Here are the latest advisories specifically for Ubuntu Linux:
- (Sep 9) With few junk e-mail filters supporting a protocol for verifying the source address of digital messages, spammers have adopted it themselves as a way to appear more legitimate, according to a report released on Wednesday. . . . ... - (Aug 30) If you haven't used Linux before, are new to Ubuntu, or would like a quick update on the latest in open source advancements for the desktop, then The Official Ubuntu Book is a great place to start. Authored by a group of some of the most experienced ... - (Sep 2) It was discovered that Wget would use filenames provided by the server whenfollowing 3xx redirects. If a user or automated system were tricked intodownloading a file from a malicious site, a remote attacker could createthe file with an arbitrary name (e.g. .wgetrc), and possibly run arbitrarycode. [More...] - (Aug 31) It was discovered that libwww-perl incorrectly filtered filenames suggestedby Content-Disposition headers. If a user were tricked into downloading afile from a malicious site, a remote attacker could overwrite hidden filesin the user's directory. [More...] - (Aug 26) Stefan Cornelius of Secunia Research discovered a boundary error duringRLE decompression in the "TranscribePalmImageToJPEG()" function ingenerators/plucker/inplug/image.cpp of okular when processing imagesembedded in PDB files, which can be exploited to cause a heap-basedbuffer overflow. (CVE-2010-2575) [More...] - (Aug 25) It was discovered that Tomcat incorrectly handled invalid Transfer-Encodingheaders. A remote attacker could send specially crafted requests containinginvalid headers to the server and cause a denial of service, or possiblyobtain sensitive information from other requests. [More...] - (Aug 25) It was discovered that MoinMoin did not properly sanitize its input,resulting in cross-site scripting (XSS) vulnerabilities. With cross-sitescripting vulnerabilities, if a user were tricked into viewing serveroutput during a crafted server request, a remote attacker could exploitthis to modify the contents, or steal confidential data, within the same [More...] - (Aug 19) Gael Delalleu, Rafal Wojtczuk, and Brad Spengler discovered that the memorymanager did not properly handle when applications grow stacks into adjacentmemory regions. A local attacker could exploit this to gain control ofcertain applications, potentially leading to privilege escalation, asdemonstrated in attacks against the X server. (CVE-2010-2240) [More...] - (Aug 17) Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that theXpdf used in KOffice contained multiple security issues in its JBIG2decoder. If a user or automated system were tricked into opening a craftedPDF file, an attacker could cause a denial of service or execute arbitrarycode with privileges of the user invoking the program. (CVE-2009-0146, [More...] - (Aug 17) It was discovered that FreeType did not correctly handle certain malformedfont files. If a user were tricked into using a specially crafted fontfile, a remote attacker could cause FreeType to crash or possibly executearbitrary code with user privileges. [More...] - (Aug 16) It was discovered that the IcedTea plugin did not correctly check certainaccesses. If a user or automated system were tricked into running aspecially crafted Java applet, a remote attacker could read arbitraryfiles with user privileges, leading to a loss of privacy. (CVE-2010-2548,CVE-2010-2783) [More...] - (Aug 11) It was discovered that GPGSM in GnuPG2 did not correctly handlecertificates with a large number of Subject Alternate Names. If a user orautomated system were tricked into processing a specially craftedcertificate, an attacker could cause a denial of service or executearbitrary code with privileges of the user invoking the program. [More...]
Get the feed!
Loading ...
