56625ca1fa70f5859a8e293a98421547 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_powerpc.deb Size/MD5: 134270 ef77dec93e203f782865a3142d88c180 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_powerpc.udeb Size/MD5: 241644 b140c31ea68f78e54096ad60e1b214d0 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 683840 184e946cc8d89d1d169b4047e27c92b0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 411518 a420b09b4f205bf6e55e7aa4782c88fc http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.1.10-1ubuntu2.7_sparc.deb Size/MD5: 120116 9c8db36770be6466ef897314ea4abc4b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.1.10-1ubuntu2.7_sparc.udeb Size/MD5: 222590 905398b9656ebc72cc70b7bdca894ab2 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.3.diff.gz Size/MD5: 37126 04fe68272c3a06e116a13e89f1ea4f13 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5-1ubuntu4.8.04.3.dsc Size/MD5: 907 b46efc68ee637cb27c2a76d4594b5615 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.5.orig.tar.gz Size/MD5: 1536077 4a5bdbe1ab92f3fe4c4816f9934a5ec2 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 694110 b35305e27ad2531fd774c19748efde7b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 361814 cec5f15ce8a397d8212f764ff7e25f0b http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_amd64.deb Size/MD5: 221334 56fd8a5204e014256105d1e7d833f275 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_amd64.udeb Size/MD5: 258230 21b232b84b12f335843504b49d9ff284 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 663244 3f15ca19cbe6fc05840409958cea65b1 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 346772 99afdc331b475c43beda28d4459ff4e5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_i386.deb Size/MD5: 201222 d8487d4840b48cc60370daddc3fc61ab http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_i386.udeb Size/MD5: 243290 a9a85de7d9467d99e5fec169bfaa9908 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 665008 d19873caab8d82d40d046cf98350fb98 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 346972 580b60a5a20371df70d770e5b45d3d67 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_lpia.deb Size/MD5: 205460 dadb0d5ffc952504953c15d41d0a2356 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_lpia.udeb Size/MD5: 244160 d60ef9b4abdb4d345c382c3950075544 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 687172 978bb494ab76f8a150dc9f1886df2873 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 357724 f6c2693b012c775e7f85bea30e7d6ac7 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_powerpc.deb Size/MD5: 235556 7c13b39c41718a3e7e594a08a9c42fd9 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_powerpc.udeb Size/MD5: 254440 80ad8bcba1a39760e217dc91f447aacd sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 657974 d1d6d8ab63f4e6624b1c7b69756d02f9 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 331648 8b2df436ad35d4c71c90ebfe1ed86c5d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.5-1ubuntu4.8.04.3_sparc.deb Size/MD5: 199746 4da2f86265e6a7714fbe0bde32f22154 http://ports.ubuntu.com/pool/universe/f/freetype/libfreetype6-udeb_2.3.5-1ubuntu4.8.04.3_sparc.udeb Size/MD5: 227682 dcf258655d624daa833a315fa68af6ae Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.2.diff.gz Size/MD5: 39290 799e4e568b9806952f927c4b3a896f87 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-4ubuntu0.2.dsc Size/MD5: 1311 ea7ece62a87ca6a90244d4a419ac6259 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 729182 0db366c000c726419ef46d0d2047adcd http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_amd64.udeb Size/MD5: 272744 96613f4e2ed3cc1217c9ac9ad2e8f8fa http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 406484 9580234639381beaf1e1e0ba1707b7e5 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_amd64.deb Size/MD5: 226422 89ab56c75fbe22efb8140ca82960ddfd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 697534 1cf3d4991a00804ea20d7898cfddd6ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_i386.udeb Size/MD5: 257702 f96e5175f5ebfb858718498a5ac62971 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 391938 509d532cba962f210ee2223d51f7f001 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_i386.deb Size/MD5: 198728 7930d58edf1ab1c3380e102b82ac5170 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 698598 a88f33a3010d4b7f8d331dd0346b22d4 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_lpia.udeb Size/MD5: 257644 6aed18309e225f9b1413f5c85696d725 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 392384 40c1a93c1b72421ca40f0a7b80f91882 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_lpia.deb Size/MD5: 201552 a9d7be5b254bead82386687714cf778e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 719872 60ff1a115a7254f82b8d80b6c6ef6b74 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_powerpc.udeb Size/MD5: 265648 72e68838b98843ff0515af3b854065f0 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 399740 ce2b8574754fb9a6c08bfdff0f3b8aa4 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_powerpc.deb Size/MD5: 227856 fa508302d46bb73c1b2a13aa11871239 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 689132 c3d269891e090d405b2cf7da96e77341 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-4ubuntu0.2_sparc.udeb Size/MD5: 238116 7487d5f6c08361212430bca6261ef016 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 371970 95d02ed537411018ac66a3a91bc82093 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-4ubuntu0.2_sparc.deb Size/MD5: 201374 5c0f80146fd1366e88c75fd427b04f56 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.1.diff.gz Size/MD5: 38847 6694e4319b4b87a7366381ff0f4066ca http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9-5ubuntu0.1.dsc Size/MD5: 1311 4aacd927d22517066aa795b0b4637c57 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.9.orig.tar.gz Size/MD5: 1624314 7b2ab681f1a436876ed888041204e478 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 730814 04cbd59abf8eb133c93b5052881758c5 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_amd64.udeb Size/MD5: 274918 10491ab571ad8cc4314b53ae3a905809 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 408744 d9ed733aef1661ebe41bbc7cbf2c4f82 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_amd64.deb Size/MD5: 230716 be893e6cffe7985b67d8cfa4a52ed99d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 696776 9d749fe8de579cb210a0da29681ef8f0 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_i386.udeb Size/MD5: 258496 1fdd1a45327b4289e58fae36a93a6de7 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 393238 5a0daf57499a91de25f76ccea6274279 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_i386.deb Size/MD5: 195654 d7f4aafc59c8d61608ff6469356945d3 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 699162 446907e7a2853e3e27ad182fc87dd763 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_lpia.udeb Size/MD5: 259118 7d849cb8ef0ecafcacd8805aa5704f21 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 393668 9d9b9fcffa4bf4551b7f82a8a817b967 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_lpia.deb Size/MD5: 198448 5a680f80d2ae1815a4ab891cfeab51c9 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 719470 dc2557d025bf350eca70fb9b12e77a72 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_powerpc.udeb Size/MD5: 264240 017ed182ca776de01b1f4a31c28807f3 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 398432 673f831700bd5078dab940620328d16d http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_powerpc.deb Size/MD5: 203786 ad1d3625e2712b5290c1abdcf46c556f sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 690882 474956a99bd530921143a5deaedb922a http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.9-5ubuntu0.1_sparc.udeb Size/MD5: 240326 43beb7cf66c7e9473280672381d539b2 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 374390 636de364e467d9400a8237ef636b5bb4 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.9-5ubuntu0.1_sparc.deb Size/MD5: 195772 0152eff0742d67f470d6a7e5d79ba410 Updated packages for Ubuntu 10.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.1.diff.gz Size/MD5: 37792 91c5ee03d36da51a835976e0ff1c688e http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11-1ubuntu2.1.dsc Size/MD5: 1313 34b2898a751164cadbd59572bf0eacc8 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/freetype_2.3.11.orig.tar.gz Size/MD5: 1709600 5aa22c0bc6aa3815b40a309ead2b9d1b amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 739366 b8e244fef49b2422e180b5fc37d4fc7b http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_amd64.udeb Size/MD5: 277296 09c42186549e22f61dedc77f162bade9 http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 434322 e62e542678e479a90938357c14f0a86a http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_amd64.deb Size/MD5: 221370 39c8dcc460781359a5283df0aba0792d i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 704664 64c3751c6f9341a4bd432cccc4d611ae http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_i386.udeb Size/MD5: 260696 636de26225eae8f7c480738545ecaeae http://security.ubuntu.com/ubuntu/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 418488 db37df9fc07ace0ef2ded4d9a7a91637 http://security.ubuntu.com/ubuntu/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_i386.deb Size/MD5: 188672 cc48be4e042eb3215c50bec8ed566a91 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 727760 c1f31e0952484cb3a154c30d8efabe2e http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_powerpc.udeb Size/MD5: 266454 89a1057d4e013fae1c7265199a3b6627 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 423818 28a622d650c3c9e0db13a20f1d69acb1 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_powerpc.deb Size/MD5: 196646 44a6cb7e6084c96fb95e36723e187b56 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-dev_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 707062 4a3a0b8a2b1a3e3d19a219ebef461380 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6-udeb_2.3.11-1ubuntu2.1_sparc.udeb Size/MD5: 250700 e827e5ab700b21f343e44a4da45253b7 http://ports.ubuntu.com/pool/main/f/freetype/libfreetype6_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 407810 423b481bec4b66ec2375c34a6ce4e153 http://ports.ubuntu.com/pool/universe/f/freetype/freetype2-demos_2.3.11-1ubuntu2.1_sparc.deb Size/MD5: 198278 0c059b0b2d188a61c50ea61aeededad8

Multiple integer signedness errors in smb_subr.c in the netsmb module in the kernel in NetBSD 5.0.2 and earlier, FreeBSD, and Apple Mac OS X allow local users to cause a denial of service (panic) via a negative size value in a /dev/nsmb ioctl operation, as demonstrated by a (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION ioctl call. Multiple BSD kernels are prone to multiple local denial-of-service vulnerabilities because they fail to properly verify signedness of user-supplied values. Attackers can exploit these issues to cause the kernel to panic, denying service to legitimate users. Given the nature of these issues, attackers may be able to execute arbitrary code, but this has not been confirmed. These issues affect versions prior to the 'netsmb' kernel module 1.35 on NetBSD, FreeBSD, and Apple OS X where 'netsmb' is available as a kernel extension. NetBSD/FreeBSD/Apple Mac OS X are all operating systems based on the BSD system. This vulnerability has been confirmed in the ioctl response of (1) SMBIOC_LOOKUP or (2) SMBIOC_OPENSESSION

page/Geolocation.cpp in WebCore in WebKit before r56188 and before 1.2.5 does not properly restrict access to the lastPosition function, which has unspecified impact and remote attack vectors, aka rdar problem 7746357. WebKit is prone to an information-disclosure vulnerability. A remote attacker can exploit this issue to obtain sensitive information that may aid in further attacks. Versions prior to WebKit 1.2.2-1 (AMD 64) are vulnerable; other versions may also be affected. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:039 http://www.mandriva.com/security/ _______________________________________________________________________ Package : webkit Date : March 2, 2011 Affected: 2010.1 _______________________________________________________________________ Problem Description: Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0314 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0650 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0651 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1389 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1390 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1391 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1393 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1394 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1397 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1398 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1400 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1401 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1402 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1403 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1404 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1405 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1406 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1407 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1408 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1410 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1414 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1415 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1416 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1417 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1418 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1419 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1421 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1422 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1501 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1664 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1665 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1758 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1759 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1760 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1761 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1762 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1764 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1766 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1767 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1771 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1773 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1774 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1780 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1781 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1782 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1783 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1785 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1792 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1807 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1814 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1815 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2264 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2647 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2648 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3113 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3114 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3116 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3119 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3248 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3255 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3257 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3812 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3813 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4040 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4204 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4206 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.1: 141f3cd181b875d1bb40b67a507b6db1 2010.1/i586/libwebkitgtk1.0_2-1.2.7-0.1mdv2010.2.i586.rpm 054886a3c645b3ce710b9b9daec1d5f9 2010.1/i586/libwebkitgtk1.0-devel-1.2.7-0.1mdv2010.2.i586.rpm bef556ca3f281f6ef4086292c3b658d2 2010.1/i586/webkit1.0-1.2.7-0.1mdv2010.2.i586.rpm a1ff7ac638646aeb64e3bbdca9bc945d 2010.1/i586/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.i586.rpm 3f40e3ebc62bad67097a9e102e0e79c2 2010.1/i586/webkit-1.2.7-0.1mdv2010.2.i586.rpm 50875cf1bc8718cedce1a45dc509b44b 2010.1/i586/webkit-gtklauncher-1.2.7-0.1mdv2010.2.i586.rpm 625d27780d1cc9edb935d4ac3521ae16 2010.1/i586/webkit-jsc-1.2.7-0.1mdv2010.2.i586.