ALWIL Software

avast! antivirus 4.6.623 and prior

A fixed version (4.6.652) is available via the application's user
interface or at: href="http://www.avast.com/eng/updates.html">http://www.avast.com/eng/updates.html

Currently we are not aware of any exploits for this
vulnerability.

Black Cactus

Warrior Kings: Battles 1.23
& prior, Warrior Kings 1.3 &
prior

Two vulnerabilities have been reported that could let remote malicious
users cause a Denial of Service and potentially compromise a vulnerable
system. This is due to a format string error in the text visualization and
an error in the handling of partial join packets.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

ezdwc

NewsletterEz 3.0

An input validation vulnerability has been reported that could let a
remote malicious user inject SQL commands. The 'news/admin/login.asp'
script does not properly validate user-supplied input in the 'password'
parameter.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Multiple vulnerabilities have been reported that could let local
malicious users view sensitive information or could let remote malicious
users conduct script insertion attacks, bypass certain security
restrictions, and trick users into executing malicious files. This is
because files in the installation directory have improper permissions;
input passed to the picture column and drop-down list of a SharePoint list
is not properly validated; there is an error in the access restrictions on
COM objects; and, the file extension for files attached to or embedded in
a document with Microsoft Windows OLE is not properly displayed.

Groove Virtual Office: Update to version 3.1a build 2364 or 3.1 build
2338: href="http://www.groove.net/index.cfm/pagename/UpdateGroove/">http://www.groove.net/index.cfm/
href="http://www.groove.net/index.cfm/pagename/UpdateGroove/">pagename/UpdateGroove/

Groove Workspace: Update to version 2.5n build 1871: href="http://www.groove.net/index.cfm?pagename=DownloadsArchive">
http://www.groove.net/index.cfm?
pagename=DownloadsArchive

There is no exploit code required.

US-CERT
VU#443370

US-CERT
VU#372618

US-CERT
VU#155610

US-CERT
VU#514386

US-CERT
VU#232232

Ipswitch

IMail Server 8.x

Multiple vulnerabilities have been reported in IMail Server, which
could let a remote malicious user gain sensitive information or cause a
Denial of Service. These are due to unspecified errors in the IMAP4d32
service and Web Calendaring.

Apply IMail Server 8.2 Hotfix 2: href="ftp://ftp.ipswitch.com/Ipswitch/Product_Support/IMail/imail82hf2.exe">ftp://ftp.ipswitch.com/Ipswitch/
Product_Support/IMail/imail82hf2.exe

Currently we are not aware of any exploits for these
vulnerabilities.

LS Games

War Times 1.03 and prior versions

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Windows Media Player 9 Series, Windows Messenger 5.0, MSN Messenger
6.1, 6.2

Several vulnerabilities exist: a vulnerability exists in Media Player
due to a failure to properly handle PNG files that contain excessive width
or height values, which could let a remote malicious user execute
arbitrary code; and a vulnerability exists in the Windows and MSN
Messenger due to a failure to properly handle corrupt or malformed PNG
files, which could let a remote malicious user execute arbitrary code.

Patches available at: href="http://www.microsoft.com/technet/security/bulletin/MS05-007.mspx">
http://www.microsoft.com/technet/
security/bulletin/MS05-009.mspx

V1.1: Bulletin updated with information on the mandatory upgrade of
vulnerable MSN Messenger clients in the caveat section, as well as changes
to the Workarounds for PNG Processing Vulnerability in MSN Messenger.

V1.2: Bulletin updated with correct file version information for
Windows Messenger 5.0 update, as well as added Windows Messenger 5.1 to
"Non-Affected Software" list.

V2.0: The update for Windows Messenger version 4.7.0.2009 (when running
on Windows XP Service Pack 1) was failing to install when distributed via
SMS or AutoUpdate. An updated package corrects this behavior.

V2.1: Bulletin updated to update the "Security Update Information"
section for the Microsoft Windows Messenger 4.7.0.2009 (when running on
Windows XP Service Pack 1) security update.

V2.2: Updated the "deployment" section of Microsoft Windows
Messenger version 4.7.0.2009 for the correct command.

An exploit script has been published for MSN Messenger/Windows
Messenger PNG Buffer Overflow vulnerability.

Microsoft Media Player & Windows/MSN Messenger PNG
Processing

href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1244">CAN-2004-1244
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0597">CAN-2004-0597 href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1244">

Microsoft Security Bulletin, MS05-009, February 8, 2005

US-CERT
Technical Cyber Security Alert TA05-039A

US-CERT
Cyber Security Alert SA05-039A

US-CERT Vulnerability
Note VU#259890

Security Focus, February 10, 2005

Microsoft Security Bulletin MS05-009 V1.1, February 11, 2005

Microsoft Security Bulletin, MS05-009 V1.2, February 15, 2005

Microsoft Security Bulletin, MS05-009 V2.0, April 12, 2005

Microsoft Security Bulletin, MS05-009 V2.1, May 11, 2005

Microsoft Security Bulletin, MS05-009 V2.2, May 11,
2005

Microsoft

Word

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Microsoft

Word 2000, 2002

Works Suite 2001, 2002, 2003, and 2004

Office Word 2003

A buffer overflow vulnerability has been reported that could lead to
remote execution of arbitrary code or escalation of privilege.

Updates available: href="http://www.microsoft.com/technet/security/Bulletin/MS05-023.mspx">
http://www.microsoft.com/technet/
security/Bulletin/MS05-023.mspx

V1.1 Bulletin updated to point to the correct Exchange 2000 Server
Post-Service Pack 3 (SP3) Update Rollup and to advise on the scope and
caveats of workaround "Unregister xlsasink.dll and fallback to Active
Directory for distribution of route information."

V1.2: Bulletin updated to add msiexec in the administrative
installation in "Administrative Deployment" section for all versions.

V1.3: Bulletin updated to reflect a corrected Winword.exe file
version for Word 2000.

Currently we are not aware of any exploits for this
vulnerability.

Microsoft Word Remote Code Execution & Escalation of
Privilege Vulnerabilities

href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0963">CAN-2004-0963
href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0558">CAN-2005-0558

Microsoft Security Bulletin MS05-023, April 12, 2005

US-CERT
VU#442567

US-CERT VU#752591

Microsoft Security Bulletin MS05-023 V1.1, April 14, 2005

Microsoft Security Bulletin MS05-023 V1.2, May 11, 2005

Microsoft Security Bulletin MS05-023 V1.3, May 18,
2005

Miranda IM

'PopUp Plus' 2.0.3.8 plugin for Miranda Instant Messenger

A buffer overflow vulnerability has been reported that could let a
remote malicious user execute arbitrary code on the target system. The
vulnerability can be exploited if the 'Use SmileyAdd Setting' application
menu option is enabled.

Update available at: href="http://files.miranda-im.org/testing/popupplus.zip">
http://files.miranda-
im.org/testing/popupplus.zip

A Proof of Concept exploit has been published.

sec.org.il Security Advisory, April 6, 2005

Security Focus, 13048, May 19, 2005

Zone Labs

ZoneAlarm Antivirus 5.x
ZoneAlarm Security Suite 5.x

A integer overflow vulnerability has been reported that could let
remote malicious users execute arbitrary code or gain escalated
privilege.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

Apple

Macintosh OS X

Multiple vulnerabilities have been reported:a Denial of Service
vulnerability was reported in the 'nfs_mount()' function due to
insufficient input value checks; a Directory Traversal vulnerability was
reported in bluetooth-enabled systems due to an input validation error,
which could let a remote malicious user obtain sensitive information; a
vulnerability was reported in two system calls used to search filesystem
objects due to insufficient checks on directory permissions, which could
let a malicious user obtain sensitive information; a vulnerability was
reported in the SecurityAgent because a malicious user can bypass a locked
screensaver to start background applications; and a vulnerability was
reported because a remote malicious user can bypass a download warning
dialog to install potentially malicious Dashboard widgets.

Updates available at:
href="http://www.apple.com/support/downloads/">http://www.apple.com/support/downloads/

Currently we are not aware of any exploits for these vulnerabilities.

Blue Coat Systems

Blue Coat Reporter 7.x

Several vulnerabilities have been reported: a vulnerability was
reported due to an unspecified error, which could let a remote malicious
user obtain administrative privileges; a vulnerability was reported due to
an unspecified error which could let an unprivileged remote malicious user
add a license; a vulnerability was reported in the 'Add User' window due
to insufficient sanitization of input passed as a username, which could
let a remote malicious user execute arbitrary code; and a vulnerability
was reported in the 'Licensing' page due to insufficient sanitization of
input passed as a license key, which could let a remote malicious user
execute arbitrary code.

Update available at:
href="http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html">http://www.bluecoat.com/support/
knowledge/advisory_reporter_
711_vulnerabilities.html

Currently we are not aware of any exploits for these
vulnerabilities.

bzip2

bzip2 1.0.2

A remote Denial of Service vulnerability has been reported when the
application processes malformed archives.

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/">http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

Currently we are not aware of any exploits for this
vulnerability.

Ubuntu Security Notice, USN-127-1, May 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:091, May
19, 2005

bzip2

bzip2 1.0.2 & prior

A vulnerability has been reported when an archive is extracted into a
world or group writeable directory, which could let a malicious user
modify file permissions of target files.

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/b/bzip2/">http://security.ubuntu.com/
ubuntu/pool/main/b/bzip2/

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

There is no exploit code required.

