Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - December 10, 2007

by Marianna Schmudlach / December 9, 2007 11:35 PM PST

bitweaver Cross-Site Scripting Vulnerabilities

Secunia Advisory: SA28024
Release Date: 2007-12-10


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: bitweaver 1.x

Description:
DoZ has discovered some vulnerabilities in bitweaver, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the URL to users/register.php and search/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 2.0.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
DoZ

Original Advisory:
http://www.hackerscenter.com/archive/view.asp?id=28129

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - December 10, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - December 10, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Gentoo update for lookup
by Marianna Schmudlach / December 9, 2007 11:36 PM PST

Secunia Advisory: SA28023
Release Date: 2007-12-10


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for lookup. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

For more information:
SA24377

Solution:
Update to "app-emacs/lookup-1.4.1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200712-07.xml

Other References:
SA24377:
http://secunia.com/advisories/24377/

Collapse -
Gentoo update for ruby-gtk2
by Marianna Schmudlach / December 9, 2007 11:37 PM PST

Secunia Advisory: SA28022
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for ruby-gtk2. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.

For more information:
SA27825

Solution:
Update to "dev-ruby/ruby-gtk2-0.16.0-r2" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200712-09.xml

Other References:
SA27825:
http://secunia.com/advisories/27825/

Collapse -
Gentoo update for emul-linux-x86-qtlibs
by Marianna Schmudlach / December 9, 2007 11:38 PM PST

Secunia Advisory: SA28021
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for emul-linux-x86-qtlibs. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

For more information:
SA24460
SA27382

Solution:
Update to "app-emulation/emul-linux-x86-qtlibs-20071114-r2" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200712-08.xml

Other References:
SA24460:
http://secunia.com/advisories/24460/

SA27382:
http://secunia.com/advisories/27382/

Collapse -
Sun StarOffice/StarSuite Database Document Processing Arbitr
by Marianna Schmudlach / December 9, 2007 11:39 PM PST

Sun StarOffice/StarSuite Database Document Processing Arbitrary Java Method Execution

Secunia Advisory: SA28018
Release Date: 2007-12-10


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: StarOffice / StarSuite 8.x

Description:
Sun has acknowledged a vulnerability in Sun StarOffice and StarSuite, which can be exploited by malicious people to compromise a user's system.

For more information:
SA27928

Solution:
Open trusted documents only.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1

Other References:
SA27928:
http://secunia.com/advisories/27928/

Collapse -
PolDoc Document Management System "filename" Information Dis
by Marianna Schmudlach / December 9, 2007 11:41 PM PST

PolDoc Document Management System "filename" Information Disclosure

Secunia Advisory: SA28013
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: PolDoc Document Management System 0.x

Description:
GoLd_M has discovered a vulnerability in PolDoc Document Management System (PDDMS), which can be exploited by malicious people to disclose sensitive information.

Input passed to the "filename" parameter in download_file.php is not properly sanitised before being used. This can be exploited to download arbitrary files through directory traversal attacks or by passing full paths.

The vulnerability is confirmed in version 0.96. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
GoLd_M

Original Advisory:
http://milw0rm.com/exploits/4704

Collapse -
Serendipity Remote RSS Sidebar Plugin Script Insertion
by Marianna Schmudlach / December 9, 2007 11:42 PM PST

Secunia Advisory: SA28012
Release Date: 2007-12-10


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Serendipity 0.x
Serendipity 1.x


Description:
A vulnerability has been reported in Serendipity, which can be exploited by malicious people to conduct script-insertion attacks.

Input passed via links in RSS feeds is not properly sanitised in the Remote RSS sidebar plugin before being used. This can be exploited to insert arbitrary HTML and script code, which is then executed in a user's browser session in context of an affected site when malicious RSS feeds are viewed.

The vulnerability is reported in versions prior to 1.2.1.

Solution:
Update to version 1.2.1.
http://www.s9y.org/12.html

Provided and/or discovered by:
The vendor credits Hanno B

Collapse -
Debian update for sitebar
by Marianna Schmudlach / December 9, 2007 11:43 PM PST

Secunia Advisory: SA28008
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for sitebar. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, and by malicious users to disclose potentially sensitive information and compromise a vulnerable system.

For more information:
SA20841

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-securi...-security-announce-2007/msg00204.html

Other References:
SA20841:
http://secunia.com/advisories/20841/

Collapse -
Easy File Sharing Web Server Multiple Vulnerabilities
by Marianna Schmudlach / December 9, 2007 11:44 PM PST

Secunia Advisory: SA28007
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: Easy File Sharing Web Server 4.x



Description:
Luigi Auriemma has reported some vulnerabilities in Easy File Sharing Web Server, which can be exploited by malicious people to disclose sensitive information and by malicious users to compromise a vulnerable system.

1) Input passed to unspecified parameters is not properly sanitised when uploading files. This can be exploited to upload files to arbitrary parent directories via directory traversal attacks.

2) An error exists when processing file download requests. This can be exploited to download any ".sdb" database file except "admin.sdb" or "user.sdb".

3) An error exists when processing username registration requests. This can be exploited to disclose the contents of arbitrary files in the users folder by creating an account with the username equal to the name of the file.

The vulnerabilities are reported in version 4.5. Other versions may also be affected.

Solution:
Restrict access to trusted users only. The vendor will reportedly fix the vulnerabilities in a future version.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/efsup-adv.txt

Collapse -
wwwstats "link" Script Insertion Vulnerability
by Marianna Schmudlach / December 9, 2007 11:45 PM PST

Secunia Advisory: SA28002
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: wwwstats 3.x


Description:
Jesus Olmos Gonzalez has reported a vulnerability in wwwstats, which can be exploited by malicious people to conduct script insertion attacks.

Input passed to the "link" parameter in clickstats.php is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

The vulnerability is reported in version 3.21. Prior versions may also be affected.

Solution:
Update to version 3.22.

Provided and/or discovered by:
Jesus Olmos Gonzalez

Collapse -
Debian update for iceweasel
by Marianna Schmudlach / December 9, 2007 11:46 PM PST

Secunia Advisory: SA28001
Release Date: 2007-12-10


Critical:
Highly critical
Impact: Cross Site Scripting
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for iceweasel. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks or potentially to compromise a user's system.

For more information:
SA27605
SA27725

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2007/dsa-1424

Other References:
SA27605:
http://secunia.com/advisories/27605/

SA27725:
http://secunia.com/advisories/27725/

Collapse -
Ubuntu update for e2fsprogs
by Marianna Schmudlach / December 9, 2007 11:48 PM PST

Secunia Advisory: SA28000
Release Date: 2007-12-10


Critical:
Less critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Ubuntu Linux 6.06
Ubuntu Linux 6.10
Ubuntu Linux 7.04
Ubuntu Linux 7.10

Description:
Ubuntu has issued an update for e2fsprogs. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library.

For more information:
SA27889

Solution:
Apply updated packages.

Original Advisory:
https://lists.ubuntu.com/archives/ubu...ty-announce/2007-December/000639.html

Other References:
SA27889:
http://secunia.com/advisories/27889/

Collapse -
3ivx MPEG-4 MP4 File Processing Buffer Overflows
by Marianna Schmudlach / December 9, 2007 11:51 PM PST

Secunia Advisory: SA27998
Release Date: 2007-12-10


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: 3ivx MPEG-4 5.x

Description:
SYS 49152 has discovered some vulnerabilities in 3ivx MPEG-4, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors in 3ivxDSMediaSplitter.ax when processing certain atoms ("

Collapse -
Debian update for qt-x11-free
by Marianna Schmudlach / December 9, 2007 11:52 PM PST

Secunia Advisory: SA27996
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for qt-x11-free. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library.

For more information:
SA26298
SA26811

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2007/dsa-1426

Other References:
SA26298:
http://secunia.com/advisories/26298/

SA26811:
http://secunia.com/advisories/26811/

Collapse -
DWdirectory "search" SQL Injection Vulnerability
by Marianna Schmudlach / December 9, 2007 11:53 PM PST

Secunia Advisory: SA27990
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: DWdirectory 2.x

Description:
t0pP8uZz & xprog have reported a vulnerability in DWdirectory, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the parameter "search" in search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 2.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
t0pP8uZz & xprog

Original Advisory:
http://milw0rm.com/exploits/4708

Collapse -
Ace Image Hosting Script "id" SQL Injection Vulnerability
by Marianna Schmudlach / December 9, 2007 11:55 PM PST

Secunia Advisory: SA27988
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Ace Image Hosting Script

Description:
t0pP8uZz & xprog have reported a vulnerability in Ace Image Hosting Script, which can be exploited by malicious people to conduct SQL injections attacks.

Input passed to the "id" parameter in albums.php (e.g. if "mode" is set to "editalbum") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
t0pP8uZz & xprog

Original Advisory:
http://milw0rm.com/exploits/4707

Collapse -
Debian update for e2fsprogs
by Marianna Schmudlach / December 9, 2007 11:56 PM PST

Secunia Advisory: SA27987
Release Date: 2007-12-10


Critical:
Less critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for e2fsprogs. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise an application using the library.

For more information:
SA27889

Solution:
Apply updated packages.

Original Advisory:
http://www.debian.org/security/2007/dsa-1422

Other References:
SA27889:
http://secunia.com/advisories/27889/

Collapse -
Gentoo update for cairo
by Marianna Schmudlach / December 9, 2007 11:57 PM PST

Secunia Advisory: SA27985
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for cairo. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.

For more information:
SA27880

Solution:
Update to "x11-libs/cairo-1.4.12" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200712-04.xml

Other References:
SA27880:
http://secunia.com/advisories/27880/

Collapse -
Gentoo update for emacs
by Marianna Schmudlach / December 9, 2007 11:58 PM PST

Secunia Advisory: SA27984
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for emacs. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

For more information:
SA27508

Solution:
Update to "app-editors/emacs-22.1-r3" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200712-03.xml

Other References:
SA27508:
http://secunia.com/advisories/27508/

Collapse -
Gentoo update for PEAR-MDB2
by Marianna Schmudlach / December 9, 2007 11:59 PM PST

Secunia Advisory: SA27983
Release Date: 2007-12-10


Critical:
Less critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for PEAR-MDB2. This fixes a security issue, which can be exploited by malicious people to disclose potentially sensitive information.

For more information:
SA27572

Solution:
Update to "dev-php/PEAR-MDB2-2.5.0_alpha1" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200712-05.xml

Other References:
SA27572:
http://secunia.com/advisories/27572/

Collapse -
Gentoo update for firebird
by Marianna Schmudlach / December 10, 2007 12:01 AM PST

Secunia Advisory: SA27982
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: System access

Where: From local network

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for firebird. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA27057

Solution:
Update to "dev-db/firebird-2.0.3.12981.0-r2" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200712-06.xml

Other References:
SA27057:
http://secunia.com/advisories/27057/

Collapse -
MySQL System Table Information Overwrite Vulnerability
by Marianna Schmudlach / December 10, 2007 12:02 AM PST

Secunia Advisory: SA27981
Release Date: 2007-12-10


Critical:
Less critical
Impact: Manipulation of data

Where: Local system

Solution Status: Vendor Patch


Software: MySQL 5.x

Description:
A vulnerability has been reported in MySQL, which can be exploited by malicious, local users to manipulate certain data.

The vulnerability is caused due to an error when renaming a table with explicit DATA DIRECTORY and INDEX DIRECTORY options and can be exploited to overwrite system table information by replacing files pointed to by certain symbolic links.

The vulnerability is reported in MySQL Community Server prior to version 5.0.51.

