Ubuntu Security Notice 1256-1 - It was discovered that the /proc filesystem did not correctly handle permission changes when programs executed. A local attacker could hold open files to examine details about programs running with higher privileges, potentially increasing the chances of exploiting additional vulnerabilities. Vasiliy Kulikov discovered that the Bluetooth stack did not correctly clear memory. A local attacker could exploit this to read kernel stack memory, leading to a loss of privacy. Various other issues were also addressed.
065ea3de04cbda6ba2f070db62f0f0ff03f73b678f1a9b1d73799d5e8bba15ab
AbsoluteFTP versions 1.9.6 through 2.2.10 remote buffer overflow exploit that leverages LIST.
872f01e2a854cf7a032dcfdef483fd45566641df3e165e3e32f59442959ff147
Aviosoft Digital TV Player Professional version 1.x stack buffer overflow exploit that spawns calc.exe.
dcacb9fec63a2e9898a6a4280beea67758dc693f42d4b3d3c4f4a587825aa14b
Debian Linux Security Advisory 2342-1 - Several vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey.
63e0e431eb37b31df98004322a486fab6463bbe6ef79e7408f1c33151d3c507e
WebDirector suffers from administrative bypass and remote SQL injection vulnerabilities.
719b9c1df0e82a264cec5e497c0b149dae5c0c1056c391bea6818f92188217bd
Apple Security Advisory 2011-11-08-1 - Multiple vulnerabilities exist in Java 1.6.0_26, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user. These issues are addressed by updating to Java version 1.6.0_29.
7891543823b833ae64a36fc0bb4cf85c02278847d9d14c98f62da407a82c2326
Debian Linux Security Advisory 2341-1 - Several vulnerabilities have been discovered in Iceweasel, a web browser based on Firefox. The included XULRunner library provides rendering services for several other applications included in Debian.
49b2ea2e13f12ea813f648bf11745925bbb71815068774b168927da6c8cffce5
Cisco Security Advisory - Software that runs on Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices was updated to include secure default configurations beginning with the TC4.0 release. This change was accompanied by the release of Cisco Security Advisory cisco-sa-20110202-tandberg. Due to a manufacturing error, Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series devices that were distributed between November 18th, 2010 and September 19th, 2011 may have the root account enabled. Information on how to identify affected devices is available in the Details section of this advisory. Information on how to remediate this issue is available in the Workarounds section of this advisory.
29725f918f2e90e18a092a05d00bd56e61df7a178f50f6781b4b8e40bbff7374
VtigerCRM version 5.2.1 suffers from a local file inclusion vulnerability.
003555ea45a9fdbed681bd06acaa02897eb02bb975506e0998fe3151aaf00c4a
Mandriva Linux Security Advisory 2011-168 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary error state in the backend server) via a malformed HTTP request. The fix for CVE-2011-3192 provided by the MDVSA-2011:130 advisory introduced regressions in the way httpd handled certain Range HTTP header values. The updated packages have been patched to correct these issues.
5845916851f0b3755bcd79bb959415df4c03565cfb80d7815ae350490adc18fb
Ubuntu Security Notice 1255-1 - Hossein Lotfi discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. It was discovered that libmodplug did not correctly handle certain malformed media files. If a user or automated system were tricked into opening a crafted media file, an attacker could cause a denial of service or possibly execute arbitrary code with privileges of the user invoking the program. Various other issues were also addressed.
09897dc544161b3ede6fcf4986c67a81739df97dffc0af6a6cfd30a3f2d47b0f
AShop version 5.1.3 suffers from cross site scripting and open redirect vulnerabilities.
0ab892b748573621ed77cdb1dec10b686d9a041f8d2e674dfe081fea2f6dcdf1
Dolibarr version 3.1.0 suffers from multiple cross site scripting vulnerabilities.
