HP Security Bulletin HPSBMU02785 SSRT100526 2 - A potential security vulnerability has been identified with HP LoadRunner running on Windows. The vulnerability can be exploited remotely to execute arbitrary code or cause a Denial of Service (DoS). Revision 2 of this advisory.
f130f923dd784102922bffc000c85f47f31bc6b498859349a7d691f349df8431
Mandriva Linux Security Advisory 2013-072 - When dnsmasq before 2.63 is used in conjunctions with certain configurations of libvirtd, network packets from prohibited networks may be sent to the dnsmasq application and processed. This can result in DNS amplification attacks for example. This update adds a new option --bind-dynamic which is immune to this problem. This update completes the fix for provided with dnsmasq-2.63. It was found that after the upstream patch for - replied to remote TCP-protocol based DNS queries (UDP protocol ones were corrected, but TCP ones not) from prohibited networks, when the --bind-dynamic option was used, - when --except-interface lo option was used dnsmasq didn't answer local or remote UDP DNS queries, but still allowed TCP protocol based DNS queries, - when --except-interface lo option was not used local / remote TCP DNS queries were also still answered by dnsmasq. This update fix these three cases.
1cd386bf36da7fa53caf08c4160adba6ddda2710da43dfc47169182527b1d65f
Red Hat Security Advisory 2013-0714-01 - stunnel is a socket wrapper which can provide SSL support to ordinary applications. For example, it can be used in conjunction with imapd to create an SSL-secure IMAP server. An integer conversion issue was found in stunnel when using Microsoft NT LAN Manager authentication with the HTTP CONNECT tunneling method. With this configuration, and using stunnel in SSL client mode on a 64-bit system, an attacker could possibly execute arbitrary code with the privileges of the stunnel process via a man-in-the-middle attack or by tricking a user into using a malicious proxy.
ae590ecfc6b085e50526809d06c73bd6b37ad1666674476fa467dca52adb7f34
Mandriva Linux Security Advisory 2013-071 - A privilege escalation flaw was found in the way dbus-glib, the D-Bus add-on library to integrate the standard D-Bus library with the GLib thread abstraction and main loop, performed filtering of the message sender, when the NameOwnerChanged signal was received. A local attacker could use this flaw to escalate their privileges.
38a7f795c9dbf85c8c9f40f7bee0e1c36b4f7c15067e9d63187d3ea2d1ae392a
Mandriva Linux Security Advisory 2013-070 - It was discovered that the D-Bus library honored environment settings even when running with elevated privileges. A local attacker could possibly use this flaw to escalate their privileges, by setting specific environment variables before running a setuid or setgid application linked against the D-Bus library (libdbus).
be68e4d8fcbb964f2e7bf79d0b49910b3b2c317c298a55458504f9b0c1e13092
Mandriva Linux Security Advisory 2013-069 - cups-pk-helper, a PolicyKit helper to configure CUPS with fine-grained privileges, wraps CUPS function calls in an insecure way. This could lead to uploading sensitive data to a CUPS resource, or overwriting specific files with the content of a CUPS resource. The user would have to explicitly approve the action.
ff5002b343b18cedb8e0512238d466a0a6f6cc46e50c1366199112fa122abc7a
Mandriva Linux Security Advisory 2013-068 - When using the authpgsql module and if the Postgres server goes down, authpgsql will start leaking memory. A packaging flaw was discovered that caused the courier-authlib-devel package to be installed when installing for example maildrop. This update fixes both of these issues.
41535366ebf9c3ed9a0e4eae5a5a57ddcdbb569bfeb6c689c0d625f5573c8e8f
Mandriva Linux Security Advisory 2013-067 - A security flaw was found in the way Apache CouchDB, a distributed,fault- tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain JSON callback. A remote attacker could provide a specially-crafted JSON callback that, when processed could lead to arbitrary JSON code execution via Adobe Flash. A DOM based cross-site scripting flaw was found in the way browser- based test suite of Apache CouchDB, a distributed, fault-tolerant and schema-free document-oriented database accessible via a RESTful HTTP/JSON API, processed certain query parameters. A remote attacker could provide a specially-crafted web page that, when accessed could lead to arbitrary web script or HTML execution in the context of a CouchDB user session.
27e3ca3316198e92252740ae172715149864d7743816d5b31b45c4c661c48195
Mandriva Linux Security Advisory 2013-066 - The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment. Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and 4.0.x before 4.0.8, 4.1.x and 4.2.x before 4.2.3, and 4.3.x before 4.3.3 does not restrict the characters in a username, which might allow remote attackers to inject data into an LDAP directory via a crafted login attempt. Various other issues were also addressed.
e6cfe4b2630782972753b045d1d3e894e084dfcfd1de0180473c8bbad6ad3f7d
Mandriva Linux Security Advisory 2013-065 - A security flaw was found in the way ordered_malloc() routine implementation in Boost, the free peer-reviewed portable C++ source libraries, performed 'next-size' and 'max_size' parameters sanitization, when allocating memory. If an application, using the Boost C++ source libraries for memory allocation, was missing application-level checks for safety of 'next_size' and 'max_size' values, a remote attacker could provide a specially-crafted application-specific file (requiring runtime memory allocation it to be processed correctly) that, when opened would lead to that application crash, or, potentially arbitrary code execution with the privileges of the user running the application. Boost.Locale library in Boost 1.48 to 1.52 including has a security flaw. ): boost::locale::utf::utf_traits accepted some invalid UTF-8 sequences. Applications that used these functions for UTF-8 input validation could expose themselves to security threats as invalid UTF-8 sequence would be considered as valid. The package has been patched to fix above security flaw.
6506d18ba87fdd843d65a7ab4ed782fa743a400711477dd1d06c23487bbaec54
Mandriva Linux Security Advisory 2013-064 - In bogofilter before 1.2.3, bogofilter's/bogolexer's base64 could overwrite heap memory in the character set conversion in certain pathological cases of invalid base64 code that decodes to incomplete multibyte characters.
94a47f4c0939f97348b6fd7cf18d03f8d815172bf9bcfd13ec4d5415b166e1d6
Mandriva Linux Security Advisory 2013-063 - Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors.
27287d4acd79429d18e727eb4cbda81f34d9472af17f0c3300048076d3248cd6
Mandriva Linux Security Advisory 2013-062 - Cross-site scripting vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi. Cross-site scripting vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer. Also, This update package corrects/improves the definition of variables in config.pl, the configuration file of backuppc: the variables SshPath, SmbClientPath, NmbLookupPath, TarClientPath, TopDir. As a result, backuppc should now run with the default values installed by the Mageia package, modifications of config.pl should only be required for defining site-specific settings.
2fa65dee664e8f1536ee0594d9b35cbcf524795d9eaad6576dc293c440d378f0
Mandriva Linux Security Advisory 2013-061 - Multiple XXS vulnerabilities was found and corrected in awstats. The updated packages have been patched to correct this issue.
a346e0b00f117b2ca871773b90f0bd8013d4742c3ead3ff816eb9a99c984219b
Mandriva Linux Security Advisory 2013-060 - Florian Weimer discovered that AccountsService incorrectly handled privileges when copying certain files to the system cache directory. A local attacker could exploit this issue to read arbitrary files, bypassing intended permissions.
457a0a0cb3fa73c7810251dcc6fe90800772e6acb9efe8ef45fc87d934211799
Mandriva Linux Security Advisory 2013-059 - libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to cause a denial of service via vectors involving a regular expression, as demonstrated by a memory-exhaustion attack against a machine running a dhcpd process, a related issue to CVE-2013-2266. The updated packages have upgraded to the 4.2.5-P1 version which is not vulnerable to this issue.
4db054e5798d9d31f62d6f67e4d0e0470d55ab51b79ee9d25ba157f3100f6635
Ubuntu Security Notice 1791-1 - Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic and Joe Drew discovered multiple memory safety issues affecting Thunderbird. If the user were tricked into opening a specially crafted message with scripting enabled, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute code with the privileges of the user invoking Thunderbird. Ambroz Bizjak discovered an out-of-bounds array read in the CERT_DecodeCertPackage function of the Network Security Services (NSS) library when decoding certain certificates. An attacker could potentially exploit this to cause a denial of service via application crash. Various other issues were also addressed.
12c1ff5d57a3985395b6e2f1e23778f825698b2edb1d69c58bed0f9613954ac0
Mandriva Linux Security Advisory 2013-058 - libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2, 9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows remote attackers to cause a denial of service (memory consumption) via a crafted regular expression, as demonstrated by a memory-exhaustion attack against a machine running a named process. The updated packages have been patched to correct this issue.
e53388a8fbae2beb233f334ba8f496d6db29a7c3a0a59bdc0e70bbfbfc78adc8
Mandriva Linux Security Advisory 2013-057 - builtins.c in Xinetd before 2.3.15 does not check the service type when the tcpmux-server service is enabled, which exposes all enabled services and allows remote attackers to bypass intended access restrictions via a request to tcpmux port 1. The updated packages have been upgraded to the 2.3.15 version which is not vulnerable to this issue.
ab5c7cf9c0b995dcd94e53914502ae766fd71e8fc369da0358613eb4901045c7
Mandriva Linux Security Advisory 2013-056 - A heap-buffer overflow was found in the way libxml2 decoded certain XML entities. A remote attacker could provide a specially-crafted XML file, which once opened in an application linked against libxml would cause that application to crash, or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way libxml2 performed string substitutions when entity values for entity references replacement was enabled. A remote attacker could provide a specially-crafted XML file that, when processed by an application linked against libxml2, would lead to excessive CPU consumption. An Off-by-one error in libxml2 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. The updated packages have been patched to correct these issues.
af9acf74042cc531e03902efd1151ff0e9a6cd65cb241177b80784cbcf067a2b
The Aastra 6753i IP Telephone suffers from a hardcoded telnetd administrative password.
62d1199d353ae991c9baaa62acd28e5797451f8295d39267e3a0f2c29067e7fb
Vanilla Forums versions 2.0.18.4 and below suffer from a remote SQL injection vulnerability.
8bfc7b93915d3d494f30a5acbd234606f92c7e181f68dccfb98c4ebdb77e55da
HexChat version 2.9.4 suffers from a buffer overflow vulnerability.
14b5088f5a0dd9d83df5f162592dcf460932c2148bb0e62536dda4e9f6170c19