Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » Mandriva

Mandriva Security Advisories

Here you'll find the latest security advisories from Mandriva. Our database currently contains 311 Mandriva security advisories.
Page: 123456 out of 13

Perl log flaw | MDKSA-2006:131 | July 25, 2006
Peter Bieringer discovered a flaw in the perl Net::Server module where the "log" function was not safe against format string exploits in version 0.87 and earlier.
» CVE-2005-1127 Low: Format string vulnerability in the log (0.00)

Imlib2 images process crash bug | MDKA-2006:030 | July 21, 2006
The tiff loader from imlib2 crashes when processing images on the x86_64 platform. This was reported when using digikam on x86_64, which uses this loader.

KDE denial of service vulnerability | MDKSA-2006:130 | July 20, 2006
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demon
» CVE-2006-3672 Low: KDE Konqueror 3.5.1 and earlier allows (0.00)

Libfreetype arbitrary code execution | MDKSA-2006:129 | July 20, 2006
An additional overflow, similar to those corrected by patches for CVE-2006-1861 was found in libfreetype. If a user loads a carefully crafted font file with a program linked against FreeType, it coul
» CVE-2006-1861 Low: Multiple integer overflows in FreeType (0.00) » CVE-2006-3467 Low: Integer overflow in FreeType before 2. (0.00)

Webmin, Usermin decoding vulnerability | MDKSA-2006:125 | July 19, 2006
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files.
» CVE-2006-3274 Low: Directory traversal vulnerability in W (0.00) » CVE-2006-3292 Low: SQL injection vulnerability in the Sea (0.00)

Wireshark number of vulnerabilities | MDKSA-2006:128 | July 18, 2006
A number of vulnerabilities have been discovered in the Wireshark formerly Ethereal) network analyzer. These issues have been corrected in Wireshark version 0.99.2 which is provided with this update
» CVE-2006-3627 Low: Unspecified vulnerability in the GSM B (0.00) » CVE-2006-3628 Low: Multiple format string vulnerabilities (0.00) » CVE-2006-3629 Low: Unspecified vulnerability in the MOUNT (0.00) » CVE-2006-3630 Low: Multiple off-by-one errors in Wireshar (0.00) » CVE-2006-3631 Low: Unspecified vulnerability in the SSH d (0.00) » CVE-2006-3632 Low: Buffer overflow in Wireshark (aka Ethe (0.00)

Gimp buffer overflow vulnerability | MDKSA-2006:127 | July 18, 2006
A buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c for gimp 2.2.x allows user-complicit attackers to cause a denial of service (crash) and possibly execute arbitrary code via an X
» CVE-2006-3404 Low: Buffer overflow in the xcf_load_vector (0.00)

Libtunepimp multiple stack-based buffer overflows | MDKSA-2006:126 | July 18, 2006
Kevin Kofler discovered multiple stack-based buffer overflows in the LookupTRM::lookup function in libtunepimp 0.4.2 that allow remote user-complicit attackers to cause a denial of service (applicatio
» CVE-2006-3600 Low: Multiple stack-based buffer overflows (0.00)

Kernel race condition vulnerability | MDKSA-2006:124 | July 18, 2006
A race condition in the Linux kernel 2.6.17.4 and earlier allows local users to obtain root privileges due to a race condition in the /proc filesystem.
» CVE-2006-3626 Low: Race condition in Linux kernel 2.6.17. (0.00)

