News
DSA-1946 belpic - cryptographic weakness
It was discovered that belpic, the belgian eID PKCS11 library, does not
properly check the result of an OpenSSL function for verifying
cryptographic signatures, which could be used to bypass the certificate
validation.
DSA-1945 gforge - symlink attack
Sylvain Beucler discovered that gforge, a collaborative development
tool, is prone to a symlink attack, which allows local users to perform
a denial of service attack by overwriting arbitrary files.
DSA-1944 request-tracker3.4 request-tracker3.6 - session hijack
Mikal Gule discovered that request-tracker, an extensible trouble-ticket
tracking system, is prone to an attack, where an attacker with access
to the same domain can hijack a user's RT session.
DSA-1943 openldap openldap2.3 - insufficient input validation
It was discovered that OpenLDAP, a free implementation of the Lightweight
Directory Access Protocol, when OpenSSL is used, does not properly handle a '\0'
character in a domain name in the subject's Common Name (CN) field of an
DSA-1942 wireshark - several vulnerabilities
Several remote vulnerabilities have been discovered in the Wireshark
network traffic analyzer, which may lead to the execution of arbitrary
code or denial of service. The Common Vulnerabilities and Exposures
project identifies the following problems:
DSA-1940 php5 - multiple issues
Several remote vulnerabilities have been discovered in the PHP 5
hypertext preprocessor. The Common Vulnerabilities and Exposures
project identifies the following problems:
DSA-1941 poppler - several vulnerabilities
Several integer overflows, buffer overflows and memory allocation
errors were discovered in the Poppler PDF rendering library, which may
lead to denial of service or the execution of arbitrary code if a user
is tricked into opening a malformed PDF document.
DSA-1939 libvorbis - several vulnerabilities
Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered
that libvorbis, a library for the Vorbis general-purpose compressed
audio codec, did not correctly handle certain malformed ogg files. An
attacher could cause a
DSA-1938 php-mail - programming error
It was discovered that php-mail, a PHP PEAR module for sending email,
has insufficient input sanitising, which might be used to obtain
sensitive data from the system that uses php-mail.
tmpreaper: keep your temp files under control
The tmpreaper utility will clean out your temporary file directories by recursively removing files that haven’t been accessed in some amount of time. You can configure exclusions and it will not dive into symlinks, or remove symlinks, sockets