Monthly Archives: April, 2008
Debian: New asterisk packages fix denial of service
Posted in Server & Linux Security
LinuxSecurity.com: Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service.
Slashdot, SourceForge Back Online After Outage
Posted in Server News
Several SourceForge, Inc sites, including the popular technology news site Slashdot have been offline for several hours today.
Related Netcraft Service: Dedicated Server Monitoring
Related Netcraft Service: Dedicated Server Monitoring
Mandriva: Updated speex packages fix vulnerabilities
Posted in Server & Linux Security
LinuxSecurity.com: A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The updated packages have been patched to correct this issue.
Mandriva: Updated gstreamer-plugins-good packages fix
Posted in Server & Linux Security
LinuxSecurity.com: A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The speex plugin in the gstreamer-plugins-good package is similarly affected by this issue. The updated packages have been patched to correct this issue.
Mandriva: Updated vorbis-tools packages fix vulnerabilities
Posted in Server & Linux Security
LinuxSecurity.com: A vulnerability in the Speex library was found where it did not properly validate input values read from the Speex files headers. An attacker could create a malicious Speex file that would crash an application or potentially allow the execution of arbitrary code with the privileges of the application calling the Speex library (CVE-2008-1686). The ogg123 application in vorbis-tools is similarly affected by this issue. The updated packages have been patched to correct this issue.
Fedora 8 Update: dbmail-2.2.9-1.fc8
Posted in Server & Linux Security
LinuxSecurity.com: Fix possible authentication bypass in authldap authentication module when dbmail is used with LDAP servers allowing anonymous logins - CVE-2007-6714 (#443019).
Fedora 7 Update: wordpress-2.5.1-1.fc7
Posted in Server & Linux Security
LinuxSecurity.com: This updates contains security fixes: http://wordpress.org/development/2008/04/wordpress-251/
Gentoo: KDE start_kdeinit Multiple vulnerabilities
Posted in Server & Linux Security
LinuxSecurity.com: =3D=3D=3D=3D=3D=3D=3D=3D Multiple vulnerabilities in start_kdeinit could possibly allow a local attacker to execute arbitrary code with root privileges.
Debian: New iceape packages fix arbitrary code execution
Posted in Server & Linux Security
LinuxSecurity.com: It was discovered that crashes in the Javascript engine of Iceape, an unbranded version of the Seamonkey internet suite could potentially lead to the execution of arbitrary code.
Debian: New ldm packages fix information disclosure
Posted in Server & Linux Security
LinuxSecurity.com: Christian Herzog discovered that within the Linux Terminal Server Project, it was possible to connect to X on any LTSP client from any host on the network, making client windows and keystrokes visible to that host.
