Next Page >>
packages
Cute News appears to be abandoned since September 2008. A local file
inclusion (LFI) vulnerability was discovered by athos on January 9th,
2009 for which no patch has been made.
4. Vulnerable Packages
------------------------------------------------------------------------------------------------------------------------
Cute News 1.4.6 and Cute News UTF-8 are vulnerable. Earlier versions
might be effected.
------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
A logic flaw has been found in the way .NET grants permissions to
ClickOnce applications. Combined with relaxed security warnings when
handling OLE Packages in Office 2007 allows for attackers to run
arbitrary .NET assemblies with Full Trust permissions.
------------------------------------------------------------------------
See also
------------------------------------------------------------------------
CVE-2007-2052
- -----------------------------------------------------------------------
1. Summary
Updated Java JRE packages and Tomcat packages address several security
issues. Updates for the ESX Service Console and vMA include kernel,
ntp, Python, bind libxml, libxml2, curl and gnutil packages. ntp is
also updated for ESXi userworlds.
2. Relevant releases
| cvpnd.exe File Permissions | including | |
| | 5.0.01.0600 | |
+----------------------------------------------------------------+
Note: The VPN Client for Windows software is distributed as both a
Microsoft Installer (MSI) package and an InstallShield (IS) package. Only
the MSI package for version 5.0.01.0600 of the VPN Client contains the fix
for the "Local Privilege Escalation Through Default cvpnd.exe File
Permissions" vulnerability. The IS package does not contain the fix for
that vulnerability and has been removed from http://www.cisco.com.
Customers who have downloaded and installed the IS package for version
- ------------------------------------------------------------------------
1. Summary
ESX Service Console updates for newt, nfs-utils, and glib2 packages.
vMA updates for newt, nfs-util, glib2, kpartx, libvolume-id,
device-mapper-multipath, fipscheck, dbus, dbus-libs, ed, openssl,
bind, expat, openssh, ntp and kernel packages.
2. A collection of tools which provide Linux look and feel.
SUMMARY
Cygwin is a Linux-like environment for Microsoft Windows copyrighted by
Red Hat, Inc. Tarball software packages are installed and updated via
setup.exe. This program downloads a package list and packages from
mirrors over plaintext HTTP or FTP. The package list contains MD5
checksums for verifying package integrity. If a rogue server answers the
HTTP request responsible for package updates and responds with a
modified MD5 string setup.exe will download and install a malicious package.
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
dpkg-dev 1.13.11ubuntu7.1
Ubuntu 8.04 LTS:
Debian Security Advisory DSA-1896-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
September 28, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : opensaml, shibboleth-sp
Vulnerability : several
Problem type : remote
Debian-specific: no
Several vulnerabilities have been discovered in the opensaml and
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libdns23 1:9.3.2-2ubuntu1.11
Ubuntu 8.04 LTS:
Debian Security Advisory DSA-1900-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
October 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : postgresql-7.4, postgresql-8.1, postgresql-8.3, postgresql-8.4
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE Id(s) : CVE-2009-3229 CVE-2009-3230 CVE-2009-3231
Debian Security Advisory DSA-1503-2 security@debian.org
http://www.debian.org/security/ dann frazier
March 6, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kernel-source-2.4.27 (2.4.27-10sarge7)
Vulnerability : several
Problem-Type : local/remote
Debian-specific: no
CVE ID : CVE-2004-2731 CVE-2006-4814 CVE-2006-5753 CVE-2006-5823
CVE-2006-6053 CVE-2006-6054 CVE-2006-6106 CVE-2007-1353
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.13
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libc6 2.3.6-0ubuntu20.6
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
postgresql-plperl-8.1 8.1.21-0ubuntu0.6.06
postgresql-pltcl-8.1 8.1.21-0ubuntu0.6.06
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
python2.4-moinmoin 1.5.2-1ubuntu2.6
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.14
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.19
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libpng12-0 1.2.8rel-5ubuntu0.6
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
cupsys 1.2.2-0ubuntu0.6.06.17
cupsys-client 1.2.2-0ubuntu0.6.06.17
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
apache2-common 2.0.55-4ubuntu2.10
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
python2.4-moinmoin 1.5.2-1ubuntu2.5
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libpng12-0 1.2.8rel-5ubuntu0.5
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
samba 3.0.22-1ubuntu3.11
Ubuntu 8.04 LTS:
Debian Security Advisory DSA-1991-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
February 04, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : squid/squid3
Vulnerability : denial of service
Problem type : remote
Debian-specific: no
CVE Ids : CVE-2009-2855 CVE-2010-0308
Debian Bug : 534982
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
mysql-server-5.0 5.0.22-0ubuntu6.06.12
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
squid 2.5.12-4ubuntu2.5
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
postgresql-8.1 8.1.19-0ubuntu0.6.06
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
php5-cgi 5.1.2-1ubuntu3.18
php5-cli 5.1.2-1ubuntu3.18
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libkrb53 1.4.3-5ubuntu0.10
Ubuntu 8.04 LTS:
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
python2.4 2.4.3-0ubuntu6.4
python2.4-minimal 2.4.3-0ubuntu6.4
Next Page>>
|
