FreeBSD Security Advisories
Security advisories published from the FreeBSD Project

FreeBSD-SA-08:06.bind
FreeBSD-SA-08:05.openssh
FreeBSD-SA-08:04.ipsec
FreeBSD-SA-08:03.sendfile
FreeBSD-SA-08:02.libc
FreeBSD-SA-08:01.pty
FreeBSD-SA-07:10.gtar
FreeBSD-SA-07:09.random
FreeBSD-SA-07:08.openssl
FreeBSD-SA-07:07.bind


Securityvulns news channel
securityvulns.com vulnerabilities newsline

HP Select Identity unauthorized access
Unauthorized access via Active Directory Bidirectional LDAP Connector. Applications: HPSI Active Directory Bidirectional LDAP Connector 2..20, HPSI Active Directory Bidirectional LDAP Connector 2..30 (19.07.2008)

F-Prot antivirus DoS
Out-of-bound memory access on CHM files parsing. Applications: F-Prot Antivirus 4.4 (19.07.2008)

afuse shell characters problem
Privilege escalation with shell characters in filenames. Applications: afuse 0.1, afuse 0.2 (19.07.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Contrexx CMS: crossite scripting, registration automation. Applications: Claroline 1.8, Contrexx CMS 2.0, Def_Blog 1.0 (19.07.2008)

Oracle SQL injection lateral attacks, updated since 27.04.2008
SQL injection into uncontrolled PL/SQL procedires is possible with e.g. modification of data format with ALTER SESSION. (19.07.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl), updated since 18.07.2008
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. CNCat: crossite scripting. Applications: Comdev Web Blogger 4.1, communitycms 0.1, Dokeos E-Learning System 1.8, openPro 1.3 (18.07.2008)

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Array index overflow on CSS parsing, crash on GIF processing under Mac OS X, code execution on command-line launch with URI. Applications: Firefox 2.0, Thunderbird 2.0, Seamonkey 1.1, Firefox 3.0 (18.07.2008)

PCRE buffer overflow
Buffer overflow on regular expression compilation. (18.07.2008)

Multiple DNS servers and clients DNS records spoofing, updated since 12.07.2008
DNS poisoning attack may be used to spoof query results. Applications: IOS 12.2, IOS 12.3, bind 9.3, IOS 12.4, pdns-recursor 3.1 (18.07.2008)

Velocity Web Server directory traversal
Applications: Velocity web server 1.0 (18.07.2008)



OpenNet RSS Feeds: sec_news
sec_news

FreeBSD-SA-08:06.bind


Debian: iceweasel - several vulnerabilities


Gentoo: BIND - Cache poisoning


Gentoo: NX - User-assisted execution of arbitrary code


Gentoo: Apache - Denial of Service


iDefense: Novell eDirectory LDAP Search


Debian: poppler - execution of arbitrary code


Gentoo: OpenOffice.org - User-assisted execution of arbitrary


MDVSA: BIND - critical DNS


Debian: BIND 8 deprecation notice