Php multiple vulnerabilities | MDKSA-2006:122 | July 13, 2006
Kevin Kofler discovered several buffer overflows in the tag parser. By tricking a user into opening a specially crafted tagged multimedia file (such as .ogg or .mp3 music) with an application that use
» CVE-2002-1396 Low: Heap-based buffer overflow in the word (0.00) » CVE-2004-0941 Low: Multiple buffer overflows in the gd gr (0.00) » CVE-2004-0990 Low: Integer overflow in GD Graphics Librar (0.00) » CVE-2006-1017 Low: The c-client library 2000, 2001, or 20 (0.00) » CVE-2006-1990 Low: Integer overflow in the wordwrap funct (0.00) » CVE-2006-2563 Low: The cURL library (libcurl) in PHP 4.4. (0.00) » CVE-2006-2660 Low: Buffer consumption vulnerability in th (0.00) » CVE-2006-2906 Low: The LZW decoding in the gdImageCreateF (0.00) » CVE-2006-3011 Low: The error_log function in basic_functi (0.00) » CVE-2006-3016 Low: Unspecified vulnerability in session.c (0.00) » CVE-2006-3017 Low: zend_hash_del_key_or_index in zend_has (0.00) » CVE-2006-3018 Low: Unspecified vulnerability in the sessi (0.00)

Apache2 logging issues | MDKA-2006:029 | July 12, 2006
A patch applied to the build of apache2, when built on x86_64, can cause various issues in logging. These can include a corrupted or empty /var/log/httpd/access_log. This affects the Corporate 3 produ

Xine-lib code vulnerability | MDKSA-2006:121 | July 12, 2006
Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3)
» CVE-2006-2200 Low: Stack-based buffer overflow in libmms, (0.00)

MiMMS Stack-based buffer overflow | MDKSA-2006:117-1 | July 12, 2006
Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3)
» CVE-2006-2200 Low: Stack-based buffer overflow in libmms, (0.00)

Cupsd initscript bug | MDKA-2006:028 | July 11, 2006
A bug in the cupsd initscript could prevent a system from coming fully online if the CUPS daemon does not get actually started (for example if CUPS config or cache file are corrupted or port 631 block

Samba smbd bug | MDKSA-2006:120 | July 10, 2006
A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an
» CVE-2006-3403 Low: The smdb daemon (smbd/service.c) in Sa (0.00)

Ppp privilege escalation | MDKA-2006:119 | July 10, 2006
Marcus Meissner discovered that pppd's winbind plugin did not check for the result of the setuid() call which could allow an attacker to exploit this on systems with certain PAM limits enabled to exec
» CVE-2006-2194 Low: The winbind plugin in pppd for ppp 2.4 (0.00)

OpenOffice.org vulnerabilities patched | MDKSA-2006:118 | July 07, 2006
OpenOffice.org 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-complicit attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed wi
» CVE-2006-2198 Low: OpenOffice.org (aka StarOffice) 1.1.x (0.00) » CVE-2006-2199 Low: Unspecified vulnerability in Java Appl (0.00) » CVE-2006-3117 Low: Heap-based buffer overflow in OpenOffi (0.00)

MiMMS stack-based buffer overflow vulnerability | MDKSA-2006:117 | July 06, 2006
Stack-based buffer overflow in MiMMS 0.0.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the (1) send_command, (2) string_utf16, (3)
» CVE-2006-2200 Low: Stack-based buffer overflow in libmms, (0.00)

Libgd multiple buffer and integer overflows | MDKSA-2006:114 | June 29, 2006
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to imprope
» CVE-2004-0941 Low: Multiple buffer overflows in the gd gr (0.00) » CVE-2004-0990 Low: Integer overflow in GD Graphics Librar (0.00)

IMAP stack based buffer overflow | MDKSA-2006:115 | June 28, 2006
A stack-based buffer overflow in the browse_get_namespace function in imap/browse.c of Mutt allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long namespaces r

libgd denial of service | MDKSA-2006:114 | June 27, 2006
Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbit

PNG images arbitrary code execution | MDKSA-2006:113 | June 27, 2006
Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers to cause a denial of service and possibly execute arbit
» CVE-2006-2906 Low: The LZW decoding in the gdImageCreateF (0.00)

libgd remote denial of service | MDKSA-2006:112 | June 27, 2006
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via
» CVE-2006-2906 Low: The LZW decoding in the gdImageCreateF (0.00)

Page: 123456 out of 13

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »