New User, Welcome!     Login

Steve Grubb

[SECURITY] [DSA 2469-1] linux-2.6 security update

    cause a denial of service (NULL pointer dereference) by creating VCPUs
    before a call to KVM_CREATE_IRQCHIP.

CVE-2012-2123

    Steve Grubb reported in an issue in fcaps, a filesystem-based capabilities
    system. Personality flags set using this mechanism, such as the disabling
    of address space randomization, may persist across suid calls.

CVE-2012-2133

[ MDVSA-2008:096 ] - Updated emacs packages fix vulnerability in vcdiff

 Affected: 2007.1, 2008.0, 2008.1, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 Steve Grubb found that the vcdiff script in Emacs create temporary
 files insecurely when used with SCCS.  A local user could exploit a
 race condition to create or overwrite files with the privileges of
 the user invoking the program (CVE-2008-1694).
 
 The updated packages have been patched to correct this issue.

[USN-827-1] Dnsmasq vulnerabilities

properly validate its input when processing TFTP requests for files with
long names. A remote attacker could cause a denial of service or execute
arbitrary code with user privileges. Dnsmasq runs as the 'dnsmasq' user by
default on Ubuntu. (CVE-2009-2957)

Steve Grubb discovered that Dnsmasq could be made to dereference a NULL
pointer when processing certain TFTP requests. A remote attacker could
cause a denial of service by sending a crafted TFTP request.
(CVE-2009-2958)

[ GLSA 200907-02 ] ModSecurity: Denial of Service

* Juan Galiana Lara of ISecAuditors discovered a NULL pointer
  dereference when processing multipart requests without a part header
  name (CVE-2009-1902).

* Steve Grubb of Red Hat reported that the "PDF XSS protection"
  feature does not properly handle HTTP requests to a PDF file that do
  not use the GET method (CVE-2009-1903).

Impact
======

[USN-607-1] Emacs vulnerabilities

It was discovered that Emacs did not account for precision when formatting
integers. If a user were tricked into opening a specially crafted file, an
attacker could cause a denial of service or possibly other unspecified
actions. This issue does not affect Ubuntu 8.04. (CVE-2007-6109)

Steve Grubb discovered that the vcdiff script as included in Emacs created
temporary files in an insecure way when used with SCCS. Local users could
exploit a race condition to create or overwrite files with the privileges
of the user invoking the program. (CVE-2008-1694)


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!