Security Focus,
12954,
March 31, 2005

Ubuntu Security Notice, USN-127-1, May 17, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:091, May
19, 2005

Cheetah

Cheetah 0.9.16 a1

Upgrades available at:
href="http://prdownloads.sourceforge.net/cheetahtemplate/Cheetah-0.9.17rc1.tar.gz?download"
target=_blank>http://prdownloads.
sourceforge.net/
cheetahtemplate/Cheetah-
0.9.17rc1.tar.gz?download

Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-14.xml">http://security.gentoo.org/
glsa/glsa-200505-14.xml

There is no exploit code required.

Secunia Advisory, SA15386,
May 17, 2005

Gentoo Linux Security Advisory, GLSA 200505-14, May 19, 2005

eSYS Information systems

Gibraltar Firewall 2.2

Update available at: href="ww.gibraltar.at">
ww.gibraltar.at/

There is no exploit code required.

Ferry Boender

PROMS 0.7-0.10

Multiple vulnerabilities have been reported: A vulnerability was
reported due to insufficient validation of several user-supplied
parameters before used in SQL queries, which could let a remote malicious
user execute arbitrary SQL code; a Cross-Site Scripting vulnerability was
reported due to insufficient validation of HTML entries in some fields,
which could let a remote malicious user execute arbitrary HTML and script
code and a vulnerability was reported because an unauthorized malicious
user can view/modify the project member's list.

Upgrades available at:
href="http://projects.electricmonk.nl//files/PROMS/proms-0.11.tar.gz"
target=_blank>http://projects.electricmonk.nl//
files/PROMS/proms-0.11.tar.gz

There is no exploit code required.

FreeBSD

FreeBSD 5.4 & prior

Patches and updates available at:
href="ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc">ftp://ftp.freebsd.org/pub/FreeBSD/
CERT/advisories/FreeBSD-SA-05:09.htt.asc

SCO:
href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24 ">ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.24

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/">http://security.ubuntu.com/
ubuntu/pool/main/l/

Currently we are not aware of any exploits for this
vulnerability.

FreeBSD Security Advisory, FreeBSD-SA-05:09, May 13, 2005

SCO Security Advisory, SCOSA-2005.24, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23, 2005

US-CERT
VU#911878

Gentoo

Linux 1.x

The vendor has released a fixed version of net-www/webapp-config
(1.10-r14).

A Proof of Concept exploit has been published.

GNOME

gEdit 2.0.2, 2.2 .0, 2.10.2

A format string vulnerability has been reported when invoking the
program with a filename that includes malicious format specifiers, which
could let a remote malicious user cause a Denial of Service and
potentially execute arbitrary code.

No workaround or patch available at time of publishing.

An exploit has been published.

GNU

gzip 1.2.4 a, 1.2.4, 1.3.3-1.3.5

A Directory Traversal vulnerability has been reported due to an input
validation error when using 'gunzip' to extract a file with the '-N' flag,
which could let a remote malicious user obtain sensitive information.

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/g/gzip/">http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix: href="http://http.trustix.org/pub/trustix/updates/">
http://http.trustix.org/
pub/trustix/updates/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-05.xml">
http://security.gentoo.org/
glsa/glsa-200505-05.xml

IPCop:
href="http://ipcop.org/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=3&orderby=dateD"
target=_blank>http://ipcop.org/modules.php?
op=modload&name=Downloads
&file=index&req=viewdownload
&cid=3&orderby=dateD

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

Proof of Concept exploit has been published.

Bugtraq, 396397, April 20, 2005

Ubuntu Security Notice, USN-116-1, May 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6,
2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Security Focus,13290, May 11, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May
19, 2005

GNU

gzip 1.2.4, 1.3.3

A vulnerability has been reported when an archive is extracted into a
world or group writeable directory, which could let a malicious user
modify file permissions.

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/g/gzip/">http://security.ubuntu.com/
ubuntu/pool/main/g/gzip/

Trustix: href="http://http.trustix.org/pub/trustix/updates/">
http://http.trustix.org/
pub/trustix/updates/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-05.xml">
http://security.gentoo.org/
glsa/glsa-200505-05.xml

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

There is no exploit code required.

Security Focus,
12996,
April 5, 2005

Ubuntu Security Notice, USN-116-1, May 4, 2005

Trustix Secure Linux Security Advisory, TSLSA-2005-0018, May 6,
2005

Gentoo Linux Security Advisory, GLSA 200505-05, May 9, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May
19, 2005

GNU

zgrep 1.2.4

A vulnerability has been reported in 'zgrep.in' due to insufficient
validation of user-supplied arguments, which could let a remote malicious
user execute arbitrary commands.

A patch for 'zgrep.in' is available in the following bug report:
href=" http://bugs.gentoo.org/show_bug.cgi?id=90626">http://bugs.gentoo.org/
show_bug.cgi?id=90626

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

There is no exploit code required.

Security Tracker Alert, 1013928, May 10, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:092, May
19, 2005

Igor Khasilev

Oops Proxy Server 1.4.22, 1.5.53

Gentoo: href=" http://security.gentoo.org/glsa/glsa-200505-02.xml">
http://security.gentoo.org/
glsa/glsa-200505-02.xml

Debian:
href="http://security.debian.org/pool/updates/main/o/oops/">http://security.debian.org
/pool/updates/main/o/oops/

Currently, we are not aware of any exploits for this
vulnerability.

Security Focus, 13172, April 14, 2005

Gentoo Linux Security Advisory, GLSA 200505-02, May 6, 2005

Debian Security Advisory, DSA 726-1, May 20, 2005

Iron Bars SHell

Iron Bars SHell 0.3a- 0.3c

A vulnerability has been reported due to a format string error, which
could let a malicious user execute arbitrary code.

Upgrades available at:
href="http://freshmeat.net/redir/ibsh/57192/url_tgz/ibsh-0.3d.tar.gz"
target=_blank>http://freshmeat.net/redir/ibsh/
57192/url_tgz/ibsh-0.3d.tar.gz

Currently, we are not aware of any exploits for this
vulnerability.

Julian Field

MailScanner 4.41.3 & prior

Update available at:
href=" http://www.sng.ecs.soton.ac.uk/mailscanner/downloads.shtml">http://www.sng.ecs.soton.ac.uk/
mailscanner/downloads.shtml

Currently we are not aware of any exploits for this
vulnerability.

KDE

KDE 3.2-3.2.3, 3.3-3.3.2, 3.4,
KDE Quanta 3.1

A vulnerability has been reported due to a design error in Kommander,
which could let a remote malicious user execute arbitrary code.

Patches available at:
href="ftp://ftp.kde.org/pub/kde/security_patches/post-3.3.2-kdewebdev-kommander.diff"
target=_blank>ftp://ftp.kde.org/pub/kde/
security_patches/f

Gentoo: href="http://security.gentoo.org/glsa/glsa-200504-23.xml">
http://security.gentoo.org/
glsa/glsa-200504-23.xml

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/">http://security.ubuntu.com/
Subunit/pool/universe
/k/kdewebdev/

Conectiva:
href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

Currently we are not aware of any exploits for this
vulnerability.

KDE Security Advisory, April 20, 2005

Gentoo Linux Security Advisory, GLSA 200504-23, April 22, 200

Fedora Update Notification
FEDORA-2005-345, April 28, 2005

Ubuntu Security Notice, USN-115-1, May 03, 2005

Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005

Gentoo Linux Security Advisory [UPDATE] GLSA 200504-23:02, May
20, 2005

LibTIFF

LibTIFF 3.4, 3.5.1-3.5.5, 3.5.7, 3.6 .0, 3.6.1, 3.7, 3.7.1

A buffer overflow vulnerability has been reported in the 'TIFFOpen()'
function when opening malformed TIFF files, which could let a remote
malicious user execute arbitrary code.

Patches available at:
href="http://bugzilla.remotesensing.org/attachment.cgi?id=238"
target=_blank>http://bugzilla.remotesensing.org/
attachment.cgi?id=238

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-07.xml">
http://security.gentoo.org/
glsa/glsa-200505-07.xml

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/t/tiff/">http://security.ubuntu.com/
ubuntu/pool/main/t/tiff/

Currently we are not aware of any exploits for this
vulnerability.

Gentoo Linux Security Advisory, GLSA 200505-07, May 10, 2005

Ubuntu Security Notice, USN-130-1, May 19, 2005

A Denial of Service vulnerability has been reported due to the creation
of an insecure file by the kernel it87 and via686a drivers.

Patch available at:
href="http://kernel.org/pub/linux/kernel/v2.6/patch-2.6.11.8.bz2"
target=_blank>http://kernel.org/pub/linux/
kernel/v2.6/patch-2.6.11.8.bz2

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/">http://security.ubuntu.com/
ubuntu/pool/main/l/

There is no exploit code required.

Secunia Advisory,
SA15204, May 2, 2005

Ubuntu Security Notice, USN-131-1, May 23,
2005

Marc Lehmann

Convert-UUlib 1.50

Update available at:
href="http://search.cpan.org/dist/Convert-UUlib/">http://search.cpan.org/
dist/Convert-UUlib/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200504-26.xml">
http://security.gentoo.org/
glsa/glsa-200504-26.xml

Debian:
href="http://security.debian.org/pool/updates/main/libc/libconvert-uulib-perl/">http://security.debian.org/pool/
updates/main/libc/libconvert-uulib-perl/

Currently we are not aware of any exploits for this
vulnerability.

Gentoo Linux Security Advisory, GLSA 200504-26, April 26, 2005

Secunia Advisory, SA15130, April 27, 2005

Debian Security Advisory, DSA 727-1, May 20, 2005

Mozilla.org

Firefox 1.0

Update available at: alink="#999999"> href="http://www.mozilla.org/products/firefox/all.html ">
http://www.mozilla.org/products/
firefox/all.html

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/3/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200503-10.xml">
http://security.gentoo.org/
glsa/glsa-200503-10.xml

SuSE: href="ftp://ftp.suse.com/pub/suse/">
ftp://ftp.suse.com/pub/suse/

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
http://security.gentoo.org/
glsa/glsa-200503-30.xml

href="http://security.gentoo.org/glsa/glsa-200503-30.xml">http://security.gentoo.org/
glsa/glsa-200503-32.xml

FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/\
href="http://download.fedoralegacy.org/redhat/">redhat/

An exploit has been published.

Mozilla Foundation Security Advisory, 2005-28, February 25, 2005

SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005

Fedora Update Notification,
FEDORA-2005-247
2005-03-23

Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032,
March 25, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18,
2005

Multiple Vendors

ImageMagick 6.0-6.0.8, 6.1-6.1.8, 6.2 .0.7, 6.2 .0.4, 6.2, 6.2.1

Upgrades available at:
href="http://www.imagemagick.org/script/binary-releases.php"
target=_blank>http://www.imagemagick.org/
script/binary-releases.php

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/i/imagemagick/">http://security.ubuntu.com/
ubuntu/pool/main/i/imagemagick/

A Proof of Concept exploit has been published.

Security Focus, 13351, April 25, 2005

Fedora Update Notification
FEDORA-2005-344, April 28, 2005

Ubuntu Security Notice, USN-132-1 May 23, 2005, May 23, 2005

Multiple Vendors

KDE 2.0, beta, 2.0.1, 2.1-2.1.2, 2.2-2.2.2, 3.0-3.0.5, 3.1-3.1.5,
3.2-3.2.3, 3.3-3.3.2, 3.4; Novell Linux Desktop 9; SuSE Linux 9.1, x86_64,
9.2, x86_64, 9.3, Linux Enterprise Server 9

Patches available at:
href="http://bugs.kde.org/attachment.cgi?id=10325&action=view">http://bugs.kde.org/attachment.cgi
?id=10325&action=view

href="http://bugs.kde.org/attachment.cgi?id=10326&action=view ">http://bugs.kde.org/attachment.cgi
?id=10326&action=view

SuSE:
href="ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/kdelibs3-3.2.1-44.46.i586.rpm"
target=_blank>ftp://ftp.suse.com/pub/suse/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200504-22.xml">
http://security.gentoo.org/
glsa/glsa-200504-22.xml

Debian:
href="http://security.debian.org/pool/updates/main/k/kdelibs/">http://security.debian.org/
pool/updates/main/k/kdelibs/

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/">http://security.ubuntu.com/
ubuntu/pool/main/k/kdelibs/

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

Conectiva:
href="ftp://atualizacoes.conectiva.com.br/">ftp://atualizacoes.conectiva.com.br/

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-393.html">http://rhn.redhat.com/
errata/RHSA-2005-393.html

Denial of Service Proofs of Concept exploits have been published.

SUSE Security Announcement, SUSE-SA:2005:022, April 11, 2005

Gentoo Linux Security Advisory, GLSA 200504-22, April 22, 2005

Debian Security Advisory, DSA 714-1, April 26, 2005

Fedora Update Notification,
FEDORA-2005-350, May 2, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:085, May 12, 2005

Conectiva Linux Security Announcement, CLA-2005:953, May 17, 2005

RedHat Security Advisory, RHSA-2005:393-05, May 17, 2005

SUSE Security Summary Report, SUSE-SR:2005:013, May 18, 2005

Multiple Vendors

MandrakeSoft Corporate Server 3.0, x86_64, Linux Mandrake 10.0, AMD64,
10.1, X86_64;Novell Evolution 2.0.2l Ubuntu Linux 4.1 ppc, ia64,
ia32;
Ximian Evolution 1.0.3-1.0.8, 1.1.1, 1.2-1.2.4, 1.3.2
(beta)

A buffer overflow vulnerability exists in the main() function of the
'camel-lock-helper.c' source file, which could let a remote malicious user
execute arbitrary code.

Update available at: alink="#999999">
href="http://cvs.gnome.org/viewcvs/evolution/camel/camel-lock-helper.c?rev=1.7&hideattic=0&view=log ">http://cvs.gnome.org/viewcvs/evolution/
camel/camel-lock-helper.c?rev=1.7
&hideattic=0&view=log

Gentoo: href="http://security.gentoo.org/glsa/glsa-200501-35.xml">
http://security.gentoo.org/
glsa/glsa-200501-35.xml

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">
http://www.mandrakesecure.net/
en/ftp.php

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/e/evolution/evolution1.5_2.0.2-0ubuntu2.1_all.deb"
target=_blank>http://security.ubuntu.com/ubuntu/
pool/main/e/evolution/

SUSE: href="ftp://ftp.suse.com/pub/suse/">
ftp://ftp.suse.com/pub/suse/

Debian: href="http://security.debian.org/pool/updates/main/e/evolution/">
http://security.debian.org/pool/
updates/main/e/evolution/

Conectiva: href="ftp://atualizacoes.conectiva.com.br/">
ftp://atualizacoes.conectiva.com.br/

ALT Linux: href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html">
http://lists.altlinux.ru/pipermail/
security-announce/2005-March
/000287.html

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-238.html">http://rhn.redhat.com/
errata/RHSA-2005-238.html

Currently we are not aware of any exploits for this
vulnerability.

Gentoo Linux Security Advisory, GLSA 200501-35, January 25, 2005

Ubuntu Security Notice, USN-69-1, January 25, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:024, January 27,
2005

SUSE Security Summary Report, SUSE-SR:2005:003,
February 4, 2005

Debian Security Advisory, DSA 673-1, February 10, 2005

Conectiva Linux Security Announcement, CLA-2005:925, February 16, 2005

ALTLinux Security Advisory, March 29, 2005

RedHat Security Advisory, RHSA-2005:238-18, May 19, 2005

Multiple Vendors

Qpopper 4.x; Gentoo Linux

Upgrades available at:
href="ftp://ftp.qualcomm.com/eudora/servers/unix/popper/old/qpopper4.0.5.tar.gz"
target=_blank>ftp://ftp.qualcomm.com/eudora/
servers/unix/popper/old/qpopper4.0.5.tar.gz

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-17.xml">
http://security.gentoo.org/
glsa/glsa-200505-17.xml

There is no exploit code required.

Gentoo Linux Security Advisory GLSA 200505-17, May 23, 2005

Secunia Advisory, SA15475, May 24, 2005

Multiple Vendors

Gentoo Linux;
GNU GDB 6.3

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-15.xml">
http://security.gentoo.org/
glsa/glsa-200505-15.xml

Currently we are not aware of any exploits for these vulnerabilities.

Multiple Vendors

GraphicsMagick GraphicsMagick 1.0, 1.0.6, 1.1, 1.1.3-1.1.6; ImageMagick
ImageMagick 5.3.3, 5.3.8, 5.4.3, 5.4.4 .5, 5.4.7, 5.4.8, 5.5.3.2-1.2.0,
5.5.4, 5.5.6 .0-20030409, 5.5.6, 5.5.7, 6.0-6.0.8, 6.1-6.1.8, 6.2.0.7, 6.2
.0.4, 6.2-6.2.2

A remote Denial of Service vulnerability has been reported due to a
failure to handle malformed XWD image files.

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-16.xml">
http://security.gentoo.org/
glsa/glsa-200505-16.xml

Currently we are not aware of any exploits for this
vulnerability.

Multiple Vendors

Linux kernel 2.2.x, 2.4.x, 2.6.x

Update available at: href="http://kernel.org/">
http://kernel.org/

Trustix:
href="http://www.trustix.org/errata/2005/0022/">http://www.trustix.org/
errata/2005/0022/

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/">http://security.ubuntu.com/
ubuntu/pool/main/l/

An exploit script has been published.

Secunia Advisory, SA15341, May 12, 2005

Trustix Secure Linux Security Advisory, 2005-0022, May 13, 2005

Ubuntu Security Notice, USN-131-1, May 23,
2005

Multiple Vendors

Linux Kernel 2.6 up to & including 2.6.12-rc4

Several vulnerabilities have been reported: a vulnerability was
reported in raw character devices (raw.c) because the wrong function is
called before passing an ioctl to the block device, which crosses security
boundaries by making kernel address space accessible from user space; and
a vulnerability was reported in the 'pkt_ioctl' function in the 'pktcdvd'
block device ioctl handler
(pktcdvd.c) because the wrong function is
called before passing an ioctl to the block device, which could let a
malicious user execute arbitrary code.

Update available at: href="http://kernel.org/">
http://kernel.org/

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/">http://security.ubuntu.com/
ubuntu/pool/main/l/

A Proof of Concept Denial of Service exploit script has been published.

Secunia Advisory, SA15392, May 17, 2005

Ubuntu Security Notice, USN-131-1, May 23,
2005

Multiple Vendors

Linux kernel 2.6.10, 2.6, -test1-test11, 2.6.1-2.6.12; RedHat Desktop
3.0, Enterprise Linux WS 3, ES 3, AS 3

RedHat: href="http://rhn.redhat.com/errata/RHSA-2005-294.html">
http://rhn.redhat.com/
errata/RHSA-2005-294.html

Currently we are not aware of any exploits for this
vulnerability.

