Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » OpenPKG

OpenPKG Security Advisories

Here you'll find the latest security advisories from OpenPKG. Our database currently contains 88 OpenPKG security advisories.
Page: 1 2 3 4 out of 4

MySql multiple vulnerabilities | SA-2004.045 | October 30, 2004
Several vulnerabilities including privilege abuse, Denial of Service, and potentially remote arbitrary code execution have been discovered in the MySQL RDBMS

Squid denial of service | SA-2004.048 | October 29, 2004
According to an iDEFENSE security advisory, a denial of service (DoS) vulnerability exists in the Squid web caching proxy. The "asn_parse_header" function in the SNMP module of Squid before version 2.

Apache arbitrary code execution | SA-2004.047 | October 29, 2004
According to a vendor announcement, a vulnerability exists in the Apache HTTP server, version 1.3. The problem is a potential buffer overflow in the "get_tag" function of Apache's SSI module "mod_incl

PostGreSQL insecure temporary file generation | SA-2004.046 | October 29, 2004
According to a vendor announcement, a vulnerability exists in the generation of temporary files in the PostgreSQL RDBMS. The issue exists in the "make_oidjoins_check" script creating temporary files i

PostgreSQL insecure temporary file generation | SA-2004.046 | October 29, 2004
According to a vendor announcement, a vulnerability exists in the generation of temporary files in the PostgreSQL RDBMS. The issue exists in the "make_oidjoins_check" script creating temporary files i

Apache mod_ssl information disclosure | SA-2004.044 | October 15, 2004
Hartmut Keil discovered an information disclosure vulnerability in mod_ssl, the SSL/TLS module of the Apache webserver. After a renegotiation, affected versions of mod_ssl fail to ensure that the requ

Tiff arbitrary code execution | SA-2004.043 | October 14, 2004
According to security advisory CESA-2004-006 from Chris Evans, the libtiff image en-/decoder suffers from several heap based buffer overflows. Other code reviewers found integer overflows which affect

Aspell arbitrary code execution | SA-2004.042 | September 15, 2004
By providing a specially crafted word list containing an overly long string (more than 256 bytes), an attacker can cause a buffer overflow and execute arbitrary code. This allows an attacker to execut

SpamAssassin denial of service | SA-2004.041 | September 15, 2004
According to a vendor announcement, a Denial of Service (DoS) vulnerability exists in the email spam filter SpamAssassin versions 2.5x and 2.6x. The problem can be exploited by sending certain malform

Samba denial of service | SA-2004.040 | September 15, 2004
According to a security advisory from the Samba team and two corresponding security advisories from iDEFENSE, two Denial of Service (DoS) vulnerabilities exists in the Samba SMB/CIFS server. The first

Kerberos arbitrary code exection and DoS | SA-2004.039 | September 13, 2004
According to two vendor security advisories, multiple vulnerabilities exists in the Kerberos network authentication system. The first set of problems are double-free issues in the KDC and libraries. T

Zlib denial of service vulnerability | SA-2004.038 | August 25, 2004
Triggered by a Debian bug report, a denial of service vulnerability was found in the ZLib compression library versions 1.2.x (older versions are not affected). The problem arises from incorrect error

Rsync filesystem path determination | SA-2004.037 | August 15, 2004
According to a security notice by the vendor, a path-sanitizing bug exists in the filesystem synchronization utility RSYNC. The bug affects daemon mode in all RSYNC versions up to and including 2.6.2

Cvstrac arbitrary code execution | SA-2004.036 | August 06, 2004
As reported on BugTraq, Richard Ngo discovered a vulnerability in the CVS repository web browsing tool CVSTrac. If properly exploited an attacker can execute arbitrary code on the CVSTrac host with th

Libpng arbitrary code execution | SA-2004.035 | August 04, 2004
During a source code audit, Chris Evans discovered several problems in the Portable Network Graphics (PNG) library libpng, some of which are security relevant.

PHP4 several vulnerabilities | SA-2004.034 | July 22, 2004
Several vulnerabilities have been found in PHP versions

Samba arbitrary code execution | SA-2004.033 | July 22, 2004
Evgeny Demidov discovered that the Samba SMB/CIFS server has a buffer overflow bug in the Samba Web Administration Tool (SWAT) on decoding Base64 data during HTTP Basic Authentication. Samba version b

Apache format string vulnerability | SA-2004.032 | July 16, 2004
Triggered by a report to Packet Storm from Virulent, a format string vulnerability was found in mod_ssl, the Apache SSL/TLS interface to OpenSSL, version (up to and including) 2.8.18 for Apache 1.3. T

Dhcpd denial of service and arbitrary code execution | SA-2004.031 | July 08, 2004
As reported by US-CERT [0] Gregory Duchemin discovered several vulnerabilities in the ISC DHCP Distribution. Several buffer overflows were closed in logging messages with excessively long hostnames pr

Png buffer overflow | SA-2004.030 | July 07, 2004
In a previous OpenPKG security advisory, a buffer overflow vulnerability was addressed in the Portable Network Graphics (PNG) library libpng in connection with 16-bit samples. The starting offsets for

CVS multiple vulnerabilities | SA-2004.027 | June 11, 2004
According to an e-matters Security Advisory multiple vulnerabilities exist in the Concurrent Versions System (CVS). Derek Price, Stefan Esser and Sebastian Krahmer discovered and fixed several securit

Apache denial of service | SA-2004.029 | June 11, 2004
According to a security advisory from Georgi Guninski there is a buffer overflow in Apache's mod_proxy module.

Subversion DoS and arbitrary code execution | SA-2004.028 | June 11, 2004
Subversion [1] versions up to and including 1.0.4 have a potential Denial of Service and Heap Overflow issue related to the parsing of strings in the 'svn://' family of access protocols. This affects

Apache arbitrary code execution | SA-2004.026 | May 27, 2004
Georgi Guninski discovered a stack-based buffer overflow in the "SSLOptions +FakeBasicAuth" implementation of Apache's SSL/TLS extension module mod_ssl. The overflow can occur if the Subject-DN in the

OpenPKG SA-2003.029: Gnupg incorrect key validation | SA-2003.029 | May 16, 2003
A key validation bug was recently discovered which could cause keys with more than one user ID to trust all user ID's with the amount of trust given to the most-valid user ID.

Page: 1 2 3 4 out of 4

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »