Main menu

Documentation

Graphics

Papers

Localized Sites

Resources

Partners




2006/09/19 gzip <1.3.5
Some of the bugs have possible security implications if gzip or its tools are
fed a carefully constructed malicious archive. Most of these issues were
recently discovered by Tavis Ormandy and the Google Security Team.
For further reference, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
on the way


2006/09/16 x11 <6.9.0-11
Fixed an overflow in CID encoded Type1 font parsing.
For further reference, see:
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3739
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3740
done


2006/09/15 firefox <1.5.0.7, thunderbird <1.5.0.7, seamonkey <1.0.5
More details about the issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
done


2006/09/14 openssl <0.8.9b
Patched an issue where it is possible to forge certain kinds of RSA signatures.
The patch is used instead of an upgrade to openssl-0.9.8c as it was
issued later with a corrected fix.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
done


2006/08/18 libtiff <3.8.2 Patched vulnerabilities in libtiff which were found by Tavis Ormandy of
the Google Security Team. These issues could be used to crash programs
linked to libtiff or possibly to execute code as the program's user.
A low risk command-line overflow in tiffsplit was also patched.
done


2006/08/03 gnupg <1.4.5 Fixed 2 more possible memory allocation attacks. They are
similar to the problem we fixed with 1.4.4. This bug can easily
be be exploited for a DoS; remote code execution is not entirely
impossible.
done


2006/07/27 firefox <1.5.0.5, thunderbird <1.5.0.5, seamonkey <1.0.3
More details about the issues may be found here:
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox
http://www.mozilla.org/projects/security/known-vulnerabilities.html#thunderbird
http://www.mozilla.org/projects/security/known-vulnerabilities.html#seamonkey
done


2006/07/26 x11 <6.8.2-6 Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
done


2006/07/26 gimp <2.2.12 Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp before 2.2.12 allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XCF file with a large num_axes value in the VECTORS property.
done


2006/07/26 xine-lib <1.1.2 Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
done

Login

Username:

Password:


Lost Password?

Register now!

Recent News

Changelogs - Standard Packages

Changelogs - Addon Packages

Security Advisories
Copyright © 2005-2009 Zenwalk.org.
The information on this website may not be reproduced, republished or mirrored on another webpage or website without explicit permission of the Zenwalk project.