Users login

Create an account »


Users login

Home » Security Advisories » OpenPKG

OpenPKG Security Advisories

Here you'll find the latest security advisories from OpenPKG. Our database currently contains 88 OpenPKG security advisories.
Page: 1 2 3 4 out of 4

Pcre arbitrary code execution | SA-2005.018 | September 05, 2005
An integer overflow problem was discovered in the Perl Compatible Regular Expressions (PCRE) library, version 6.2 and earlier. The problem allows a remote or local attacker to execute arbitrary code b

Apache modssl information disclosure | SA-2005.017 | September 02, 2005
An information disclosure vulnerability was discovered in mod_ssl, the SSL/TLS module of the Apache webserver. When "SSLVerifyClient optional" was configured in the global virtual host configuration,

Fetchmail denial of service | SA-2005.016 | July 28, 2005
Ross Boylan reported a bug in fetchmail which turned out being a remote buffer overflow vulnerability. A malicious POP3 server could send a carefully crafted message and cause a denial of service and

Spamassassin denial of service | SA-2005.015 | July 28, 2005
A Denial of Service (DoS) vulnerability exists in the Email spam filter SpamAssassin. The problem can be exploited by sending certain malformed Email headers.

Zlib denial of service | SA-2005.014 | July 28, 2005
A previous ZLib update for CAN-2005-2096 fixed a Denial of Service (DoS) flaw that could allow a carefully crafted compressed stream to crash an application. While the original patch corrected the rep

Zlib denial of service | SA-2005.013 | July 07, 2005
Tavis Ormandy from Gentoo discovered a Denial of Service vulnerability in the ZLib compression library versions 1.2.x (older versions are not affected). An error in the handling of corrupt compressed

Sudo race condition and arbitrary command execution | SA-2005.012 | June 23, 2005
According to a vendor security advisory based on hints from Charles Morris, a race condition exists in the command pathname handling of Sudo [1] prior to version 1.6.8p9. This could allow a user with

Shtool insecure temp file handling | SA-2005.011 | June 23, 2005
Eric Romang has discovered that GNU shtool insecurely creates temporary files with predictable filenames, potentially allowing a local user to overwrite arbitrary files with a "symlink" attack.

OpenPKG arbitrary path writing, DoS | SA-2005.010 | June 10, 2005
The vulnerabilities described by this text affect the OpenPKG bootstrap package's GZip and BZip2 embedded software. Similar advisories describe the same vulnerabilities, although in context of the par

Gzip arbitrary path writing | SA-2005.009 | June 10, 2005
According to a Debian bug report, Ulf Harnhammar discovered an input validation error in the GZip data compressor. Because gzip fails to properly validate file paths during decompression with the "-N"

Bzip2 denial of service | SA-2005.008 | June 10, 2005
According to a BugTraq posting, Imran Ghory discovered a time of check time of use file mode vulnerability in the BZip2 data compressor. Because bzip2 does not safely restore the mode of a file underg

CVS denial of service | SA-2005.007 | June 10, 2005
According to a Debian bug report, a Denial of Service (DoS) vulnerability exists in the embedded ZLib compression logic of the Concurrent Versions Systems (CVS). The problem involves incorrect error h

MySQL arbitrary code execution | SA-2005.006 | April 20, 2005
Several vulnerabilities including insecure handling of temporary files and arbitrary code execution have been discovered in the MySQL RDBMS. Javier Fernandez-Sanguino Pena found that users may overwri

Imapd arbitrary code execution | SA-2005.005 | April 05, 2005
Sean Larsson discovered several vulnerabilities in the Cyrus IMAP Server that could allow a remote attacker to execute machine code in the context of the server process.

Sasl arbitrary code execution | SA-2005.004 | January 28, 2005
In situations where an untrusted local user can affect the environment of a privileged process, this behavior could be exploited to run arbitrary code with the privileges of a setuid or setgid applica

A2ps arbitrary code execution | SA-2005.003 | January 17, 2005
Rudolf Polzer discovered a vulnerability in GNU a2ps, a converter and pretty-printer for many formats to PostScript. The program does not escape shell meta characters properly which could lead to the

Sudo arbitrary code execution | SA-2005.002 | January 17, 2005
Liam Helmer discovered a design flaw in Sudo, a program used to control user privilege escalation. An attacker with Sudo access to a shell script that uses GNU Bash may therefore run arbitrary comman

Perl information disclosure, insecure permissions | SA-2005.001 | January 11, 2005
Jeroen van Wolffelaar discovered that the rmtree() function in the Perl File::Path module removes directory trees in an insecure manner which could lead to the removal of arbitrary files and directori

Tiff insufficient input validation | SA-2004.055 | December 23, 2004
Trustix security engineers discovered vulnerabilities in the "autopoint" and "gettextize" scripts of GNU gettext. The scripts in question insecurely generate temporary files which could allow a malici

Cvstrac cross-site scripting | SA-2004.056 | December 17, 2004
Some of the functions in /usr/src/sys/compat/* which implement execution of foreign binaries (such as Linux, FreeBSD, IRIX, OSF1, SVR4, HPUX, and ULTRIX) used argument data in unsafe ways prior to cal

Samba denial of service and arbitrary code execution | SA-2004.054 | December 17, 2004
Some of the functions in /usr/src/sys/compat/* which implement execution of foreign binaries (such as Linux, FreeBSD, IRIX, OSF1, SVR4, HPUX, and ULTRIX) used argument data in unsafe ways prior to cal

Vim multiple vulnerabilities | SA-2004.052 | December 15, 2004
The Gentoo Vim maintainer Ciaran McCreesh found several "modeline"-related vulnerabilities in Vim editor and reported them to the vendor. Bram Moolenaar created patch 6.3.045 that fixes the reported v

Imapd arbitrary code execution | SA-2004.051 | November 29, 2004
According to a security advisory from Stefan Esser, several vulnerabilities exist in Cyrus imapd. The updated OpenPKG packages fix all these problems.

Libxml arbitrary code execution | SA-2004.050 | October 30, 2004
Multiple buffer overflows may allow remote attackers to execute arbitrary code via a long FTP URL that is not properly handled by the "xmlNanoFTPScanURL" function, a long proxy URL containing FTP data

Gd denial of service and arbitrary code execution | SA-2004.049 | October 30, 2004
There can be an integer overflow when allocating memory in the routine that handles loading of PNG image files. Similar integer overflow possibilities also exist in other code parts of GD.

Page: 1 2 3 4 out of 4

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »