Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Mandrake

Mandrake Security Advisories

Here you'll find the latest security advisories from Mandrake. Our database currently contains 486 Mandrake security advisories.
Page: 123456 out of 20

Ethereal multiple vulnerabilities | MDKSA-2004:152 | December 20, 2004
Multiple vulnerabilities were discovered in Ethereal.

Php multiple vulnerabilites | MDKSA-2004:151 | December 17, 2004
A number of vulnerabilities in PHP versions prior to 4.3.10 were discovered by Stefan Esser. Some of these vulnerabilities were not deemed to be severe enough to warrant CVE names, however the package

Kdelibs potential privacy issue | MDKSA-2004:150 | December 15, 2004
Daniel Fabian discovered a potential privacy issue in KDE. When creating a link to a remote file from various applications, including Konqueror, the resulting URL may contain the authentication creden

PostGreSQL insecure temp file creation | MDKSA-2004:149 | December 13, 2004
The Trustix development team found insecure temporary file creation problems in a script included in the postgresql package. This could allow an attacker to trick a user into overwriting arbitrary fil

iproute temporary file vulnerability | MDKSA-2004:148 | December 13, 2004
Herbert Xu discovered that iproute can accept spoofed messages sent via the kernel netlink interface by other users on the local machine. This could lead to a local Denial of Service attack.

PostGreSQL temporary file vulnerability | MDKSA-2004:149 | December 13, 2004
The Trustix development team found insecure temporary file creation problems in a script included in the postgresql package. This could allow an attacker to trick a user into overwriting arbitrary fi

OpenSSL insecure temporary files | MDKSA-2004:147 | December 06, 2004
The Trustix developers found that the der_chop script, included in the openssl package, created temporary files insecurely. This could allow local users to overwrite files using a symlink attack.

NFS-utils denial of service | MDKSA-2004:146 | December 06, 2004
SGI developers discovered a remote DoS (Denial of Service) condition in the NFS statd server. rpc.statd did not ignore the "SIGPIPE" signal which would cause it to shutdown if a misconfigured or malic

Rp-ppoe system compromise | MDKSA-2004:145 | December 06, 2004
Max Vozeler discovered a vulnerability in pppoe, part of the rp-pppoe package. When pppoe is running setuid root, an attacker can overwrite any file on the system. Mandrakelinux does not install pppoe

Lvm insecure temporary directory | MDKSA-2004:144 | December 06, 2004
The Trustix developers discovered that the lvmcreate_initrd script, part of the lvm1 package, created a temporary directory in an insecure manner. This could allow for a symlink attack to create or ov

ImageMagick boundary error | MDKSA-2004:143 | December 06, 2004
A vulnerability was discovered in ImageMagick where, due to a boundary error within the EXIF parsing routine, a specially crafted graphic image could potentially lead to the execution of arbitrary cod

Gzip insecure temporary file creation | MDKSA-2004:142 | December 06, 2004
The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite fil

Libxpm4 advisory update | MDKSA-2004:137-1 | November 29, 2004
The previous libxpm4 update had a linking error that resulted in a missing s_popen symbol error running applications dependant on the library. In addition, the file path checking in the security updat

Zip arbitrary code execution | MDKSA-2004:141 | November 25, 2004
A vulnerability in zip was discovered where zip would not check the resulting path length when doing recursive folder compression, which could allow a malicious person to convince a user to create an

A2ps arbitrary command execution | MDKSA-2004:140 | November 25, 2004
The GNU a2ps utility fails to properly sanitize filenames, which can be abused by a malicious user to execute arbitray commands with the privileges of the user running the vulnerable application.

Cyrus-imapd local + remote buffer overflow | MDKSA-2004:139 | November 25, 2004
A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan Esser. Due to insufficient checking within the argument parser of the 'partial' and 'fetch' commands, a buffer overflow could

XFree86 several vulnerabilities | MDKSA-2004:138 | November 22, 2004
A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, she

Libxpm4 multiple vulnerabilities | MDKSA-2004:137 | November 22, 2004
A source code review of the XPM library, done by Thomas Biege of the SuSE Security-Team revealed several different kinds of bugs. These bugs include integer overflows, out-of-bounds memory access, she

Samba buffer overrun | MDKSA-2004:136 | November 18, 2004
Steffan Esser discovered that invalid bounds checking in reply to certain trans2 requests could result in a buffer overrun in smbd. This can only be exploited by a malicious user able to create files

Apache buffer overflow | MDKSA-2004:134 | November 15, 2004
A possible buffer overflow exists in the get_tag() function of mod_include, and if SSI (Server Side Includes) are enabled, a local attacker may be able to run arbitrary code with the rights of an http

GD integer overflows | MDKSA-2004:132 | November 15, 2004
Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbitr

Sudo arbitrary command execution | MDKSA-2004:133 | November 15, 2004
Liam Helmer discovered a flow in sudo's environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands.

Samba input validation | MDKSA-2004:131 | November 10, 2004
Karol Wiesek discovered a bug in the input validation routines in Samba 3.x used to match filename strings containing wildcard characters. This bug may allow a user to consume more than normal amounts

Speedtouch USB driver format string vulnerabilities | MDKSA-2004:130 | November 10, 2004
The Speedtouch USB driver contains a number of format string vulnerabilities due to improperly made syslog() system calls. These vulnerabilities can be abused by a local user to potentially allow the

EZ-IPupdate format string vulnerability | MDKSA-2004:129 | November 10, 2004
Ulf Harnhammar discovered a format string vulnerability in ez-ipupdate, a client for many dynamic DNS services. The updated packages are patched to protect against this problem.

Page: 123456 out of 20

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »