Further Information

ESB-2004.0599 -- Sun Alert Notification 57648 -- Security Vulnerabilities in ImageMagick(1) May Allow a Remote Unprivileged User to Execute Arbitrary Code - (22/09/2004)

ESB-2004.0598 -- Debian Security Advisory DSA 551-1 -- New lukemftpd packages fix arbitrary code execution - (22/09/2004)

ESB-2004.0578 -- iDEFENSE Security Advisory 09.15.04 -- GNU Radius SNMP String Length Integer Overflow Denial of Service Vulnerability - (16/09/2004)

ESB-2004.0576 -- RHSA-2004:449-01 -- Updated CUPS packages fix security vulnerability - (16/09/2004)

ESB-2004.0575 -- RHSA-2004:446-01 -- Updated openoffice.org packages resolve security issue - (16/09/2004)

ESB-2004.0574 -- RHSA-2004:447-02 -- Updated gdk-pixbuf packages fix security flaws - (16/09/2004)

AL-2004.029 -- Apache Software Foundation Security Advisory -- Apache HTTP Server 2.0.51 Fixes 5 Security Vulnerabilities - The Apache Software Foundation has released version 2.0.51 of the Apache HTTP server. This version fixes 5 vulnerabilities, the most serious of which could allow for the execution of arbitrary code. (16/09/2004)

ESB-2004.0571 -- Debian Security Advisory DSA 544-1 -- New webmin packages fix insecure temporary directory - (15/09/2004)

ESB-2004.0573 -- The Mozilla Organization -- New Versions of Firefox, Mozilla and Thunderbird Fix Security Vulnerabilities - New versions of Mozilla products fix multiple vulnerabilities that allow remote execution of arbitrary code. Mozilla 1.7.2, Firefox 0.9.3 and Thunderbird 0.7.3 are vulnerable. (15/09/2004)

ESB-2004.0567 -- Samba Security Advisory -- Samba 3.0.x Denial of Service Flaw - (i) A DoS bug in smbd may allow an unauthenticated user to cause smbd to spawn new processes each one entering an infinite loop. After sending a sufficient amount of packets it is possible to exhaust the memory resources on the server. (ii) A DoS bug in nmbd may allow an attacker to remotely crash the nmbd daemon. (14/09/2004)

AL-2004.028 -- UNIRAS ALERT - 33/04 -- NISCC Vulnerability Advisory 380375/MIME - Multiple products' inconsistent implementation of MIME parsing causes inspection of MIME content for malicious data to fail. (14/09/2004)

ESB-2004.0557 -- NGSSoftware Insight Security Research Advisory -- Patch Available for IBM DB2 Universal Database Flaws - Researchers at NGSSoftware have discovered multiple critical/high risk vulnerabilities in IBM's DB2 Universal Database. Two of the issues, remotely exploitable buffer overflows, have been fixed in Fixpak 7 for DB2 8.1 and Fixpak 12 for DB2 7.x. (06/09/2004)

ESB-2004.0556 -- US-CERT Technical Cyber Security Alert TA04-247A -- Vulnerabilities in MIT Kerberos 5 - The MIT Kerberos 5 implementation contains several vulnerabilities, the most severe of which could allow an unauthenticated, remote attacker to execute arbitrary code on a Kerberos Distribution Center (KDC). This could result in the compromise of an entire Kerberos realm. (06/09/2004)

ESB-2004.0555 -- US-CERT Technical Cyber Security Alert TA04-245A -- Multiple Vulnerabilities in Oracle Products - (06/09/2004)

ESB-2004.0551 -- MIT krb5 Security Advisory 2004-003 -- ASN.1 decoder denial of service - (01/09/2004)

ESB-2004.0547 -- Debian Security Advisory DSA 458-2 -- New python2.2 packages really fix buffer overflow - (01/09/2004)

AL-2004.026 -- MIT krb5 Security Advisory 2004-002 -- double-free vulnerabilities in KDC and libraries - A vulnerability allowing remote execution of arbitrary code has been reported in Kerberos 5 Key Distribution Center. (01/09/2004)

ESB-2004.0546 -- Sun Alert Notification 57632 -- Netscape NSS Library Vulnerability Affects Sun ONE/iPlanet Web Server and Sun Java System Application Server - (01/09/2004)

ESB-2004.0544 -- Samba 2.2.11 -- smbd denial of service - (31/08/2004)

ESB-2004.0543 -- Debian Security Advisory DSA 542-1 -- New Qt packages fix arbitrary code execution and denial of service - (31/08/2004)

ESB-2004.0542 -- MDKSA-2004:087 -- Updated kernel packages fix multiple vulnerabilities - (30/08/2004)

ESB-2004.0541 -- GLSA 200408-27 -- Gaim: New vulnerabilities - (30/08/2004)

ESB-2004.0540 -- GLSA 200408-26 -- zlib: Denial of service vulnerability - (30/08/2004)

AL-2004.025 -- XV Image Viewer - Multiple Buffer Overflow Vulnerabilities - Multiple stack and heap buffer overflows in XV allow a remote attacker to execute arbitrary code as the user running XV. (26/08/2004)

ESB-2004.0530 -- KDE Security Advisory -- Konqueror Cross-Domain Cookie Injection - (25/08/2004)

ESB-2004.0528 -- ISS Protection Brief -- Netscape NSS Library Remote Compromise - (24/08/2004)

AU-2004.0012 -- AusCERT Update - User Interface Spoofing in Mozilla and Firefox - As outlined in AusCERT advisory AL-2004.23, a proof of concept using the XUL (XML-based User interface Language) rendering engine in Mozilla Firefox has recently been public. However, the problem may not be a classic security bug, but instead an effective addition to spoofing techniques. (24/08/2004)

ESB-2004.0527 -- iDEFENSE Security Advisory 08.18.04 -- Courier-IMAP Remote Format String Vulnerability - (23/08/2004)

ESB-2004.0507 -- SpamAssassin Announcement -- SpamAssassin 2.64 is released - SpamAssassin 2.64 contains a security fix to prevent a denial of service attack when certain malformed messages are opened. (12/08/2004)

ESB-2004.0499 -- Core Security Technologies Advisory CORE-2004-0714 -- Cfengine RSA Authentication Heap Corruption - (10/08/2004)

ESB-2004.0493 -- Core Security Technologies Advisory CORE-2004-0705 -- Vulnerabilities in PuTTY and PSCP - (06/08/2004)

ESB-2004.0492 -- RHSA-2004:383-01 -- Updated glibc packages fix flaws - (05/08/2004)

ESB-2004.0490 -- Debian Security Advisory DSA 536-1 -- New libpng, libpng3 packages fix multiple vulnerabilities - (05/08/2004)

ESB-2004.0489 -- RHSA-2004:402-01 -- Updated libpng packages fix security issues - (05/08/2004)

ESB-2004.0487 -- RHSA-2004:421-01 -- Updated mozilla packages fix security issues - (05/08/2004)


Previous  1, 2, 3 ... 149, 150, 151, 152, 153  Next denotes AusCERT member only content.