Solution:
Update to version 5.0.51.
http://dev.mysql.com/downloads/mysql/5.0.html#downloads

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-51.html

Collapse -
Fedora update for nagios
by Marianna Schmudlach / December 10, 2007 12:03 AM PST

Secunia Advisory: SA27980
Release Date: 2007-12-10


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for nagios. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

For more information:
SA27316

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00125.html
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00161.html

Other References:
SA27316:
http://secunia.com/advisories/27316/

Collapse -
Fedora update for seamonkey
by Marianna Schmudlach / December 10, 2007 12:04 AM PST

Secunia Advisory: SA27979
Release Date: 2007-12-10


Critical:
Highly critical
Impact: Cross Site Scripting
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks and potentially to compromise a user's system.

For more information:
SA27816

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00135.html
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00168.html

Other References:
SA27816:
http://secunia.com/advisories/27816/

Collapse -
Fedora update for zabbix
by Marianna Schmudlach / December 10, 2007 12:06 AM PST

Secunia Advisory: SA27978
Release Date: 2007-12-10


Critical:
Not critical
Impact: Privilege escalation

Where: From local network

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for zabbix. This fixes a weakness, which can be exploited by malicious users to perform certain actions with escalated privileges.

For more information:
SA27903

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00196.html
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00232.html

Other References:
SA27903:
http://secunia.com/advisories/27903/

Collapse -
Fedora update for ruby-gnome
by Marianna Schmudlach / December 10, 2007 12:07 AM PST

Secunia Advisory: SA27975
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for ruby-gnome. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library.

For more information:
SA27825

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00251.html
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00214.html

Other References:
SA27825:
http://secunia.com/advisories/27825/

Collapse -
Fedora update for drupal
by Marianna Schmudlach / December 10, 2007 12:08 AM PST

Secunia Advisory: SA27973
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8

Description:
Fedora has issued an update for drupal. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.

For more information:
SA27932

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00190.html
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00258.html

Other References:
SA27932:
http://secunia.com/advisories/27932/

Collapse -
Fedora update for openoffice.org
by Marianna Schmudlach / December 10, 2007 12:10 AM PST

Secunia Advisory: SA27972
Release Date: 2007-12-10


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora 8
Fedora Core 6

Description:
Fedora has issued an update for openoffice.org. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

For more information:
SA27928

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00155.html
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00134.html
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00281.html

Other References:
SA27928:
http://secunia.com/advisories/27928/

Collapse -
Debian update for xulrunner
by Marianna Schmudlach / December 10, 2007 12:12 AM PST

Secunia Advisory: SA27957
Release Date: 2007-12-10


Critical:
Highly critical
Impact: Cross Site Scripting
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting or cross-site request forgery attacks, and to potentially compromise a user's system.

For more information:
SA27605
SA27725

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2007/dsa-1425

Other References:
SA27605:
http://secunia.com/advisories/27605/

SA27725:
http://secunia.com/advisories/27725/

Collapse -
Fedora update for xorg-x11-xfs
by Marianna Schmudlach / December 10, 2007 12:13 AM PST

Secunia Advisory: SA27946
Release Date: 2007-12-10


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


OS: Fedora Core 6

Description:
Fedora has issued an update for xorg-x11-xfs. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.

For more information:
SA27040

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00301.html

Other References:
SA27040:
http://secunia.com/advisories/27040/

Collapse -
Fedora update for kernel
by Marianna Schmudlach / December 10, 2007 12:15 AM PST

Secunia Advisory: SA27922
Release Date: 2007-12-10


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


OS: Fedora 7
Fedora Core 6

Description:
Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and by malicious people to cause a DoS (Denial of Service).

For more information:
SA27664

Solution:
Apply updated packages.

Original Advisory:
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00302.html
https://www.redhat.com/archives/fedor...-announce/2007-December/msg00170.html

Other References:
SA27664:
http://secunia.com/advisories/27664/

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?