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm Mandriva Linux 2010.1/X86_64: 5ce57cd6ab823f8084030033c7c230d7 2010.1/x86_64/lib64webkitgtk1.0_2-1.2.7-0.1mdv2010.2.x86_64.rpm 690d8718a97af93f58de3bb2357fbe9b 2010.1/x86_64/lib64webkitgtk1.0-devel-1.2.7-0.1mdv2010.2.x86_64.rpm 7cc1d4aa77e1901ccc92f27faf85c9ea 2010.1/x86_64/webkit1.0-1.2.7-0.1mdv2010.2.x86_64.rpm 2b77a77159529c55f64343aba98c15d9 2010.1/x86_64/webkit1.0-webinspector-1.2.7-0.1mdv2010.2.x86_64.rpm 475cf83c5ddd8f6809c2c73a1f5a71d1 2010.1/x86_64/webkit-1.2.7-0.1mdv2010.2.x86_64.rpm b0f1c76107c3d54241daa7e61bfb29a9 2010.1/x86_64/webkit-gtklauncher-1.2.7-0.1mdv2010.2.x86_64.rpm 97deff5e94a625a79842b4c240b0b00d 2010.1/x86_64/webkit-jsc-1.2.7-0.1mdv2010.2.x86_64.rpm 8d02c28d8f21a022130be4c49f9d27be 2010.1/SRPMS/webkit-1.2.7-0.1mdv2010.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNbgbemqjQ0CJFipgRAs9YAJ92z2WSC2ijj34b/wr42OIYLtv65gCg7XgL Yv/ButpYAcXsmnJWUG4ayxQ= =GRM6 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ---------------------------------------------------------------------- Windows Applications Insecure Library Loading The Official, Verified Secunia List: http://secunia.com/advisories/windows_insecure_library_loading/ The list is continuously updated as we confirm the vulnerability reports so check back regularly too see if any of your apps are affected. ---------------------------------------------------------------------- TITLE: Ubuntu update for webkit SECUNIA ADVISORY ID: SA41856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/41856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 RELEASE DATE: 2010-10-21 DISCUSS ADVISORY: http://secunia.com/advisories/41856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/41856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=41856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for webkit. This fixes multiple vulnerabilities, some of which have an unknown impact while others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. For more information: SA36677 SA37346 SA37769 SA37931 SA38545 SA38932 SA39091 SA39651 SA40105 SA40196 SA40479 SA40664 SA41014 SA41085 SA41242 SA41328 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ORIGINAL ADVISORY: USN-1006-1: http://www.ubuntu.com/usn/usn-1006-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM)

IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589. An remote attacker could take full control of a vulnerable device. Cisco Provided by Cisco Industrial Ethernet 3000 Set to series SNMP Community String May be used by remote third parties. Cisco IOS Software release 12.2(52)SE Or 12.2(52)SE1 Using Cisco Industrial Ethernet 3000 The series SNMP Community String Is hard-coded. In addition, when the product is restarted, the hard-coded value is set again. In addition, SNMP The service is disabled by default.SNMP Community String Without changing Cisco Industrial Ethernet 3000 When operating the series, the setting of the corresponding product may be changed by a remote third party. This issue is tracked by Cisco Bug ID CSCtf25589. ---------------------------------------------------------------------- Passionate about writing secure code? http://secunia.com/company/jobs/open_positions/talented_programmer Read this if your favourite tool is a disassembler http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Cisco Industrial Ethernet 3000 Hardcoded SNMP Community Names SECUNIA ADVISORY ID: SA40407 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40407/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40407 RELEASE DATE: 2010-07-08 DISCUSS ADVISORY: http://secunia.com/advisories/40407/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40407/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40407 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Cisco Industrial Ethernet 3000, which can be exploited by malicious people to potentially compromise a vulnerable device. This can be exploited to e.g. Successful exploitation requires that the SNMP service is enabled (disabled by default). Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. SNMP is used for managing and monitoring the device and community names are the equivalent to a password. Cisco has provided a workaround that ensures the community names are removed when the device reloads. Once the device is reloaded the original configuration is inserted without the access lists or mib views assigned to the community names. Consult the workarounds section of this advisory. This vulnerability was introduced as part of a new feature integrated into the affected releases called PROFINET. This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2010-1574. Vulnerability Scoring Details ============================= Cisco has provided scores for the vulnerability in this advisory based on the Common Vulnerability Scoring System (CVSS). The CVSS scoring in this Security Advisory is done in accordance with CVSS version 2.0. CVSS is a standards-based scoring method that conveys vulnerability severity and helps determine urgency and priority of response. Cisco has provided a base and temporal score. Customers can then compute environmental scores to assist in determining the impact of the vulnerability in individual networks. Cisco has provided an FAQ to answer additional questions regarding CVSS at: http://www.cisco.com/web/about/security/intelligence/cvss-qandas.html Cisco has also provided a CVSS calculator to help compute the environmental impact for individual networks at: http://intellishield.cisco.com/security/alertmanager/cvss CSCtf25589 - Hard-coded SNMP Community Names in Cisco Industrial Ethernet 3000 Series CVSS Base Score - 10 Access Vector - Network Access Complexity - Low Authentication - None Confidentiality Impact - Complete Integrity Impact - Complete Availability Impact - Complete CVSS Temporal Score - 8.3 Exploitability - Functional Remediation Level - Official-Fix Report Confidence - Confirmed Impact ====== Successful exploitation of the vulnerability could result in an attacker obtaining full control of the device. Software Versions and Fixes =========================== When considering software upgrades, consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. In all cases, customers should exercise caution to ensure the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance. If a given release train is vulnerable, then the earliest possible releases that contain the fix (along with the anticipated date of availability for each, if applicable) are listed in the "First Fixed Release" column of the table. A device running a release in the given train that is earlier than the release in a specific column (less than the First Fixed Release) is known to be vulnerable. Cisco recommends upgrading to a release equal to or later than the release specified in the "First Fixed Release" column of the table. +-------------------------------------------------------------------+ | Major | Availability of Repaired Releases | | Release | | |--------------+----------------------------------------------------| | Affected | | | 12.0-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 12.0 based releases | |-------------------------------------------------------------------| | Affected | | | 12.1-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 12.1 based releases | |-------------------------------------------------------------------| | Affected | | | 12.2-Based | First Fixed Release | | Releases | | |--------------+----------------------------------------------------| | | Releases prior to 12.2(52)SE are not vulnerable. | | 12.2SE | First fixed in release 12.2(55)SE. Currently | | | scheduled to be available August 2010. | |-------------------------------------------------------------------| | There are no other affected 12.2 based releases | |-------------------------------------------------------------------| | Affected | | | 12.3-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 12.3 based releases | |-------------------------------------------------------------------| | Affected | | | 12.4-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 12.4 based releases | |-------------------------------------------------------------------| | Affected | | | 15.0-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 15.0 based releases | |-------------------------------------------------------------------| | Affected | | | 15.1-Based | First Fixed Release | | Releases | | |-------------------------------------------------------------------| | There are no affected 15.1 based releases | +-------------------------------------------------------------------+ Workarounds =========== Manually Remove SNMP Community Names +----------------------------------- Note: The following workaround is only effective until the device is reloaded. Upon each reload of the device this workaround must be re-applied. Log in to the device, and enter configuration mode. This workaround must be applied each time the device is reloaded. Automatically Remove SNMP Community Names +---------------------------------------- By creating an Embedded Event Manager (EEM) policy, it is possible to automatically remove the hard-coded SNMP community names each time the device is reloaded. The following example shows an EEM policy that runs each time the device is reloaded and removes the hard-coded SNMP community names. event manager applet cisco-sa-20100707-snmp event timer countdown time 30 action 10 cli command "enable" action 20 cli command "configure terminal" action 30 cli command "no snmp-server community public RO" action 40 cli command "no snmp-server community private RW" action 50 cli command "end" action 60 cli command "disable" action 70 syslog msg "Hard-coded SNMP community names as per Cisco Security Advisory cisco-sa-20100707-snmp removed" For more information on EEM policies consult the Cisco IOS Network Management Configuration Guide - Embedded Event Manager Overview at the following link: http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_eem_overview_ps6441_TSD_Products_Configuration_Guide_Chapter.html Infrastructure Access Control Lists +---------------------------------- Although it is often difficult to block traffic that transits a network, it is possible to identify traffic that should never be allowed to target infrastructure devices and block that traffic at the device interface or the border of networks. If SNMP management is not required on the IE3000, then dropping all SNMP traffic to the device is a sufficient workaround. The iACL below shows an example of an IE3000 with two interfaces configured with layer 3 access, dropping all SNMP queries destined to the IE3000: !--- !--- Deny SNMP traffic from all other sources destined to !--- configured IP addresses on the IE3000. !--- access-list 150 deny udp any host 192.168.0.1 eq snmp access-list 150 deny udp any host 192.168.1.1 eq snmp !--- !--- Permit/deny all other Layer 3 and Layer 4 traffic in !--- accordance with existing security policies and configurations !--- Permit all other traffic to transit the device. !--- access-list 150 permit ip any any !--- !--- Apply access-list to all Layer 3 interfaces !--- (only two examples shown) !--- interface Vlan1 ip address 192.168.0.1 255.255.255.0 ip access-group 150 in interface GigabitEthernet1/1 ip address 192.168.1.1 255.255.255.0 ip access-group 150 in The white paper "Protecting Your Core: Infrastructure Protection Access Control Lists" presents guidelines and recommended deployment techniques for infrastructure protection access lists. This white paper can be obtained at the following link: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801a1a55.shtml Obtaining Fixed Software ======================== Cisco has released free software updates that address this vulnerability. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html or as otherwise set forth at Cisco.com Downloads at: http://www.cisco.com/public/sw-center/sw-usingswc.shtml Do not contact psirt@cisco.com or security-alert@cisco.com for software upgrades. Customers with Service Contracts +------------------------------- Customers with contracts should obtain upgraded software through their regular update channels. For most customers, this means that upgrades should be obtained through the Software Center on Cisco's worldwide website at http://www.cisco.com. Customers using Third Party Support Organizations +------------------------------------------------ Customers whose Cisco products are provided or maintained through prior or existing agreements with third-party support organizations, such as Cisco Partners, authorized resellers, or service providers should contact that support organization for guidance and assistance with the appropriate course of action in regards to this advisory. The effectiveness of any workaround or fix is dependent on specific customer situations, such as product mix, network topology, traffic behavior, and organizational mission. Due to the variety of affected products and releases, customers should consult with their service provider or support organization to ensure any applied workaround or fix is the most appropriate for use in the intended network before it is deployed. Customers without Service Contracts +---------------------------------- Customers who purchase direct from Cisco but do not hold a Cisco service contract, and customers who purchase through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should acquire upgrades by contacting the Cisco Technical Assistance Center (TAC). TAC contacts are as follows. * +1 800 553 2447 (toll free from within North America) * +1 408 526 7209 (toll call from anywhere in the world) * e-mail: tac@cisco.com Customers should have their product serial number available and be prepared to give the URL of this notice as evidence of entitlement to a free upgrade. Free upgrades for non-contract customers must be requested through the TAC. Refer to: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html for additional TAC contact information, including localized telephone numbers, and instructions and e-mail addresses for use in various languages. Exploitation and Public Announcements ===================================== The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory. This vulnerability was discovered when handling customer support calls. Status of this Notice: FINAL ============================ THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME. A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors. Distribution ============ This advisory is posted on Cisco's worldwide website at: http://www.cisco.com/warp/public/707/cisco-sa-20100707-snmp.shtml In addition to worldwide web posting, a text version of this notice is clear-signed with the Cisco PSIRT PGP key and is posted to the following e-mail and Usenet news recipients. * cust-security-announce@cisco.com * first-bulletins@lists.first.org * bugtraq@securityfocus.com * vulnwatch@vulnwatch.org * cisco@spot.colorado.edu * cisco-nsp@puck.nether.net * full-disclosure@lists.grok.org.uk * comp.dcom.sys.cisco@newsgate.cisco.com Future updates of this advisory, if any, will be placed on Cisco's worldwide website, but may or may not be actively announced on mailing lists or newsgroups. Users concerned about this problem are encouraged to check the above URL for any updates. Revision History ================ +---------------------------------------+ | Revision | | Initial | | 1.0 | 2010-July-07 | public | | | | release. | +---------------------------------------+ Cisco Security Procedures ========================= Complete information on reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco, is available on Cisco's worldwide website at: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html This includes instructions for press inquiries regarding Cisco security notices. All Cisco security advisories are available at: http://www.cisco.com/go/psirt -----BEGIN PGP SIGNATURE----- iD8DBQFMNJS386n/Gc8U/uARAmN5AJsGyv7GXrtcrfddAeeDa6U8ZeYhyQCcCIkj EnlJFTHJ1iEyqh41bdAq0so= =qocW -----END PGP SIGNATURE-----

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the host_name field of an HTTP POST request, a different vulnerability than CVE-2017-6077. NETGEAR DGN2200 Device firmware dnslookup.cgi Any OS A command execution vulnerability exists. The NETGEARDGN2200 is an ADSL router device. Green Shop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. NETGEAR DGN2200 is a wireless router product of NETGEAR