Archive for Sicurezza
DSA-1668 hf - programming error
Steve Kemp discovered that hf, an amateur-radio protocol suite using
a soundcard as a modem, insecurely tried to execute an external command
which could lead to the elevation of privileges for local users.
DSA-1669 xulrunner - several vulnerabilities
Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:
DSA-1670 enscript - buffer overflows
Several vulnerabilities have been discovered in Enscript, a converter
from ASCII text to Postscript, HTML or RTF. The Common Vulnerabilities
and Exposures project identifies the following problems:
DSA-1671 iceweasel - several vulnerabilities
Several remote vulnerabilities have been discovered in the Iceweasel
webbrowser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:
DSA-1666 libxml2 - several vulnerabilities
Several vulnerabilities have been discovered in the GNOME XML library.
The Common Vulnerabilities and Exposures project identifies the
following problems:
DSA-1667 python2.4 - several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the
Python language. The Common Vulnerabilities and Exposures project
identifies the following problems:
Debian: New iceweasel packages fix several vulnerabilities
LinuxSecurity.com: Justin Schuh discovered that a buffer overflow in the http-index-format parser could lead to arbitrary code execution.
RedHat: Critical: java-1.4.2-ibm security update
LinuxSecurity.com: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the [...]
RedHat: Important: tog-pegasus security update
LinuxSecurity.com: Updated tog-pegasus packages that fix security issues are now available for Red Hat Enterprise Linux 5. Red Hat defines additional security enhancements for OpenGroup Pegasus WBEM services in addition to those defined by the upstream OpenGroup Pegasus release. For details regarding these enhancements, refer to the file “README.RedHat.Security”, included in the Red Hat tog-pegasus [...]
RedHat: Moderate: vim security update
LinuxSecurity.com: Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 5.Several input sanitization flaws were found in Vim’s keyword and tag handling. If Vim looked up a document’s maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)
