[ISN] Secunia Weekly Summary - Issue: 2007-46

From: InfoSec News (alerts@private)
Date: Fri Nov 16 2007 - 04:34:50 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2007-11-08 - 2007-11-15                        

                       This week: 76 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

2003: 2,700 advisories published
2004: 3,100 advisories published
2005: 4,600 advisories published
2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter
and structure all the information you need, so you can address issues
effectively.

Get a free trial of the Secunia Vulnerability Intelligence Solutions:
http://corporate.secunia.com/how_to_buy/38/vi/?ref=summary_sm

========================================================================
2) This Week in Brief:

Apple released a security update for its Mac OS X this week. The
release fixes more than 30 vulnerabilities in the operating system,
some of which had been previously reported in other applications.

Some of the vulnerabilities can be used to conduct cross-site scripting
or spoofing attacks, bypass security or gain escalated privileges,
remotely cause an application to crash, or remotely execute arbitrary
code on the affected system.

A non-critical vulnerability previously reported last year in the Mac
OS X kernel, which can cause a system panic, has also been fixed.

The vulnerabilities, which are fixed in version 10.4.11, affect Mac OS
X versions 10.3.9 and 10.4 or later. Patches are available for both
client and server Apple systems. Users are urged to apply the updates
immediately.

Fore more information, refer to:
http://secunia.com/advisories/27643/
http://secunia.com/advisories/23114/

 --

Microsoft released two security updates this month.

The URI-handling vulnerability first identified as a Windows problem by
Secunia has been patched. The highly critical vulnerability that has a
number of different attack vectors has been fixed at its root cause,
which is the shellExecute() function in the Windows OS.

Despite the vulnerability being exploitable only with Internet Explorer
7 installed in Windows XP and Server 2003 systems, Microsoft recommends
that all affected operating systems be updated even if they do not have
Internet Explorer 7 installed.

For more information, refer to:
http://secunia.com/advisories/26201/

A moderately critical spoofing vulnerability in Windows has also been
fixed.

The vulnerability, which is caused by the DNS service (dns.exe) using
predictable transaction values when sending out queries to upstream DNS
servers, can be exploited to poison the DNS cache via a specially
crafted DNS response with a guessed transaction value when the DNS
server performs a recursive lookup.

The vulnerability affects Windows Server 2003 and Windows 2000. Users
are urged to update their systems to protect networks against this
vulnerability.

For more information, refer to:
http://secunia.com/advisories/27584/

Secunia has constructed the Secunia Personal Software Inspector, which
you can use to check if your personal system is vulnerable:
https://psi.secunia.com/

Corporate users can request for a trial of the Secunia Network Software
Inspector, which you can use to check which systems in your network are
vulnerable:
http://secunia.com/network_software_inspector/

 --

Several highly-critical vulnerabilities have been reported in AOL
Radio, which can be exploited by malicious people to compromise a
user's system.

The vulnerabilities are caused by boundary errors in the AmpX ActiveX
control (AmpX.dll) when handling arguments passed to certain
unspecified methods. These can be exploited to cause stack-based buffer
overflows by passing overly long arguments to the affected methods.

Successful exploitation allows execution of arbitrary code, but
requires that a user visits a web page containing malicious code.

The vulnerabilities are reported in AmpX.dll version 2.6.1.11. Users
are urged to apply the available patch from AOL.

For more information, refer to:
http://secunia.com/advisories/27622/

Secunia has constructed the Secunia Personal Software Inspector, which
you can use to check if your personal system is vulnerable:
https://psi.secunia.com/

 --

VIRUS ALERTS:

During the past week Secunia collected 168 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA27605] Mozilla Firefox "jar:" Protocol Handling Cross-Site
              Scripting Security Issue
2.  [SA27584] Microsoft Windows DNS Service Cache Poisoning 
              Vulnerability
3.  [SA27555] Linux Kernel "ieee80211_rx()" Denial of Service
              Vulnerability
4.  [SA27572] PEAR MDB2 LOB URL Handling Information Disclosure
5.  [SA27574] Red Hat update for xpdf
6.  [SA27577] Red Hat update for cups
7.  [SA27575] Red Hat update for gpdf
8.  [SA27591] Red Hat update for coolkey
9.  [SA27523] Apple QuickTime Multiple Vulnerabilities
10. [SA27402] Miranda IM "ext_yahoo_contact_added()" Format String
              Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA27622] AOL Radio AmpX ActiveX Control Multiple Buffer Overflows
[SA27660] DocuSafe "artnr" SQL Injection Vulnerability
[SA27602] BROCHURE SERVICE "ID" SQL Injection
[SA27678] Novell Client NWFILTER.SYS Privilege Escalation
Vulnerability
[SA27676] WinPcap NPF.SYS "bpf_filter_init" Array Indexing
Vulnerability
[SA27675] Grani Script Execution Security Issue
[SA27655] Sleipnir Script Execution Security Issue
[SA27633] Citrix Presentation Server Published Application Execution
Weakness

UNIX/Linux:
[SA27665] Gentoo update for firefox, seamonkey, and xulrunner
[SA27656] Red Hat update for kdegraphics
[SA27643] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities
[SA27642] SUSE update for xpdf
[SA27641] SUSE update for poppler
[SA27640] SUSE update for koffice
[SA27637] Slackware update for koffice, kdegraphics, and xpdf
[SA27636] SUSE update for kdegraphics3-pdf
[SA27634] SUSE Updates for Multiple Packages
[SA27632] Ubuntu update for poppler
[SA27631] Fedora update for link-grammar
[SA27624] Fedora Update for Multiple KDE Packages
[SA27619] Fedora update for xpdf
[SA27618] Fedora update for koffice
[SA27603] Sun Solaris Mozilla 1.7 Multiple Vulnerabilities
[SA27646] Gentoo update for pioneers
[SA27645] SUSE update for cups
[SA27628] Ubuntu update for flac
[SA27627] Ubuntu update for emacs
[SA27625] Gentoo update for flac
[SA27615] Fedora update for cups
[SA27613] Fedora update for perl
[SA27610] Red Hat update for pcre
[SA27609] Gentoo update for nagios-plugins
[SA27601] Mandriva update for flac
[SA27599] Red Hat update for tetex
[SA27598] Mandriva update for pcre
[SA27604] Gentoo update for cups
[SA27673] Red Hat update for ruby
[SA27670] nss_ldap Race Condition Security Issue
[SA27662] Avaya Products libpng Denial of Service Vulnerability
[SA27657] Gentoo update for rails
[SA27639] Mandriva update for mono
[SA27629] Mandriva update for libpng
[SA27626] Fedora Update for PEAR MDB2 Packages
[SA27616] Fedora update for inotify-tools
[SA27614] SUSE update for kernel
[SA27612] Fedora update for mono
[SA27597] Fedora update for django
[SA27596] Red Hat update for openldap
[SA27595] Debian update for phpmyadmin
[SA27666] Linux Kernel CIFS "SendReceive()" Buffer Overflow
[SA27611] Red Hat Conga "ricci" Denial of Service Vulnerability
[SA27607] Gentoo update for 3proxy
[SA27654] Avaya CMS / IR Sun Solaris FIFO File System Unauthorized Data
Access
[SA27681] Gentoo update for cpio
[SA27684] Sun Solaris unzip File Permission Change Vulnerability
[SA27653] Fedora update for hugin
[SA27623] Hugin "hugin_debug_optim_results.txt" Insecure Temporary
File
[SA27621] Fedora update for tomboy
[SA27608] Gentoo update for tomboy

Other:
[SA27651] BT Home Hub/Thomson SpeedTouch 7G Multiple Vulnerabilities
and Security Issue
[SA27635] HP OpenView Operations Java JRE/JDK JSSE DoS and Security
Bypass
[SA27652] Thomson Speedtouch 780 Cross-Site Request Forgery and
Cross-Site Scripting
[SA27647] F5 Firepass 4100 SSL VPN "backurl" Cross-Site Scripting
Vulnerability
[SA27606] HP-UX Aries PA-RISC Emulator Unauthorized Access
Vulnerability

Cross Platform:
[SA27667] IBM DB2 Multiple Vulnerabilities and Security Issue
[SA27650] LI-Guestbook "country" SQL Injection Vulnerability
[SA27648] PHP Multiple Vulnerabilities
[SA27644] Adobe ColdFusion Session Hijacking Vulnerability
[SA27638] ExoPHPDesk register.php Script Insertion Vulnerabilities
[SA27600] TestLink Unspecified Authorisation Vulnerability
[SA27677] X7 Chat "room" Cross-Site Scripting
[SA27674] IBM WebSphere Application Server WebContainer "Expect" Header
Cross-Site Scripting
[SA27671] AutoIndex PHP Script index.php URL Cross-Site Scripting
[SA27668] eggblog rss.php URL Cross-Site Scripting
[SA27630] phpMyAdmin Database Name SQL Injection and Script Insertion
[SA27605] Mozilla Firefox "jar:" Protocol Handling Cross-Site Scripting
Security Issue

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA27622] AOL Radio AmpX ActiveX Control Multiple Buffer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-12

Some vulnerabilities have been reported in AOL Radio, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27622/

 --

[SA27660] DocuSafe "artnr" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-15

Aria-Security Team have reported a vulnerability in DocuSafe, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/27660/

 --

[SA27602] BROCHURE SERVICE "ID" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-09

Aria-Security Team have reported a vulnerability in BROCHURE SERVICE,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/27602/

 --

[SA27678] Novell Client NWFILTER.SYS Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-11-13

A vulnerability has been reported in Novell Client, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/27678/

 --

[SA27676] WinPcap NPF.SYS "bpf_filter_init" Array Indexing
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-11-13

A vulnerability has been reported in WinPcap, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/27676/

 --

[SA27675] Grani Script Execution Security Issue

Critical:    Not critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-13

A security issue has been reported in Grani, which can be exploited by
malicious people to execute arbitrary script code.

Full Advisory:
http://secunia.com/advisories/27675/

 --

[SA27655] Sleipnir Script Execution Security Issue

Critical:    Not critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-13

A security issue has been reported in Sleipnir, which can be exploited
by malicious people to execute arbitrary script code.

Full Advisory:
http://secunia.com/advisories/27655/

 --

[SA27633] Citrix Presentation Server Published Application Execution
Weakness

Critical:    Not critical
Where:       From remote
Impact:      System access
Released:    2007-11-15

A weakness has been reported in Citrix Presentation Server, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/27633/


UNIX/Linux:--

[SA27665] Gentoo update for firefox, seamonkey, and xulrunner

Critical:    Highly critical
Where:       From remote
Impact:      Spoofing, Manipulation of data, Exposure of sensitive
information, DoS, System access
Released:    2007-11-13

Gentoo has issued an update for firefox, seamonkey, and xulrunner. This
fixes some vulnerabilities and a weakness, which can be exploited by
malicious people to disclose sensitive information, conduct phishing
attacks, manipulate certain data, and potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/27665/

 --

[SA27656] Red Hat update for kdegraphics

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-13

Red Hat has issued an update for kdegraphics. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27656/

 --

[SA27643] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, Privilege escalation, DoS, System access
Released:    2007-11-15

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/27643/

 --

[SA27642] SUSE update for xpdf

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-12

SUSE has issued an update for xpdf. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/27642/

 --

[SA27641] SUSE update for poppler

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-12

SUSE has issued an update for poppler. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise an application
using the library.

Full Advisory:
http://secunia.com/advisories/27641/

 --

[SA27640] SUSE update for koffice

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-12

SUSE has issued an update for koffice. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/27640/

 --

[SA27637] Slackware update for koffice, kdegraphics, and xpdf

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-12

Slackware has issued updates for koffice, kdegraphics, and xpdf. These
fix some vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27637/

 --

[SA27636] SUSE update for kdegraphics3-pdf

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-11-14

SUSE has issued an update for kdegraphics-pdf. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27636/

 --

[SA27634] SUSE Updates for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-11-15

SUSE has issued updates for xpdf, kdegraphics3-pdf, koffice,
libextractor, poppler, gpdf, cups, pdf, and pdftohtml. These fix some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27634/

 --

[SA27632] Ubuntu update for poppler

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-14

Ubuntu has issued an update for poppler. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/27632/

 --

[SA27631] Fedora update for link-grammar

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-15

Fedora has issued an update for link-grammar. This fixes a
vulnerability, which can be exploited by malicious people to compromise
an application using the library.

Full Advisory:
http://secunia.com/advisories/27631/

 --

[SA27624] Fedora Update for Multiple KDE Packages

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-13

Fedora has issued an update for multiple KDE packages. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27624/

 --

[SA27619] Fedora update for xpdf

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-12

Fedora has issued an update for xpdf. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/27619/

 --

[SA27618] Fedora update for koffice

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-12

Fedora has issued an update for koffice. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27618/

 --

[SA27603] Sun Solaris Mozilla 1.7 Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-11-09

Sun has acknowledged multiple vulnerabilities in Mozilla 1.7 for Sun
Solaris, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/27603/

 --

[SA27646] Gentoo update for pioneers

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-11-15

Gentoo has issued an update for pioneers. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/27646/

 --

[SA27645] SUSE update for cups

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-11-14

SUSE has issued an update for cups. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27645/

 --

[SA27628] Ubuntu update for flac

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-11-14

Ubuntu has issued an update for flac. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/27628/

 --

[SA27627] Ubuntu update for emacs

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-11-14

Ubuntu has issued an update for emacs. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/27627/

 --

[SA27625] Gentoo update for flac

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-11-13

Gentoo has issued an update for flac. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/27625/

 --

[SA27615] Fedora update for cups

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-11-12

Fedora has issued an update for cups. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27615/

 --

[SA27613] Fedora update for perl

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-11-13

Fedora has issued an update for perl. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/27613/

 --

[SA27610] Red Hat update for pcre

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-11-12

Red Hat has issued an update for pcre. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/27610/

 --

[SA27609] Gentoo update for nagios-plugins

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-11-09

Gentoo has issued an update for nagios-plugins. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27609/

 --

[SA27601] Mandriva update for flac

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-11-09

Mandriva has issued an update for flac. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/27601/

 --

[SA27599] Red Hat update for tetex

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-11-09

Red Hat has issued an update for tetex. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27599/

 --

[SA27598] Mandriva update for pcre

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-11-09

Mandriva has issued an update for pcre. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/27598/

 --

[SA27604] Gentoo update for cups

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-11-13

Gentoo has issued an update for cups. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27604/

 --

[SA27673] Red Hat update for ruby

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2007-11-13

Red Hat has issued an update for ruby. This fixes some security issues,
which can be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/27673/

 --

[SA27670] nss_ldap Race Condition Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-15

A security issue has been reported in nss_ldap, which can be exploited
by malicious people to manipulate certain data.

Full Advisory:
http://secunia.com/advisories/27670/

 --

[SA27662] Avaya Products libpng Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-11-13

Avaya has acknowledged a vulnerability in various Avaya products, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/27662/

 --

[SA27657] Gentoo update for rails

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2007-11-15

Gentoo has issued an update for rails. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose sensitive
information and conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27657/

 --

[SA27639] Mandriva update for mono

Critical:    Less critical
Where:       From remote
Impact:      Unknown
Released:    2007-11-15

Mandriva has issued an update for mono. This fixes a vulnerability with
an unknown impact.

Full Advisory:
http://secunia.com/advisories/27639/

 --

[SA27629] Mandriva update for libpng

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-11-14

Mandriva has issued an update for libpng. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/27629/

 --

[SA27626] Fedora Update for PEAR MDB2 Packages

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2007-11-15

Fedora has issued an update for php-pear-MDB2,
php-pear-MDB2-Driver-mysqli, and php-pear-MDB2-Driver-mysql. This fixes
a security issue, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/27626/

 --

[SA27616] Fedora update for inotify-tools

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-11-12

Fedora has issued an update for inotify-tools. This fixes a
vulnerability, which potentially can be exploited by malicious users to
compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/27616/

 --

[SA27614] SUSE update for kernel

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-11-12

SUSE has issued an update for the kernel. This fixes two
vulnerabilities, which can be exploited by malicious, local users and
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27614/

 --

[SA27612] Fedora update for mono

Critical:    Less critical
Where:       From remote
Impact:      Unknown
Released:    2007-11-12

Fedora has issued an update for mono. This fixes a vulnerability with
an unknown impact.

Full Advisory:
http://secunia.com/advisories/27612/

 --

[SA27597] Fedora update for django

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-11-12

Fedora has issued an update for django. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/27597/

 --

[SA27596] Red Hat update for openldap

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-11-09

Red Hat has issued an update for openldap. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/27596/

 --

[SA27595] Debian update for phpmyadmin

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-09

Debian has issued an update for phpmyadmin. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27595/

 --

[SA27666] Linux Kernel CIFS "SendReceive()" Buffer Overflow

Critical:    Less critical
Where:       From local network
Impact:      DoS, System access
Released:    2007-11-14

A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/27666/

 --

[SA27611] Red Hat Conga "ricci" Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-11-12

A vulnerability has been reported in Red Hat Conga, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27611/

 --

[SA27607] Gentoo update for 3proxy

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-11-09

Gentoo has issued an update for 3proxy. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/27607/

 --

[SA27654] Avaya CMS / IR Sun Solaris FIFO File System Unauthorized Data
Access

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2007-11-13

Avaya has acknowledged a vulnerability in Avaya CMS and IR, which can
be exploited by malicious, local users to disclose potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/27654/

 --

[SA27681] Gentoo update for cpio

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2007-11-15

Gentoo has issued an update for cpio. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/27681/

 --

[SA27684] Sun Solaris unzip File Permission Change Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-11-15

Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/27684/

 --

[SA27653] Fedora update for hugin

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-11-12

Fedora has issued an update for hugin. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/27653/

 --

[SA27623] Hugin "hugin_debug_optim_results.txt" Insecure Temporary
File

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-11-12

A security issue has been discovered in Hugin, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/27623/

 --

[SA27621] Fedora update for tomboy

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-11-12

Fedora has issued an update for tomboy. This fixes a security issue,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/27621/

 --

[SA27608] Gentoo update for tomboy

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-11-09

Gentoo has issued an update for tomboy. This fixes a security issue,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/27608/


Other:--

[SA27651] BT Home Hub/Thomson SpeedTouch 7G Multiple Vulnerabilities
and Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2007-11-12

Adrian Pastor has reported some vulnerabilities and a security issue in
BT Home Hub/Thomson SpeedTouch 7G routers, which can be exploited by
malicious people to conduct cross-site scripting, cross-site request
forgery, and script insertion attacks, and to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/27651/

 --

[SA27635] HP OpenView Operations Java JRE/JDK JSSE DoS and Security
Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2007-11-15

HP has acknowledged a vulnerability and a security issue in HP OpenView
Operations, which can be exploited by malicious people to bypass certain
security restrictions or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/27635/

 --

[SA27652] Thomson Speedtouch 780 Cross-Site Request Forgery and
Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-12

Adrian Pastor has reported some vulnerabilities in Thomson SpeedTouch
780, which can be exploited by malicious people to conduct cross-site
request forgery and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27652/

 --

[SA27647] F5 Firepass 4100 SSL VPN "backurl" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-13

Jan Fry and Adrian Pastor have reported a vulnerability in F5 Firepass
4100 SSL VPN, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27647/

 --

[SA27606] HP-UX Aries PA-RISC Emulator Unauthorized Access
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2007-11-09

A vulnerability has been reported in HP-UX, which can potentially be
exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/27606/


Cross Platform:--

[SA27667] IBM DB2 Multiple Vulnerabilities and Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Privilege escalation
Released:    2007-11-15

Some vulnerabilities and a security issue have been reported in IBM
DB2, some of which have unknown impacts, and the other can be exploited
by malicious, local users to gain escalated privileges or perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/27667/

 --

[SA27650] LI-Guestbook "country" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-11-12

security-news.ws has discovered a vulnerability in LI-Guestbook, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/27650/

 --

[SA27648] PHP Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass
Released:    2007-11-12

Some vulnerabilities and weaknesses have been reported in PHP, where
some have unknown impacts and others can be exploited to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/27648/

 --

[SA27644] Adobe ColdFusion Session Hijacking Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Hijacking
Released:    2007-11-14

A vulnerability has been reported in Adobe ColdFusion, which
potentially can be exploited by malicious people to hijack user
sessions.

Full Advisory:
http://secunia.com/advisories/27644/

 --

[SA27638] ExoPHPDesk register.php Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-15

Joseph.Giron13 has discovered two vulnerabilities in ExoPHPDesk, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/27638/

 --

[SA27600] TestLink Unspecified Authorisation Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-11-14

A vulnerability has been reported in TestLink, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/27600/

 --

[SA27677] X7 Chat "room" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-13

ShAy6oOoN has discovered a vulnerability in X7 Chat, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27677/

 --

[SA27674] IBM WebSphere Application Server WebContainer "Expect" Header
Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-15

A vulnerability has been reported in IBM WebSphere Application Server,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/27674/

 --

[SA27671] AutoIndex PHP Script index.php URL Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-13

L4teral has discovered a vulnerability in AutoIndex PHP Script, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/27671/

 --

[SA27668] eggblog rss.php URL Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-13

Mesut Timur has discovered a vulnerability in eggblog, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27668/

 --

[SA27630] phpMyAdmin Database Name SQL Injection and Script Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2007-11-12

Two vulnerabilities have been reported in phpMyAdmin, which can be
exploited by malicious users to conduct script insertion and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/27630/

 --

[SA27605] Mozilla Firefox "jar:" Protocol Handling Cross-Site Scripting
Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-11-09

A security issue has been reported in Mozilla Firefox, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/27605/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Fri Nov 16 2007 - 04:41:17 PST