Multiple Vendors

Linux kernel 2.6.10, 2.6, -test9-CVS, -test1-test11, 2.6.1-2.6.9;

RedHat Desktop 4.0, Enterprise Linux WS 4, ES 4, AS 4

A Denial of Service vulnerability has been reported in the
'fib_seq_start' function in 'fib_hash.c.'

RedHat;
href="http://rhn.redhat.com/errata/RHSA-2005-366.html">http://rhn.redhat.com/
errata/RHSA-2005-366.html

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/">http://security.ubuntu.com/
ubuntu/pool/main/l/

Currently we are not aware of any exploits for this vulnerability.

RedHat Security Advisory, RHSA-2005:366-19, April 19, 2005

Ubuntu Security Notice, USN-131-1, May 23,
2005

Multiple Vendors

Linux kernel 2.6.10, 2.6.11.5-2.6.11 .8, 2.6.11, -rc2-rc4

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/l/">http://security.ubuntu.com/
ubuntu/pool/main/l/

Currently we are not aware of any exploits for this
vulnerability.

Multiple Vendors

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4,
2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5
STABLE1

Patches available at:
href="http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE9.tar.gz"
target=_blank>http://www.squid-cache.org/
Versions/v2/2.5/squid-
2.5.STABLE9.tar.gz

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

There is no exploit code required.

Squid Proxy Cache Security Update Advisory, SQUID-2005:5, April 23,
2005

Fedora Update Notification,
FEDORA-2005-373, May 17, 2005

Multiple Vendors

Squid Web Proxy Cache 2.0 PATCH2, 2.1 PATCH2, 2.3 STABLE5, 2.3 STABLE4,
2.4 STABLE7, 2.4 STABLE6, 2.4, STABLE2, 2.5 STABLE3-STABLE7, 2.5
STABLE1

Patches available at:
href="http://www.squid-cache.org/Versions/v2/2.5/squid-2.5.STABLE9.tar.gz"
target=_blank>http://www.squid-cache.org/
Versions/v2/2.5/squid-
2.5.STABLE9.tar.gz

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

There is no exploit code required.

Squid Proxy Cache Security Update Advisory, SQUID-2005:4, April 23,
2005

Fedora Update Notification,
FEDORA-2005-373, May 17, 2005

Net-snmp

Net-snmp 5.x

A vulnerability has been reported in 'fixproc' due to a failure to
securely create temporary files in world writable locations, which could
let a malicious user obtain elevated privileges and possibly execute
arbitrary code.

Gentoo: href="http://security.gentoo.org/glsa/glsa-200505-18.xml">
http://security.gentoo.org/
glsa/glsa-200505-18.xml

There is no exploit code required.

Petr Vandrovec

ncpfs prior to 2.2.6

Two vulnerabilities exist: a vulnerability exists in
'ncpfs-2.2.0.18/lib/ncplib.c' due to improper access control in the
'ncp_fopen_nwc()' function, which could let a malicious user obtain
unauthorized access; and a buffer overflow vulnerability exists in
'ncpfs-2.2.5/sutil/ncplogin.c' due to insufficient validation of the
'opt_set_volume_after_parsing_all_options()' function, which could let a
malicious user execute arbitrary code.

Update available at: href=" ftp://platan.vc.cvut.cz/pub/linux/ncpfs/">
ftp://platan.vc.cvut.cz/pub/linux/ncpfs/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200501-44.xml">
http://security.gentoo.org/
glsa/glsa-200501-44.xml

Debian: href="http://www.debian.org/security/2005/dsa-665">
http://www.debian.org/
security/2005/dsa-665

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php"
target=_blank>
http://www.mandrakesecure.net/
en/ftp.php

SUSE:
href="ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-libs-6.8.1-15.3.i586.rpm"
target=_blank>ftp://ftp.SUSE.com/pub/SUSE

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-371.html">http://rhn.redhat.com/
errata/RHSA-2005-371.html

An exploit script has been published.

Security Tracker Alert ID: 1013019, January 28, 2005

Mandrakelinux Security Update Advisory, MDKSA-2005:028, February 2,
2005

Debian Security Advisory, DSA-665-1, February 4, 2005

SUSE Security Summary Report, SUSE-SR:2005:003, February 4, 2005

RedHat Security Advisory, RHSA-2005:371-06, May 17, 2005

Picasm

Picasm 1.10, 1.12 b

A buffer overflow vulnerability has been reported due to a boundary
error in the error handling, which could let a remote malicious user
execute arbitrary code.

Upgrade available at:
href="http://www.co.jyu.fi/%7Etrossi/pic/picasm112c.tar.gz"
target=_blank>http://www.co.jyu.fi/~trossi/
pic/picasm112c.tar.gz

An exploit script has been published.

ppxp

ppxp 0.2 001080415

A vulnerability has been reported because a shell can be opened with
superuser privileges, which could let a malicious user obtain elevated
privileges.

Debian:
href=" http://security.debian.org/pool/updates/main/p/ppxp">http://security.debian.org/
pool/updates/main/p/ppxp

There is no exploit code required.

Sun Microsystems, Inc.

Solaris 7.0, _x86, 8.0, _x86, 9.0, _x86; Avaya Interactive
Response, 1.2.1, 1.3

A Denial of Service vulnerability has been reported in the automountd
daemon.

Patches available at:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57786-1">http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57786-1

Avaya:
href="http://support.avaya.com/elmodocs2/security/ASA-2005-116_SUN-5-13-2005.pdf">http://support.avaya.com/elmodocs2/
security/ASA-2005-116_SUN-5-13-2005.pdf

Currently we are not aware of any exploits for this
vulnerability.

Sun(sm) Alert Notification, 57786, May 10, 2005

ASA-2005-116, May 18, 2005

xine

gxine 0.4.0-0.4.4

A format string vulnerability has been reported due to insecure
implementation of a formatted printing function, which could let a remote
malicious user execute arbitrary code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for this
vulnerability.

Andrea Bugada

PHP Advanced Transfer Manager 1.21

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of
Concept has been published.

BEA Systems

WebLogic Express 6.x, 7.x, 8.x, WebLogic Portal 8.x, WebLogic Server
6.x, 7.x, 8.x

Multiple vulnerabilities have been reported: a vulnerability was
reported due to an error that can be exploited by a remote malicious user
granted the Monitor security role to shrink or reset JDBC connection
pools; a vulnerability was reported due to an error when handing security
provider exceptions, which could let a remote malicious user manipulate
the identity of threads and cause failure in the auditing of security
exceptions; a vulnerability was reported because users do not need to
re-authenticate after new security constraints have been deployed in web
applications; a vulnerability was reported in the 'UserLogin' control
after a failed login because passwords are echoed back in standard output,
which could let a remote malicious user obtain sensitive information; a
vulnerability was reported in sites running in clusters due to an error in
the cookie parsing; a Cross-Site Scripting vulnerability was reported due
to insufficient sanitization of certain unspecified input, which could let
a remote malicious user execute arbitrary HTML and script code; a
vulnerability was reported because it is possible to make anonymous binds
to the embedded LDAP server, which could let a remote malicious user cause
a Denial of Service; and a buffer overflow vulnerability was reported due
to an unspecified boundary error, which could let a remote malicious user
cause a Denial of Service.

Updates available at: href="http://dev2dev.bea.com/pub/advisory/">http://dev2dev.bea.com/pub/advisory/

There is no exploit code required.

Secunia Advisory, SA15486, May 24, 2005

Security Advisories, BEA05-75.00-BEA05-082, May 24, 2005

D-Link

DSL-502T, DSL-504T, DSL-562T, DSL-G604T

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept exploit
has been published.

Emilio Jose Jimenez

TOPo 2.2

No workaround or patch available at time of publishing.

There is no exploit code required; however, Proofs of Concept exploits
have been published.

Extreme Networks

BlackDiamond 10808, 8800, ExtremeWare XOS 11.1, 11.0, 10.0

Upgrade information available at:
href="http://www.extremenetworks.com/services/documentation/FieldNotices_FN0215-Security_Alert_EXOS.asp">http://www.extremenetworks.com/
services/documentation/FieldNotices_
FN0215-Security_Alert_EXOS.asp

Currently we are not aware of any exploits for this
vulnerability.

Extreme Networks Field Notice, FN0215, May 19, 2005

US-CERT
VU#937838

Fusionphp

Fusion SBX 1.2 & prior

No workaround or patch available at time of publishing.

An exploit script has been published.

Secunia Advisory, SA15257, May 10, 2005

Security Focus, 13661, May 17, 2005

Gearbox Software

Halo Combat Evolved 1.6

A remote Denial of Service vulnerability has been reported when
processing malformed data.

No workaround or patch available at time of publishing.

An exploit script has been published.

Help Center Live

Help Center Live 1.0, 1.2-1.2.7

Multiple vulnerabilities have been reported: a Cross-Site Scripting
vulnerability was reported in 'index.php' due to insufficient sanitization
of the 'find' parameter, which could let a remote malicious user execute
arbitrary HTML and script code; a Cross-Site Scripting vulnerability was
reported due to insufficient sanitization of input passed to the name and
message fields when requesting a chat and in the message body when opening
a trouble ticket, which could let a remote malicious user execute
arbitrary HTML and script code; a vulnerability was reported due to
insufficient sanitization of certain input before using in an SQL query,
which could let a remote malicious user execute arbitrary SQL code; and a
vulnerability was reported because it is possible to trick an
administrator into performing certain actions when a specially crafted URL
is accessed.

The vulnerabilities have reportedly been fixed by the vendor.

There is no exploit code required; however, Proofs of Concept exploits
have been published.

Metro Marketing

Cookie Cart 4.x

No workaround or patch available at time of publishing.

Proofs of Concept exploits have been published.

Mozilla.org

Mozilla Browser 1.0-1.0.2, 1.1-1.7.6, Firefox 0.8-0.10.1, 1.0.1, 1.0.2;
Netscape Navigator 7.0, 7.0.2, 7.1, 7.2, 7.0-7.2

Upgrades available at:
href="http://www.mozilla.org/products/firefox/"
target=_blank>http://www.mozilla.org/
products/firefox/

href="http://www.mozilla.org/products/mozilla1.x/"
target=_blank>http://www.mozilla.org/
class=bodytext> target=_blank>products/mozilla1.x/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200504-18.xml">
http://security.gentoo.org/
glsa/glsa-200504-18.xml

RedHat: href="http://rhn.redhat.com/errata/RHSA-2005-383.html">
http://rhn.redhat.com/
errata/RHSA-2005-383.html

href="http://rhn.redhat.com/errata/RHSA-2005-386.html">http://rhn.redhat.com/errata/
RHSA-2005-386.html

TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
href="ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-libs-6.8.1-15.3.i586.rpm"
target=_blank>ftp://ftp.SUSE.com/pub/SUSE

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-384.html">http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/
free/security/advisories/

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/m/mozilla-firefox/">http://security.ubuntu.com/
ubuntu/pool/main/m/
mozilla-firefox/

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/
redhat/

An exploit script has been published.

Mozilla Foundation Security Advisories, 2005-35 -
2005-41,

April 16, 2005

Gentoo Linux Security Advisory, GLSA 200504-18, April 19, 2005

US-CERT VU#973309

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005-386.,
April 21 & 26, 2005

Turbolinux Security Advisory,
TLSA-2005-49, April 21, 2005

US-CERT
VU#519317

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Ubuntu Security Notice, USN-124-1 & USN-124-2, May 11 & 12,
2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14,
2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,

May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18,
2005

PacketStorm, May 23, 2005

Mozilla.org

Mozilla Browser Suite prior to alink="#999999">1.7.6
; Thunderbird prior to 1.0.2 ; Firefox prior to 1.0.2

Mozilla Browser Suite;
href="http://www.mozilla.org/products/mozilla1.x/"
target=_blank>http://www.mozilla.org/products/
mozilla1.x/

Thunderbird:
href="http://download.mozilla.org/?product=thunderbird-1.0.2&os=win&lang=en-US"
target=_blank>http://download.mozilla.org/?
product=thunderbird-1.0.2&
os=win〈=en-US

Firefox:
href="http://www.mozilla.org/products/firefox/"
target=_blank>http://www.mozilla.org/products/
firefox/

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"
target=_blank>http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Gentoo: href="http://security.gentoo.org/glsa/">
http://security.gentoo.org/glsa/

Slackware: href="http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123">
http://slackware.com/security/
viewer.php?l=slackware-security
&y=2005&m=slackware-security.
000123

FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for this
vulnerability.

Mozilla Foundation Security Advisory 2005-30, March 23, 2005

US-CERT
VU#557948

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Mozilla.org

Mozilla Suite prior to 1.7.6, Firefox prior to 1.0.2

Mozilla Browser:
href="http://www.mozilla.org/products/mozilla1.x/"
target=_blank>http://www.mozilla.org/products
/mozilla1.x/

Firefox:
href="http://www.mozilla.org/products/firefox/"
target=_blank>http://www.mozilla.org/products
/firefox/

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/"
target=_blank>http://download.fedora.red
hat.
com/pub/fedora/linux/core/
updates/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
http://security.gentoo.org/glsa
/glsa-200503-30.xml

href="http://security.gentoo.org/glsa/glsa-200503-30.xml">http://security.gentoo.org
/glsa/glsa-200503-31.xml

Slackware: href="http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123">
http://slackware.com/security/
viewer.php?El=slackware-
security&ay=2005&m=
slackware-security.000123

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-384.html">http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/
redhat/

A Proof of Concept exploit has been published.

Mozilla Foundation Security Advisory 2005-32, March 23, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501
-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14,
2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,

May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18,
2005

Mozilla

Firefox 1.0

A fixed version (1.0.1) is available at: href="http://www.mozilla.org/products/firefox/all.html">http://www.mozilla.org/products/
firefox/all.html

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/3/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
http://security.gentoo.org/
glsa/glsa-200503-30.xml

SGI:
href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/
redhat/

A Proof of Concept exploit has been published.

Security Tracker Alert ID: 1013301, February 25, 2005

Gentoo Linux Security Advisory GLSA 200503-30. March 25, 2005

SGI Security Advisory, 20050501
-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14,
2005

Mandriva Linux Security Update Advisory,
MDKSA-2005:088-1,
May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Mozilla

Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10, 0.10.1,
1.0-1.0.3

Several vulnerabilities have been reported: a vulnerability was
reported due to insufficient protection of 'IFRAME' JavaScript URLS from
being executed in the context of another history list URL, which could let
a remote malicious user execute arbitrary HTML and script code; and a
vulnerability was reported in 'InstallTrigger .install()' due to
insufficient verification of the 'Icon URL' parameter, which could let a
remote malicious user execute arbitrary JavaScript code.

Workaround:
Disable "tools/options/web-Features/>Allow web sites
to install software"

Slackware:
href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/
pub/slac
ware/

Gentoo:
href="http://security.gentoo.org/glsa/glsa-200505-11.xml">http://security.gentoo.org/
glsa/glsa-200505-11.xml

TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/
pub/TurboLinux/
TurboLinux/ia32/

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-434.html">http://rhn.redhat.com/
errata/RHSA-2005-434.html

href="http://rhn.redhat.com/errata/RHSA-2005-435.html">http://rhn.redhat.com/
errata/RHSA-2005-435.html

Proofs of Concept exploit scripts have been published.

Secunia Advisory,
SA15292,
May 9, 2005

US-CERT
VU#534710

US-CERT
VU#648758

Slackware Security Advisory, SSA:2005-135-01, May 15, 2005

Gentoo Linux Security Advisory, GLSA 200505-11, May 16, 2005

Turbolinux Security Advisory, TLSA-2005
-56, May 16, 2005

RedHat Security Advisories, RHSA-2005:434-10 &
RHSA-2005:435-10, May 23 & 24, 2005

Mozilla

Mozilla 0.x, 1.0, 1.1, 1.2, 1.3, 1.4, 1.5, 1.6, 1.7.x

Mozilla Firefox 0.x

Mozilla Thunderbird 0.x

Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird that
can permit users to bypass certain security restrictions, conduct spoofing
and script insertion attacks and disclose sensitive and system
information.

Mozilla: Update to version 1.7.5: href="http://www.mozilla.org/products/mozilla1.x/ ">
http://www.mozilla.org/
products/mozilla1.x/

Firefox: Update to version 1.0: href="http://www.mozilla.org/products/firefox/">
http://www.mozilla.org/
products/firefox/

Thunderbird: Update to version 1.0: href="http://www.mozilla.org/products/thunderbird/">
http://www.mozilla.org/
products/thunderbird/

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">
http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

Slackware: href="http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123">
http://slackware.com/security/
viewer.php?El=slackware-security
&y=2005&m=slackware-security.
000123

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-384.html">http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for these
vulnerabilities.

Mozilla Foundation Security Advisory 2005-01, 03, 04, 07, 08, 09, 10,
11, 12

Fedora Update Notification,
FEDORA-
2005-248, 249, 251, 253,

March 23 & 25, 2005

Slackware Security Advisory, SSA:2005-
085-01,
March 27,

2005

RedHat
Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501
-01-U,
May 5, 2005

Mandriva Linux
Security Update Advisory, MDKSA-2005:088,
May
14, 2005

Mandriva Linux
Security Update Advisory, MDKSA-2005:088-1,

May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Mozilla

Mozilla 1.7.x and prior

Mozilla Firefox 1.x and prior

Mozilla Thunderbird 1.x and prior

Netscape Netscape 7.2

Multiple vulnerabilities exist in Firefox, Mozilla and Thunderbird.
These can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges and by malicious
people to conduct spoofing attacks, disclose and manipulate sensitive
information, and potentially compromise a user's system.

Firefox: Update to version 1.0.1: href="http://www.mozilla.org/products/firefox/">
http://www.mozilla.org/
products/firefox/

Mozilla:
The vulnerabilities have been fixed in the CVS repository
and will be included in the upcoming 1.7.6 version.

Thunderbird:
The vulnerabilities have been fixed in the CVS
repository and will be included in the upcoming 1.0.1 version.

Fedora update for Firefox: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">
http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/

Red Hat: href="http://rhn.redhat.com/errata/RHSA-2005-176.html">
http://rhn.redhat.com/errata/
RHSA-2005-176.html

Gentoo:
href="http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml">http://www.gentoo.org/security/
en/glsa/glsa-200503-10.xml

SUSE:
href="ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-libs-6.8.1-15.3.i586.rpm"
target=_blank>ftp://ftp.SUSE.com/pub/SUSE

Fedora: href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">
http://download.fedora.redhat.
com/pub/fedora/linux/
core/updates/3/

Gentoo: href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
http://security.gentoo.org/
glsa/glsa-200503-30.xml

href="http://security.gentoo.org/glsa/glsa-200503-30.xml">http://security.gentoo.org/
glsa/glsa-200503-32.xml

Slackware:
href="http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.000123">http://slackware.com/security/
viewer.php?l=slackware-security
&y=2005&m=slackware-
security.000123

SGI:
href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/
free/security/advisories/

FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/
redhat/

Currently we are not aware of any exploits for these
vulnerabilities.

Mozilla Foundation Security Advisories 2005-14, 15, 17, 18, 19, 20, 21,
24, 28

Red Hat RHSA-2005:176-11, March 1, 2005

Gentoo, GLSA 200503-10, March 4, 2005

SUSE Security Announcement, SUSE-SA:2005:016, March 16, 2005

Fedora Update Notification,
FEDORA-2005-248, 249, 251, & 253,
March 23 & 25, 2005

Gentoo Linux Security Advisory, GLSA 200503-30 & GLSA 200503-032,
March 25, 2005

Slackware Security Advisory, SSA:2005-085-01, March 27, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Mozilla

Mozilla Browser prior to 1.7.8; Mozilla Suite prior to 1.7.8; Firefox
prior to 1.0.4; Firebird 0.5, 0.6.1, 0.7

Firefox:
href="http://www.mozilla.org/products/firefox/"
target=_blank>http://www.mozilla.org/
products/firefox/

Mozilla Browser Suite:
href="http://www.mozilla.org/products/mozilla1.x/"
target=_blank>http://www.mozilla.org/
products/mozilla1.x/

TurboLinux::
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-434.html">http://rhn.redhat.com/
errata/RHSA-2005-434.html

href="http://rhn.redhat.com/errata/RHSA-2005-435.html">http://rhn.redhat.com/
errata/RHSA-2005-435.html

Currently we are not aware of any exploits for this
vulnerability.

Mozilla Foundation Security Advisory,
2005-44,
May 12, 2005

Turbolinux Security Advisory,
TLSA-2005
-56, May 16, 2005

RedHat Security Advisories, RHSA-2005:434-10 &
RHSA-2005:435-10, May 23 & 24, 2005

Mozilla

Mozilla Browser prior to 1.7.8; Mozilla Suite prior to 1.7.8; Firefox
prior to 1.0.4; Firebird 0.5, 0.6.1, 0.7

Firefox:
href="http://www.mozilla.org/products/firefox/"
target=_blank>http://www.mozilla.org/
products/firefox/

Mozilla Browser Suite:
href="http://www.mozilla.org/products/mozilla1.x/"
target=_blank>http://www.mozilla.org/
products/mozilla1.x/

TurboLinux::
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-434.html">http://rhn.redhat.com/
errata/RHSA-2005-434.html

href="http://rhn.redhat.com/errata/RHSA-2005-435.html">http://rhn.redhat.com/
errata/RHSA-2005-435.html

Currently we are not aware of any exploits for this
vulnerability.

Mozilla Foundation Security Advisory,
2005-43,
May 12, 2005

Turbolinux Security Advisory,
TLSA-2005-56, May 16, 2005

RedHat Security Advisories, RHSA-2005:434-10 &
RHSA-2005:435-10, May 23 & 24, 2005

Mozilla

Mozilla Firefox 1.0 and 1.0.1

A vulnerability exists that could let remote malicious users conduct
Cross-Site Scripting attacks. This is due to missing URI handler
validation when dragging an image with a "javascript:" URL to the address
bar.

Gentoo: href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
http://security.gentoo.org/
glsa/glsa-200503-30.xml

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-384.html">http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/
redhat/

A Proof of Concept exploit has been published.

Secunia SA14406, March 1, 2005

Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Mandriva Linux Security Update, MDKSA-2005:088-1, Advisory, May
17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Multiple Vendors

DeleGate DeleGate 7.7 .0, 7.7.1, 7.8 .0-7.8.2, 7.9.11, 8.3.3, 8.3.4,
8.4 .0, 8.5 .0, 8.9-8.9.6, 8.10-8.10.2;
dnrd dnrd 1.0-1.4, 2.0-2.10;
PowerDNS PowerDNS 2.0 RC1, 2.8, 2.9.15, 2.9.16

A remote Denial of Service vulnerability has been reported when
handling a specially crafted DNS message.

Contact your vendor for updates.

Currently we are not aware of any exploits for this
vulnerability.

Multiple Vendors

Mozilla Firefox 1.0; Gentoo Linux; Thunderbird 0.6, 0.7- 0.7.3, 0.8,
0.9, 1.0, 1.0.1;
Netscape Netscape 7.2

There are multiple vulnerabilities in Mozilla Firefox. A remote user
may be able to cause a target user to execute arbitrary operating system
commands in certain situations or access access content from other
windows, including the 'about:config' settings. This is due to a hybrid
image vulnerability that allows batch statements to be dragged to the
desktop and because tabbed javascript vulnerabilities let remote users
access other windows.

A fix is available via the CVS repository

Fedora: href="ftp://aix.software.ibm.com/aix/efixes/security/perl58x.tar.Z">
ftp://aix.software.ibm.com/aix/
efixes/security/perl58x.tar.Z

Red Hat: href="http://rhn.redhat.com/errata/RHSA-2005-176.html">
http://rhn.redhat.com/errata/
RHSA-2005-176.html

Gentoo:
href="http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml">http://www.gentoo.org/security/en/
glsa/glsa-200503-10.xml

Thunderbird: href="http://download.mozilla.org/?product=thunderbird-1.0.2&os=win
http://download.mozilla.org/?
product=thunderbird-1.0.2
&os=win<=en-US

Gentoo: href="http://security.gentoo.org/glsa/glsa-200503-30.xml">
http://security.gentoo.org/
glsa/glsa-200503-30.xml

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-384.html">http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/
free/security/advisories/

FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/
redhat/

A Proof of Concept exploit has been published.

Mozilla Firefox Multiple Vulnerabilities

href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0230">CAN-2005-0230
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0231">CAN-2005-0231
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232">CAN-2005-0232

Security Tracker Alert ID: 1013108, February 8, 2005

Fedora Update Notification,
FEDORA-2005-182, February 26, 2005

Red Hat RHSA-2005:176-11, March 1, 2005

Gentoo, GLSA 200503-10, March 4, 2005

Security Focus, 12468, March 22, 2005

Gentoo Linux Security Advisory, GLSA 200503-30, March 25, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18, 2005

Multiple Vendors

Mozilla.org Mozilla Browser 1.7.6, Firefox 1.0.1, 1.0.2; K-Meleon
K-Meleon 0.9; Netscape 7.2; K-Meleon 0.9

A vulnerability has been reported in the javascript implementation due
to improper parsing of lamba list regular expressions, which could a
remote malicious user obtain sensitive information.

The vendor has issued a fix, available via CVS.

RedHat: href="http://rhn.redhat.com/errata/RHSA-2005-383.html">
http://rhn.redhat.com/errata/
RHSA-2005-383.html

href="http://rhn.redhat.com/errata/RHSA-2005-386.html">http://rhn.redhat.com/errata/
RHSA-2005-386.html

Slackware: href="http://www.mozilla.org/projects/security/known-vulnerabilities.html">
http://www.mozilla.org
/projects/security/known-
vulnerabilities.html

TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

SUSE:
href="ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-libs-6.8.1-15.3.i586.rpm"
target=_blank>ftp://ftp.SUSE.com/pub/SUSE

RedHat:
href="http://rhn.redhat.com/errata/RHSA-2005-384.html">http://rhn.redhat.com/
errata/RHSA-2005-384.html

SGI:
href="ftp://patches.sgi.com/support/free/security/advisories/">ftp://patches.sgi.com/support/
free/security/advisories/

Mandriva:
href="http://www.mandriva.com/security/advisories">http://www.mandriva.com/
security/advisories

FedoraLegacy:
href="http://download.fedoralegacy.org/redhat/">http://download.fedoralegacy.org/
redhat/

There is no exploit code required; however, a Proof of Concept exploit
has been published.

Security Tracker Alert, 1013635, April 4, 2005

Security Focus, 12988, April 16, 2005

RedHat Security Advisories, RHSA-2005:383-07 & RHSA-2005:386-08,
April 21 & 26, 2005

Turbolinux Security Advisory, TLSA-2005-49, April 21, 2005

Slackware Security Advisory, SSA:2005-111-04, April 22, 2005

SUSE Security Announcement, SUSE-SA:2005:028, April 27, 2005

RedHat Security Advisory, RHSA-2005:384-11, April 28, 2005

SGI Security Advisory, 20050501-01-U, May 5, 2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088,
May 14,
2005

Mandriva Linux Security Update Advisory, MDKSA-2005:088-1,

May 17, 2005

Fedora Legacy Update Advisory, FLSA:152883, May 18,
2005

Multiple Vendors

Squid Web Proxy Cache2.5.STABLE9 & prior

A vulnerability has been reported in the DNS client when handling DNS
responses, which could let a remote malicious user spoof DNS lookups.

Patch available at:
href="http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE9-dns_query-4.patch"
target=_blank>http://www.squid-cache.org/
Versions/v2/2.5/bugs/squid-
2.5.STABLE9-dns_query-4.patch

Trustix:
href="http://www.trustix.org/errata/2005/0022/">http://www.trustix.org/
errata/2005/0022/

Fedora:
href=" http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/">http://download.fedora.redhat.com/
pub/fedora/linux/core/updates/3/

Ubuntu:
href="http://security.ubuntu.com/ubuntu/pool/main/s/squid/">http://security.ubuntu.com/
ubuntu/pool/main/s/squid/

Currently we are not aware of any exploits for this
vulnerability.

Security Focus, 13592,
May 11, 2005

Trustix Secure Linux Security Advisory,
2005-0022,
May 13, 2005

Fedora Update Notification,
FEDORA-2005-373, May 17,
2005

Ubuntu Security Notice, USN-129-1 May 18,
2005

Multiple Vendors

ALT Linux Compact 2.3, Junior 2.3; Apple Mac OS X 10.0-10.0.4,
10.1-10.1.5, 10.2-10.2.8, 10.3-10.3.8, Mac OS X Server 10.0, 10.1-10.1.5,
10.2-10.2.8, 10.3-10.3.8; MIT Kerberos 5 1.0, 5 1.0.6, 5 1.0.8, 51.1-5
1.4; Netkit Linux Netkit 0.9-0.12, 0.14-0.17, 0.17.17; Openwall
GNU/*/Linux (Owl)-current, 1.0, 1.1; FreeBSD 4.10-PRERELEASE, 2.0, 4.0 .x,
-RELENG, alpha, 4.0, 4.1, 4.1.1 -STABLE, -RELEASE, 4.1.1, 4.2,
-STABLEpre122300, -STABLEpre050201, 4.2 -STABLE, -RELEASE,
4.2, 4.3
-STABLE, -RELENG, 4.3 -RELEASE-p38, 4.3 -RELEASE, 4.3, 4.4 -STABLE,
-RELENG, -RELEASE-p42, 4.4, 4.5 -STABLEpre2002-03-07, 4.5 -STABLE,

-RELENG, 4.5 -RELEASE-p32, 4.5 -RELEASE, 4.5, 4.6 -STABLE, -RELENG,
4.6 -RELEASE-p20, 4.6 -RELEASE, 4.6, 4.6.2, 4.7 -STABLE, 4.7 -RELENG, 4.7
-RELEASE-p17, 4.7 -RELEASE, 4.7, 4.8 -RELENG,
4.8 -RELEASE-p7, 4.8
-PRERELEASE, 4.8, 4.9 -RELENG, 4.9 -PRERELEASE, 4.9, 4.10 -RELENG, 4.10
-RELEASE,
4.10, 4.11 -STABLE, 5.0 -RELENG, 5.0, 5.1 -RELENG, 5.1
-RELEASE-p5, 5.1 -RELEASE, 5.1, 5.2 -RELENG, 5.2 -RELEASE, 5.2,
5.2.1
-RELEASE, 5.3 -STABLE, 5.3 -RELEASE, 5.3, 5.4 -PRERELEASE; SuSE Linux 7.0,
sparc, ppc, i386, alpha, 7.1, x86, sparc, ppc, alpha, 7.2, i386

Two buffer overflow vulnerabilities have been reported in Telnet: a
buffer overflow vulnerability has been reported in the 'slc_add_reply()'
function when a large number of specially crafted LINEMODE Set Local
Character (SLC) commands is submitted, which could let a remote malicious
user execute arbitrary code; and a buffer overflow vulnerability has been
reported in the 'env_opt_add()' function, which could let a remote
malicious user execute arbitrary code.

ALTLinux: href="http://lists.altlinux.ru/pipermail/security-announce/2005-March/000287.html">
http://lists.altlinux.ru/pipermail
/security-announce/2005-
March/000287.html

Apple:
href="http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05529&platform=osx&method=sa/SecUpd2005-003Pan.dmg"
target=_blank>http://wsidecar.apple.com/cgi-bin/
nph-reg3rdpty1.pl/product=05529&
platform=osx&method=sa/SecUpd
2005-003Pan.dmg

Debian: href="http://security.debian.org/pool/updates/main/n/netkit-telnet/">
http://security.debian.org/pool/
updates/main/n/netkit-telnet/

Fedora:
href="http://download.fedora.redhat.com/pub/fedora/linux/core/updates/">http://download.fedora.
redhat.com/pub/fedora/
linux/core/updates/

FreeBSD:
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet4.patch"
target=_blank>ftp://ftp.FreeBSD.org/pub/
FreeBSD/CERT/patches/
SA-05:01/

MIT Kerberos: href="http://web.mit.edu/kerberos/advisories/2005-001-patch_1.4.txt">
http://web.mit.edu/kerberos/|
advisories/2005-001-patch
_1.4.txt

Netkit: href="ftp://ftp.uk.linux.org/pub/linux/Networking/netkit/">
ftp://ftp.uk.linux.org/pub/linux/
Networking/netkit/

Openwall: href="http://www.openwall.com/Owl/CHANGES-current.shtml">
http://www.openwall.com/Owl/
CHANGES-current.shtml

RedHat: href="http://rhn.redhat.com/errata/RHSA-2005-327.html">
http://rhn.redhat.com/errata/
RHSA-2005-327.html

Sun: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1">
http://sunsolve.sun.com/search/
document.do?assetkey=
1-26-57755-1

SUSE:
href="ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-libs-6.8.1-15.3.i586.rpm"
target=_blank>ftp://ftp.SUSE.com/pub/SUSE

Ubuntu: href="http://security.ubuntu.com/ubuntu/pool/main/n/netkit-telnet/">
http://security.ubuntu.com/ubuntu/
pool/main/n/netkit-telnet/

OpenBSD:
href="http://www.openbsd.org/errata.html#telnet">http://www.openbsd.org/
errata.html#telnet

Mandrake: href="http://www.mandrakesecure.net/en/ftp.php">
http://www.mandrakesecure.net/
en/ftp.php

Gentoo:
href="http://security.gentoo.org/glsa/glsa-200503-36.xml">http://security.gentoo.org/
glsa/glsa-200503-36.xml

href="http://security.gentoo.org/glsa/glsa-200504-01.xml">http://security.gentoo.org/
glsa/glsa-200504-01.xml

Debian:
href="http://security.debian.org/pool/updates/main/k/krb5/">http://security.debian.org/
pool/updates/main/k/krb5/

Gentoo:
href="http://security.gentoo.org/glsa/glsa-200504-04.xml">http://security.gentoo.org/
glsa/glsa-200504-04.xml

SGI:
href="ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/">ftp://oss.sgi.com/projects/
sgi_propack/download
/3/updates/

SCO:
href="ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.21">ftp://ftp.sco.com/pub/updates/
UnixWare/SCOSA-2005.21

Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1">http://sunsolve.sun.com/
search/document.do?
assetkey=1-26-57761-1

Openwall:
href="http://www.openwall.com/Owl/CHANGES-current.shtml">http://www.openwall.com/
Owl/CHANGES-current.shtml

Avaya:
href="http://support.avaya.com/elmodocs2/security/ASA-2005-088_RHSA-2005-330.pdf">http://support.avaya.com/
elmodocs2/security/
ASA-2005-088_RHSA-2005-330.pdf

Gentoo:
href="http://security.gentoo.org/glsa/glsa-200504-28.xml">http://security.gentoo.org/
glsa/glsa-200504-28.xml

TurboLinux:
href="ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/">ftp://ftp.turbolinux.co.jp/pub/
TurboLinux/TurboLinux/ia32/

Sun: href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1">
http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57761-1

OpenWall: href="http://www.openwall.com/Owl/CHANGES-current.shtml">
http://www.openwall.com/
Owl/CHANGES-current.shtml

SCO:
href="ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.23">ftp://ftp.sco.com/pub/updates/
OpenServer/SCOSA-2005.23

Currently we are not aware of any exploits for these
vulnerabilities.

iDEFENSE Security Advisory,
March 28, 2005

US-CERT
VU#291924

Mandrakelinux Security Update Advisory, MDKSA-2005:061,
March 30,
2005

Gentoo Linux Security Advisories, GLSA 200503-36 & GLSA 200504-01,
March 31 &
April 1, 2005

Debian Security Advisory, DSA 703-1, April 1, 2005

US-CERT
VU#341908

Gentoo Linux Security Advisory, GLSA 200504-04,
April 6, 2005

SGI Security Advisory, 20050401-01-U, April 6, 2005

Sun(sm) Alert Notification, 57761,
April 7, 2005

SCO Security Advisory, SCOSA-2005.21,
April 8, 2005

Avaya Security Advisory, ASA-2005-088, April 27, 2005

Gentoo Linux Security Advisory, GLSA 200504-28, April 28, 2005

Turbolinux Security Advisory, TLSA-2005-52, April 28, 2005

Sun(sm) Alert Notification, 57761, April 29, 2005

SCO Security Advisory, SCOSA-2005.23, May 17, 2005

Multiple Vendors

Cisco Systems Cisco Aironet 1200 Series Access Point, 350 Series Access
Point, Content Services Switch 11000 Series (WebNS), MGX 8200 Series Edge
Concentrators, MGX 8800 Series Multiservice Switches, MGX 8900 Series
Multiservice Switches, SN5400 Series Storage Routers; OpenBSD 3.x; Hitachi
GR2000 Series Gigabit Routers, GR4000 Series Gigabit Routers, GS3000
Series Gigabit Switches, GS4000 Series Gigabit Switches; ALAXALA Networks
AX5400S, AX7800R, AX7800S; FreeBSD FreeBSD 2.x, 3.x, 4.x

Update information available at:
href="http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml">http://www.cisco.com/warp/
public/707/cisco-sn-20050518-tcpts.shtml

OpenBSD:
href="ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/015_tcp.patch"
target=_blank>ftp://ftp.openbsd.org/pub/OpenBSD/
patches/3.6/common/015_tcp.patch

Hitachi: The vendor has issued updated versions.

ALAXALA: Customers are advised to contact the vendor in regards to
obtaining and applying the appropriate update.

Microsoft:
href="http://www.microsoft.com/technet/security/advisory/899480.mspx">http://www.microsoft.com/
technet/security/advisory/
899480.mspx

An exploit script has been published.

Cisco Security Notice, 64909, May 18, 2005

Microsoft Security Advisory (899480), May 18, 2005

US-CERT
VU#637934

Multiple Vendors

Computer Associates BrightStor ARCServe Backup for Windows 11.1, eTrust
Antivirus 6.0, 7.0, SP2, 7.1, eTrust Antivirus EE 6.0, 7.0, eTrust
Antivirus for the Gateway 7.0, 7.1, eTrust Intrusion Detection 1.4.1 .13,
1.4.5, 1.5, 3.0, SP 1, eTrust Secure Content Manager 1.0, SP1, 1.1,
InoculateIT 6.0, Vet Antivirus;
Zone Labs ZoneAlarm Antivirus,
ZoneAlarm Security Suite 5.1, 5.5.062.011, 5.5.062, 5.5

Computer Associates: href="http://crm.my-etrust.com/CIDocument.asp?KDId=1588&GUID=CFCBAF561393476799582FB18E05F829">
http://crm.my-etrust.com/
CIDocument.asp?KDId=
1588&GUID=CFCBAF
561393476799582FB18E05F829

Currently we are not aware of any exploits for this
vulnerability.

Security Focus, 13710, May 23, 2005

Computer Associates Vulnerability ID: 32896, May 24, 2005

Multiple Vendors

MPlayer 1.0pre6 & prior; Xine 0.9.9-1.0; Peachtree Linux release
1

Several vulnerabilities have been reported: a buffer overflow
vulnerability has been reported due to a boundary error when processing
lines from RealMedia RTSP streams, which could let a remote malicious user
execute arbitrary code; and a buffer overflow vulnerability has been
reported due to a boundary error when processing stream IDs from Microsoft
Media Services MMST streams, which could let a remote malicious user
execute arbitrary code.

Patches available at:
href="http://www.mplayerhq.hu/MPlayer/patches/rtsp_fix_20050415.diff"
target=_blank>http://www.mplayerhq.hu/
MPlayer/patches/rtsp_
fix_20050415.diff

Gentoo: href="http://security.gentoo.org/glsa/glsa-200504-19.xml">
http://security.gentoo.org/
glsa/glsa-200504-19.xml

Patches available at:
href="http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/librtsp/rtsp.c?r1=1.18&r2=1.19&diff_format=u">http://cvs.sourceforge.net/viewcvs.py/
xine/xinelib/src/input/

Gentoo:
href=" http://security.gentoo.org/glsa/glsa-200504-27.xml">http://security.gentoo.org/
glsa/glsa-200504-27.xml

SUSE:
href="ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/xorg-x11-libs-6.8.1-15.3.i586.rpm"
target=_blank>ftp://ftp.SUSE.com/pub/SUSE

Slackware:
href="ftp://ftp.slackware.com/pub/slackware/">ftp://ftp.slackware.com/
pub/slackware/

Currently we are not aware of any exploits for these
vulnerabilities.

Security Tracker Alert,1013771, April 20, 2005

Gentoo Linux Security Advisory, GLSA 200504-19, April 20, 200

Peachtree Linux Security Notice, PLSN-0003, April 21, 2005

Xine Security Announcement, XSA-2004-8, April 21, 2005

Gentoo Linux Security Advisory, GLSA 200504-27, April 26, 2005

SUSE Security Summary Report, SUSE-SR:2005:012, April 29, 2005

Slackware Security Advisory, SSA:2005-121-02, May 3, 2005

SUSE Security Summary Report, SUSE-SR:2005:013, May 18, 2005

Multiple Vendors

See href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0791">US-CERT
VU#222750 for complete list

Cisco:
href="http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml">http://www.cisco.com/warp/
public/707/cisco-sa-
20050412-icmp.shtml

IBM:
href="ftp://aix.software.ibm.com/aix/efixes/security/icmp_efix.tar.Z"
target=_blank>ftp://aix.software.ibm.com/aix/
efixes/security/icmp_efix.tar.Z

RedHat: href="http://rhn.redhat.com/errata/">
http://rhn.redhat.com/errata/

Sun:
href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1">http://sunsolve.sun.com/search/
document.do?assetkey=1-26-57746-1

ALAXALA: Customers are advised to contact the vendor in regards
to obtaining and applying the appropriate update.

Currently we are not aware of any exploits for these
vulnerabilities.

US-CERT
VU#222750

Sun(sm) Alert Notification, 57746, April 29, 2005

US-CERT
VU#415294

Security Focus, 13124, May 21, 2005

NetWin

SurgeMail 3.0 c2

Several Cross-Site Scripting vulnerabilities have been reported due to
insufficient sanitization of unspecified input, which could let a remote
malicious user execute arbitrary HTML and script code.

A CVS fix is available from the vendor.

There is no exploit code required.

Novell

ZENworks Desktop Management 6.5, ZENworks for Desktops 3.2 SP2, 4.0,
4.0.1, ZENworks for Servers 3.2, ZENworks Remote Management
Novell
ZENworks Server Management 6.5

Several vulnerabilities were reported in the Remote Management
authentication protocol in 'zenrem32.exe' due to integer overflows and
boundary errors, which could let a remote malicious user execute arbitrary
code.

No workaround or patch available at time of publishing.

Currently we are not aware of any exploits for these
vulnerabilities.

phpSysInfo

phpSysInfo 2.3

Multiple Cross-Site Scripting vulnerabilities have been reported due to
insufficient sanitization of user-supplied input, which could let a remote
malicious user execute arbitrary HTML and script code. It is also possible
to obtain the full path to certain scripts.

Debian:
href="http://security.debian.org/pool/updates/main/p/phpsysinfo/">http://security.debian.org/pool/
updates/main/p/phpsysinfo/

There is no exploit code required; however, Proofs of Concept exploits
have been published.

Secunia Advisory,
SA14690, March 24, 2005

Debian Security Advisory, DSA 724-1, May 18, 2005

PortailPHP

PortailPHP 1.3

No workaround or patch available at time of publishing.

There is no exploit code required; however, a Proof of Concept has been
published.

PostNuke Development Team

PostNuke Phoenix 0.750, 0.760 RC2 & RC3

Multiple vulnerabilities have been reported: a vulnerability was
reported in 'index.php' due to insufficient sanitization of input passed
to the 'module' and 'riga[0]' parameters before using in an SQL query,
which could let a remote malicious user execute arbitrary SQL code; a
Cross-Site Scripting vulnerability was reported in 'index.php' due to
insufficient verification of the 'skin' parameter before using in include
files, which could let a remote malicious user include arbitrary files; a
vulnerability was reported in 'demo.php' due to insufficient sanitization
of the 'skin' and 'paletteid' parameters and in 'config.php' due to
insufficient sanitization of the 'serverName' parameter, which could let a
remote malicious user execute arbitrary HTML and script code; and a
vulnerability has been reported because it is possible to obtain the full
path to certain scripts by accessing them directly.

Upgrades available at:
href="http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-411.html">http://news.postnuke.com/Downloads-
index-req-viewdownloaddetails-lid-411.html

href="http://news.postnuke.com/Downloads-index-req-viewdownloaddetails-lid-471.html">http://news.postnuke.com/Downloads-
index-req-viewdownloaddetails-lid-471.html

There is no exploit code required; however, Proofs of Concept exploits
have been published.

PostNuke Development Team

PostNuke Phoenix 0.760 RC3

Multiple vulnerabilities have been reported: Cross-Site Scripting
vulnerabilities have been reported due to insufficient sanitization of the
'module' parameter in 'admin.php' and the 'op' parameter in 'user.php,'
which could let a remote malicious user execute arbitrary HTML and script
code; and a vulnerability has been reported due to insufficient
sanitization of the 'sid' parameter before used in a SQL query, which
could let a remote malicious user inject arbitrary SQL code.

Update information available at:
href="http://news.postnuke.com/Article2691.html">http://news.postnuke.com/
Article2691.html

Proofs of Concept exploits have been published.

Dcrab 's
Security Advisory,
April 8, 2005

PostNuke Security Advisory, PNSA 2005-2, May 20, 2005

S9Y

Serendipity 0.8 -beta6 Snapshot, 0.8 -beta6, 0.8 -beta5, 0.8

Multiple vulnerabilities have been reported: a vulnerability was
reported due to an error in the file upload handling, which could let a
remote malicious user upload special files without privileges; and a
Cross-Site Scripting vulnerability was reported due to insufficient
sanitization of input passed to the 'templatedropdown' and 'shoutbox'
plugins, which could let a remote malicious user execute arbitrary HTML
and script code.

Upgrades available at:
href="http://prdownloads.sourceforge.net/php-blog/serendipity-0.8.1.tar.gz?download"
target=_blank>http://prdownloads.sourceforge.net/
php-blog/serendipity-0.8.1.tar.gz?download

There is no exploit code required.

Sun Microsystems,
Inc.

JavaMail 1.3, 1.3.2,
Sun Solstice Internet Mail Server POP3
2.0

A vulnerability has been reported in the MimeMessage method in the Sun
JavaMail API due to insufficient validation on message number values
passed during requests, which could let a remote malicious user obtain
sensitive information.

No workaround or patch available at time of publishing.

A Proof of Concept exploit has been published.

ZyXEL

Prestige 650R-31 3.40 KO.1

A remote Denial of Service vulnerability has been reported when
handling specially crafted fragmented IP packets.

No workaround or patch available at time of publishing.

There is no exploit code required.