Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Mandrake

Mandrake Security Advisories

Here you'll find the latest security advisories from Mandrake. Our database currently contains 486 Mandrake security advisories.
Page: 123456 out of 20

Linux Kernel 2.6 Mandriva 10.1 | MDKSA-2005:219 | November 30, 2005
Multiple vulnerabilities in the Linux 2.6 kernel have been discovered and corrected in this update.
» CVE-2005-0180 Low: Multiple integer signedness errors in (0.00) » CVE-2005-0210 Low: Netfilter in the Linux kernel 2.6.8.1 (0.00) » CVE-2005-1589 Low: The pkt_ioctl function in the pktcdvd (0.00) » CVE-2005-2456 Low: Array index overflow in the xfrm_sk_po (0.00) » CVE-2005-2457 Low: The driver for compressed ISO file sys (0.00) » CVE-2005-2458 Low: inflate.c in the zlib routines in the (0.00) » CVE-2005-2459 Low: The huft_build function in inflate.c i (0.00) » CVE-2005-2490 Low: Stack-based buffer overflow in the sen (0.00) » CVE-2005-2548 Low: vlan_dev.c in the VLAN code for Linux (0.00) » CVE-2005-2555 Low: Linux kernel 2.6.x does not properly r (0.00) » CVE-2005-2800 Low: Memory leak in the seq_file implemenet (0.00) » CVE-2005-2801 Low: xattr.c in the ext2 and ext3 file syst (0.00) » CVE-2005-2872 Low: The ipt_recent kernel module (ipt_rece (0.00) » CVE-2005-2873 Low: The ipt_recent kernel module (ipt_rece (0.00) » CVE-2005-3044 Low: Multiple vulnerabilities in Linux kern (0.00) » CVE-2005-3053 Low: The sys_set_mempolicy function in memp (0.00) » CVE-2005-3055 Low: Linux kernel 2.6.8 to 2.6.14-rc2 allow (0.00) » CVE-2005-3180 Low: The Orinoco driver (orinoco.c) in Linu (0.00) » CVE-2005-3181 Low: The audit system in Linux kernel befor (0.00) » CVE-2005-3257 Low: The VT implementation (vt_ioctl.c) in (0.00) » CVE-2005-3271 Low: Exec in Linux kernel 2.6 does not prop (0.00) » CVE-2005-3273 Low: The rose_rt_ioctl function in rose_rou (0.00) » CVE-2005-3274 Low: Race condition in ip_vs_conn_flush in (0.00) » CVE-2005-3275 Low: The NAT code (1) ip_nat_proto_tcp.c an (0.00) » CVE-2005-3276 Low: The sys_get_thread_area function in pr (0.00)

OpenVPN denial of service | MDKSA-2005:206 | November 08, 2005
Two Denial of Service vulnerabilities exist in OpenVPN. The first allows a malicious or compromised server to execute arbitrary code on the client. The second DoS can occur if when in TCP server mode,
» CVE-2005-3393 Low: Format string vulnerability in the for (0.00) » CVE-2005-3409 Low: OpenVPN 2.x before 2.0.4, when running (0.00)

Koffice heap buffer overflow | MDKSA-2005:185 | October 14, 2005
Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. An attacker could provide a specially crafted RTF file, which when opened in KWord can cause execution of abitrary code.

Cfengine several vulnerabilities | MDKSA-2005:184 | October 13, 2005
Javier Fernández-Sanguino Peña discovered several insecure temporary file uses in cfengine

Wget stack overflow | MDKSA-2005:183 | October 13, 2005
A vulnerability in libcurl's NTLM function can overflow a stack-based buffer if given too long a user name or domain name in NTLM authentication is enabled and either a) pass a user and domain name to

Curl stack overflow | MDKSA-2005:182 | October 13, 2005
A vulnerability in libcurl's NTLM function can overflow a stack-based buffer if given too long a user name or domain name in NTLM authentication is enabled and either a) pass a user and domain name to

