Tetragono

DSA-1671 iceweasel - several vulnerabilities

Staff — Tue, 25 Nov 2008 22:00:24 +0000

Several remote vulnerabilities have been discovered in the Iceweasel
webbrowser, an unbranded version of the Firefox browser. The Common
Vulnerabilities and Exposures project identifies the following problems:

DSA-1670 enscript - buffer overflows

Staff — Tue, 25 Nov 2008 22:00:24 +0000

Several vulnerabilities have been discovered in Enscript, a converter
from ASCII text to Postscript, HTML or RTF. The Common Vulnerabilities
and Exposures project identifies the following problems:

DSA-1669 xulrunner - several vulnerabilities

Staff — Tue, 25 Nov 2008 22:00:24 +0000

Several remote vulnerabilities have been discovered in Xulrunner, a
runtime environment for XUL applications. The Common Vulnerabilities
and Exposures project identifies the following problems:

DSA-1668 hf - programming error

Staff — Tue, 25 Nov 2008 22:00:24 +0000

Steve Kemp discovered that hf, an amateur-radio protocol suite using
a soundcard as a modem, insecurely tried to execute an external command
which could lead to the elevation of privileges for local users.

DSA-1667 python2.4 - several vulnerabilities

Staff — Tue, 25 Nov 2008 22:00:23 +0000

Several vulnerabilities have been discovered in the interpreter for the
Python language. The Common Vulnerabilities and Exposures project
identifies the following problems:

DSA-1666 libxml2 - several vulnerabilities

Staff — Tue, 25 Nov 2008 22:00:23 +0000

Several vulnerabilities have been discovered in the GNOME XML library.
The Common Vulnerabilities and Exposures project identifies the
following problems:

Debian: New iceweasel packages fix several vulnerabilities

Staff — Tue, 25 Nov 2008 22:00:14 +0000

LinuxSecurity.com: Justin Schuh discovered that a buffer overflow in the http-index-format parser could lead to arbitrary code execution.

RedHat: Important: tog-pegasus security update

Staff — Tue, 25 Nov 2008 05:04:00 +0000

LinuxSecurity.com: Updated tog-pegasus packages that fix security issues are now available for Red Hat Enterprise Linux 5. Red Hat defines additional security enhancements for OpenGroup Pegasus WBEM services in addition to those defined by the upstream OpenGroup Pegasus release. For details regarding these enhancements, refer to the file “README.RedHat.Security”, included in the Red Hat tog-pegasus package. This update has been rated as having important security impact by the Red Hat Security Response Team.

RedHat: Critical: java-1.4.2-ibm security update

Staff — Tue, 25 Nov 2008 05:04:00 +0000

LinuxSecurity.com: Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. Multiple vulnerabilities with unsigned applets were reported. A remote attacker could misuse an unsigned applet to connect to localhost services running on the host running the applet. (CVE-2008-3104)

RedHat: Moderate: vim security update

Staff — Tue, 25 Nov 2008 05:03:00 +0000

LinuxSecurity.com: Updated vim packages that fix security issues are now available for Red Hat Enterprise Linux 2.1.Several input sanitization flaws were found in Vim’s keyword and tag handling. If Vim looked up a document’s maliciously crafted tag or keyword, it was possible to execute arbitrary code as the user running Vim. (CVE-2008-4101)