73f62c78744b3f8b4d9c6c84e33979de78be6f662baa3b6b6eae31a30ae282d3
Red Hat Security Advisory 2011-1444-01 - Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Digicert Sdn. Bhd. is not the same company as found at digicert.com. Note: This fix only applies to applications using the NSS Builtin Object Token. It does not render the certificates untrusted for applications that use the NSS library, but do not use the NSS Builtin Object Token.
ca83c6f7cf131448d6882eabded7573a909ac43661be5472206d2d7cb7ce1746
LabWiki versions 1.1 and below suffer from cross site scripting and shell upload vulnerabilities.
15a8cb3effbbc1b150b12c56fce6ab784d8f3a93df467df3afe18b0ea7f86c6a
Code Audit Labs has discovered that Adobe Shockwave Player suffers from a director file parsing denial of service vulnerability.
a6ce6c08710b2be298adcfee6425607f99829e28a0c0ff7cc5af4dcdc68dc795
Code Audit Labs has discovered that Adobe Shockwave Player suffers from a director file PAMM memory corruption vulnerability.
8fa0331e11caebc74f418fca888a60b9a5de00d45ee773bf9557006f4fd13e66
Red Hat Security Advisory 2011-1441-01 - The IcedTea-Web project provides a Java web browser plug-in and an implementation of Java Web Start, which is based on the Netx project. It also contains a configuration tool for managing deployment settings for the plug-in and Web Start implementations. A flaw was found in the same-origin policy implementation in the IcedTea-Web browser plug-in. A malicious Java applet could use this flaw to open network connections to hosts other than the originating host, violating the same-origin policy. All IcedTea-Web users should upgrade to these updated packages, which upgrade IcedTea-Web to version 1.0.6 to correct this issue. Web browsers using the IcedTea-Web browser plug-in must be restarted for this update to take effect.
e475f500757b9400cbbd2125fc824c4792f4fcdfd60fd5d87492b02b1589069b
Red Hat Security Advisory 2011-1440-01 - SeaMonkey is an open source web browser, email and newsgroup client, IRC chat client, and HTML editor. A cross-site scripting flaw was found in the way SeaMonkey handled certain multibyte character sets. A web page containing malicious content could cause SeaMonkey to run JavaScript code with the permissions of a different website. All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.
be943c91e86570f5afdd3ff9f206a5e3daeeed4880fe0df663aa87a0cc2bf88c
Sites designed by EIN-SOF suffer from remote SQL injection vulnerabilities.
a3ee2b64cb7dc4b79d377c01fbe231c0129a6b326c1bc6dd2c179638f76eb9e0
This is a notification from Microsoft that MS11-037, MS11-JUN, and MS11-071 have undergone major revision increments.
815b6754899af8206bd2ff41adffaa055ba6d8abd0e39ff9ff97446ad9074860
Core Security Technologies Advisory - A memory corruption vulnerability in Adobe Shockwave Player can be leveraged to execute arbitrary code on vulnerable systems by enticing users to visit a malicious web site with a specially crafted .dir file. This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.
695649c7d963064d7f163ac945a29aca4d694e1c7ff52a09ee8e2a7a93377531
Technical Cyber Security Alert 2011-312A - There are multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address these vulnerabilities.
81ac98d2afaadbbaa9288b675a0479d88d9b743c1a79f5f972982ccbe9c5b0d4
Ubuntu Security Notice 1253-1 - Ryan Sweat discovered that the kernel incorrectly handled certain VLAN packets. On some systems, a remote attacker could send specially crafted traffic to crash the system, leading to a denial of service. Vasiliy Kulikov and Dan Rosenberg discovered that ecryptfs did not correctly check the origin of mount points. A local attacker could exploit this to trick the system into unmounting arbitrary mount points, leading to a denial of service. Various other issues were also addressed.
500dc3b4a945636f97bf2e47879fe76c35bb56044546ce1c830a4bcfd79e5365
This bulletin summary lists 4 Microsoft security bulletins released for November, 2011.
bed40aa96f50cbe6e979d8ac1028836a3e003551bb30a58821c831e5c03b2999