Mozilla firefox updates | MDKSA-2005:088-1 | May 17, 2005
The previously-released firefox updates were no longer able to download extensions for firefox due to strict version checking. This update fixes the problem by changing the version firefox reports fro

Xpm integer overflow | MDKSA-2005:080 | April 28, 2005
While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he

Perl race condition | MDKSA-2005:079 | April 28, 2005
While a process running as root (or another user) was busy deleting a directory tree, a different user could exploit a race condition to create setuid binaries in this directory tree, provided that he

Squid multiple vulnerabilities | MDKSA-2005:078 | April 28, 2005
Multiple vulnerabilities have been found in Squid 2.5: ACL bypass, race condition for handling cookies and denial of service.

Cdrecord symbolic link attack | MDKSA-2005:077 | April 20, 2005
Javier Fernandez-Sanguino Pena discovered that cdrecord created temporary files in an insecure manner if DEBUG was enabled in /etc/cdrecord/rscsi. If the default value was used (which stored the debug

Xli multiple vulnerabilities | MDKSA-2005:076 | April 20, 2005
A number of vulnerabilities have been found in the xli image viewer. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a flaw in the handling of compressed images where shell meta-chara

Libcdaudio1 buffer overflow | MDKSA-2005:075 | April 20, 2005
A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code

Gnome-vfs2 buffer overflow bug | MDKSA-2005:074 | April 20, 2005
A buffer overflow bug was found by Joseph VanAndel in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code

CVS buffer overflow and memory access problem | MDKSA-2005:073 | April 20, 2005
A buffer overflow and memory access problem in CVS have been discovered by the CVS maintainer. The updated packages have been patched to correct the problem.

PHP multiple vulnerabilities | MDKSA-2005:072 | April 18, 2005
A number of vulnerabilities are addressed in this PHP update. Integer overflows, denial of service and path restriction bugs.

Gaim multiple vulnerabilities | MDKSA-2005:071 | April 13, 2005
A buffer overflow vulnerability was found in the way that gaim escapes HTML, allowing a remote attacker to send a specially crafted message to a gaim client and causing it to crash. Also, a bug was di

MySQL grant privileges vulnerability | MDKSA-2005:070 | April 12, 2005
A vulnerability in MySQL would allow a user with grant privileges to a database with a name containing an underscore character ("_") to have the ability to grant privileges to other databases with sim

Gdk-pixbuf denial of service | MDKSA-2005:069 | April 07, 2005
A bug was discovered in the way that gdk-pixbuf processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gdk-pixbuf.

Gtk+2.0 denial of service | MDKSA-2005:068 | April 07, 2005
A bug was discovered in the way that gtk+2.0 processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+2.0.

Sharutils buffer overflow | MDKSA-2005:067 | April 07, 2005
Shaun Colley discovered a buffer overflow in shar that was triggered by output files (using -o) with names longer than 49 characters which could be exploited to run arbitrary attacker-specified code.

Grip buffer overflow | MDKSA-2005:066 | April 01, 2005
A buffer overflow bug was found by Dean Brettle in the way that grip handles data returned by CDDB servers. If a user connected to a malicious CDDB server, an attacker could execute arbitrary code on

ImageMagick multiple vulnerabilities | MDKSA-2005:065 | April 01, 2005
A format string vulnerability was discovered in ImageMagick, in the way it handles filenames. An attacker could execute arbitrary code on a victim's machine provided they could trick them into opening

Libexif buffer overflow | MDKSA-2005:064 | March 31, 2005
A buffer overflow was discovered in the way libexif parses EXIF tags. An attacker could exploit this by creating a special EXIF image file which could cause image viewers linked against libexif to cra

Htdig cross site scripting | MDKSA-2005:063 | March 31, 2005
A cross-site scripting vulnerability in ht://dig was discovered by Michael Krax. The updated packages have been patched to correct this issue.

Page: 123456 out of 20

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »