<vuln vid="810df820-3664-11e1-8fe3-00215c6a37bb">
<topic>WordPress -- cross site scripting vulnerability</topic>
<affects>
<package>
<name>wordpress</name>
<range><lt>3.3.1,1</lt></range>
</package>
<package>
<name>de-wordpress</name>
<name>zh-wordpress-zh_CN</name>
<name>zh-wordpress-zh_TW</name>
<range><lt>3.3.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>WordPress development team reports:</p>
<blockquote cite="http://wordpress.org/news/2012/01/wordpress-3-3-1/">
<p>WordPress 3.3.1 is now available. This maintenance release
fixes 15 issues with WordPress 3.3, as well as a fix for a
cross-site scripting vulnerability that affected version 3.3.
Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and
the Go Daddy security team for responsibly disclosing the bug
to our security team.</p>
</blockquote>
</body>
</description>
<references>
<url>http://threatpost.com/en_us/blogs/xss-bug-found-wordpress-33-010312</url>
</references>
<dates>
<discovery>2012-01-03</discovery>
<entry>2012-01-03</entry>
</dates>
</vuln>
<vuln vid="048c77df-3211-11e1-9583-14dae938ec40">
<topic>zabbix-frontend -- multiple XSS vulnerabilities</topic>
<affects>
<package>
<name>zabbix-frontend</name>
<range><lt>1.8.10,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Martina Matari reports:</p>
<blockquote cite="https://support.zabbix.com/browse/ZBX-4015">
<p>These URLs (hostgroups.php, usergrps.php) are vulnerable to
persistent XSS attacks due to improper sanitation of gname
variable when creating user and host groups.</p>
</blockquote>
</body>
</description>
<references>
<url>https://support.zabbix.com/browse/ZBX-4015</url>
</references>
<dates>
<discovery>2011-08-04</discovery>
<entry>2011-12-29</entry>
</dates>
</vuln>
<vuln vid="c6521b04-314b-11e1-9cf4-5404a67eef98">
<topic>lighttpd -- remote DoS in HTTP authentication</topic>
<affects>
<package>
<name>lighttpd</name>
<range><lt>1.4.30</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>US-CERT/NIST reports:</p>
<blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4362">
<p>Integer signedness error in the base64_decode function in the
HTTP authentication functionality (http_auth.c) in lighttpd 1.4
before 1.4.30 and 1.5 before SVN revision 2806 allows remote
attackers to cause a denial of service (segmentation fault)
via crafted base64 input that triggers an out-of-bounds read
with a negative index.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4362</cvename>
</references>
<dates>
<discovery>2011-11-29</discovery>
<entry>2011-12-28</entry>
</dates>
</vuln>
<vuln vid="4ddc78dc-300a-11e1-a2aa-0016ce01e285">
<topic>krb5-appl -- telnetd code execution vulnerability</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>7.3</ge><lt>7.3_9</lt></range>
<range><ge>7.4</ge><lt>7.4_5</lt></range>
<range><ge>8.1</ge><lt>8.1_7</lt></range>
<range><ge>8.2</ge><lt>8.2_5</lt></range>
</package>
<package>
<name>krb5-appl</name>
<range><lt>1.0.2_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The MIT Kerberos Team reports:</p>
<blockquote cite="http://security.FreeBSD.org/advisories/FreeBSD-SA-11:08.telnetd.asc">
<p>When an encryption key is supplied via the TELNET protocol,
its length is not validated before the key is copied into a
fixed-size buffer. Also see MITKRB5-SA-2011-008.</p>
</blockquote>
</body>
</description>
<references>
<freebsdsa>SA-11:08.telnetd</freebsdsa>
<cvename>CVE-2011-4862</cvename>
<url>http://security.FreeBSD.org/advisories/FreeBSD-SA-11:08.telnetd.asc</url>
<url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-008.txt</url>
</references>
<dates>
<discovery>2011-12-23</discovery>
<entry>2011-12-26</entry>
<modified>2012-01-29</modified>
</dates>
</vuln>
<vuln vid="022a4c77-2da4-11e1-b356-00215c6a37bb">
<topic>proftpd -- arbitrary code execution vulnerability with chroot</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>7.3</ge><lt>7.3_9</lt></range>
<range><ge>7.4</ge><lt>7.4_5</lt></range>
<range><ge>8.1</ge><lt>8.1_6</lt></range>
<range><ge>8.2</ge><lt>8.2_5</lt></range>
</package>
<package>
<name>proftpd</name>
<name>proftpd-mysql</name>
<range><lt>1.3.3g_1</lt></range>
</package>
<package>
<name>proftpd-devel</name>
<range><lt>1.3.3.r4_3,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The FreeBSD security advisory FreeBSD-SA-11:07.chroot reports:</p>
<blockquote cite="http://security.freebsd.org/advisories/FreeBSD-SA-11:07.chroot.asc">
<p>If ftpd is configured to place a user in a chroot environment,
then an attacker who can log in as that user may be able to run
arbitrary code(...).</p>
</blockquote>
<p>Proftpd shares the same problem of a similar nature.</p>
</body>
</description>
<references>
<freebsdsa>SA-11:07.chroot</freebsdsa>
<url>http://seclists.org/fulldisclosure/2011/Nov/452</url>
</references>
<dates>
<discovery>2011-11-30</discovery>
<entry>2011-12-23</entry>
<modified>2012-01-29</modified>
</dates>
</vuln>
<vuln vid="8c83145d-2c95-11e1-89b4-001ec9578670">
<topic>phpMyAdmin -- Multiple XSS</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><gt>3.4</gt><lt>3.4.9.r1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php">
<p>Using crafted url parameters, it was possible to produce XSS on
the export panels in the server, database and table sections.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php">
<p>Crafted values entered in the setup interface can produce XSS;
also, if the config directory exists and is writeable, the XSS
payload can be saved to this directory.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4780</cvename>
<cvename>CVE-2011-4782</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php</url>
</references>
<dates>
<discovery>2011-12-16</discovery>
<entry>2011-12-22</entry>
</dates>
</vuln>
<vuln vid="e3ff776b-2ba6-11e1-93c6-0011856a6e37">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>4.0,1</gt><lt>9.0,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>9.0,1</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.6</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>9.0</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><lt>2.6</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><gt>4.0</gt><lt>9.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)</p>
<p>MFSA 2011-54 Potentially exploitable crash in the YARR regular
expression library</p>
<p>MFSA 2011-55 nsSVGValue out-of-bounds access</p>
<p>MFSA 2011-56 Key detection without JavaScript via SVG
animation</p>
<p>MFSA 2011-58 Crash scaling video to extreme sizes</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3658</cvename>
<cvename>CVE-2011-3660</cvename>
<cvename>CVE-2011-3661</cvename>
<cvename>CVE-2011-3663</cvename>
<cvename>CVE-2011-3665</cvename>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-53.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-54.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-55.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-56.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-58.html</url>
</references>
<dates>
<discovery>2011-12-20</discovery>
<entry>2011-12-21</entry>
<modified>2011-12-21</modified>
</dates>
</vuln>
<vuln vid="7ba65bfd-2a40-11e1-b96e-00215af774f0">
<topic>unbound -- denial of service vulnerabilities from nonstandard redirection and denial of existence</topic>
<affects>
<package>
<name>unbound</name>
<range><lt>1.4.14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Unbound developer reports:</p>
<blockquote cite="http://www.unbound.net/downloads/CVE-2011-4528.txt">
<p>Unbound crashes when confronted with a non-standard response
from a server for a domain. This domain produces duplicate RRs
from a certain type and is DNSSEC signed. Unbound also crashes
when confronted with a query that eventually, and under specific
circumstances, resolves to a domain that misses expected NSEC3
records.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4528</cvename>
<url>http://unbound.nlnetlabs.nl/downloads/CVE-2011-4528.txt</url>
</references>
<dates>
<discovery>2011-12-19</discovery>
<entry>2011-12-19</entry>
</dates>
</vuln>
<vuln vid="3c957a3e-2978-11e1-89b4-001ec9578670">
<topic>typo3 -- Remote Code Execution</topic>
<affects>
<package>
<name>typo3</name>
<range><ge>4.6</ge><lt>4.6.2</lt></range>
<range><lt>4.5.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The typo3 security team reports:</p>
<blockquote cite="http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/">
<p>A crafted request to a vulnerable TYPO3 installation will allow
an attacker to load PHP code from an external source and to
execute it on the TYPO3 installation.</p>
<p>This is caused by a PHP file, which is part of the workspaces
system extension, that does not validate passed arguments.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4614</cvename>
<url>http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/</url>
</references>
<dates>
<discovery>2011-12-16</discovery>
<entry>2011-12-18</entry>
</dates>
</vuln>
<vuln vid="6c7d9a35-2608-11e1-89b4-001ec9578670">
<topic>krb5 -- KDC null pointer dereference in TGS handling</topic>
<affects>
<package>
<name>krb5</name>
<range><ge>1.9</ge><lt>1.9.2_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The MIT Kerberos Team reports:</p>
<blockquote cite="http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-007.txt">
<p>In releases krb5-1.9 and later, the KDC can crash due to a NULL
pointer dereference in code that handles TGS (Ticket Granting
Service) requests. The trigger condition is trivial to produce
using unmodified client software, but requires the ability to
authenticate as a principal in the KDC's realm.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1530</cvename>
<url>http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-007.txt</url>
</references>
<dates>
<discovery>2011-12-11</discovery>
<entry>2011-12-14</entry>
</dates>
</vuln>
<vuln vid="a4a809d8-25c8-11e1-b531-00215c6a37bb">
<topic>opera -- multiple vulnerabilities</topic>
<affects>
<package>
<name>opera</name>
<name>linux-opera</name>
<range><lt>11.60</lt></range>
</package>
<package>
<name>opera-devel</name>
<range><lt>11.60,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Opera software reports:</p>
<blockquote cite="http://www.opera.com/docs/changelogs/unix/1160/">
<ul>
<li>Fixed a moderately severe issue; details will be
disclosed at a later date</li>
<li>Fixed an issue that could allow pages to set cookies
or communicate cross-site for some top level domains;
see our <a href="http://www.opera.com/support/kb/view/1003/">advisory</a></li>
<li>Improved handling of certificate revocation corner
cases</li>
<li>Added a fix for a weakness in the SSL v3.0 and TLS 1.0
specifications, as reported by Thai Duong and Juliano Rizzo;
see our <a href="http://www.opera.com/support/kb/view/1004/">advisory</a></li>
<li>Fixed an issue where the JavaScript "in" operator
allowed leakage of cross-domain information, as reported
by David Bloom; see our <a href="http://www.opera.com/support/kb/view/1005/">advisory</a></li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3389</cvename>
<cvename>CVE-2011-4681</cvename>
<cvename>CVE-2011-4682</cvename>
<cvename>CVE-2011-4683</cvename>
<url>http://www.opera.com/support/kb/view/1003/</url>
<url>http://www.opera.com/support/kb/view/1004/</url>
<url>http://www.opera.com/support/kb/view/1005/</url>
</references>
<dates>
<discovery>2011-12-06</discovery>
<entry>2011-12-13</entry>
</dates>
</vuln>
<vuln vid="bbd5f486-24f1-11e1-95bc-080027ef73ec">
<topic>PuTTY -- Password vulnerability</topic>
<affects>
<package>
<name>putty</name>
<range><ge>0.59</ge><lt>0.62</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simon Tatham reports:</p>
<blockquote cite="http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html">
<p>PuTTY 0.62 fixes a security issue present in 0.59, 0.60 and 0.61.
If you log in using SSH-2 keyboard-interactive authentication
(which is the usual method used by modern servers to request a
password), the password you type was accidentally kept in PuTTY's
memory for the rest of its run, where it could be retrieved by
other processes reading PuTTY's memory, or written out to swap
files or crash dumps.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4607</cvename>
<mlist>http://lists.tartarus.org/pipermail/putty-announce/2011/000017.html</mlist>
<url>http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html</url>
</references>
<dates>
<discovery>2011-12-10</discovery>
<entry>2011-12-12</entry>
<modified>2013-08-07</modified>
</dates>
</vuln>
<vuln vid="bb389137-21fb-11e1-89b4-001ec9578670">
<topic>asterisk -- Multiple Vulnerabilities</topic>
<affects>
<package>
<name>asterisk18</name>
<range><lt>1.8.7.2</lt></range>
</package>
<package>
<name>asterisk16</name>
<range><lt>1.6.2.21</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Asterisk project reports:</p>
<blockquote cite="http://downloads.asterisk.org/pub/security/AST-2011-013.html">
<p>It is possible to enumerate SIP usernames when the general and
user/peer NAT settings differ in whether to respond to the port
a request is sent from or the port listed for responses in the
Via header.</p>
</blockquote>
<blockquote cite="http://downloads.asterisk.org/pub/security/AST-2011-014.html">
<p>When the "automon" feature is enabled in features.conf, it is
possible to send a sequence of SIP requests that cause Asterisk
to dereference a NULL pointer and crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4597</cvename>
<cvename>CVE-2011-4598</cvename>
<url>http://downloads.asterisk.org/pub/security/AST-2011-013.html</url>
<url>http://downloads.asterisk.org/pub/security/AST-2011-014.html</url>
</references>
<dates>
<discovery>2011-12-08</discovery>
<entry>2011-12-09</entry>
</dates>
</vuln>
<vuln vid="93be487e-211f-11e1-89b4-001ec9578670">
<topic>isc-dhcp-server -- Remote DoS</topic>
<affects>
<package>
<name>isc-dhcp42-server</name>
<range><lt>4.2.3_1</lt></range>
</package>
<package>
<name>isc-dhcp41-server</name>
<range><lt>4.1.e_3,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="https://www.isc.org/software/bind/advisories/cve-2011-4539">
<p>A bug exists which allows an attacker who is able to send DHCP
Request packets, either directly or through a relay, to remotely
crash an ISC DHCP server if that server is configured to evaluate
expressions using a regular expression (i.e. uses the "~=" or
"~~" comparison operators).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4539</cvename>
</references>
<dates>
<discovery>2011-12-07</discovery>
<entry>2011-12-07</entry>
</dates>
</vuln>
<vuln vid="ed536336-1c57-11e1-86f4-e0cb4e266481">
<topic>phpMyAdmin -- Multiple XSS</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><gt>3.4</gt><lt>3.4.8.r1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php">
<p>Using crafted database names, it was possible to produce XSS
in the Database Synchronize and Database rename panels. Using
an invalid and crafted SQL query, it was possible to produce
XSS when editing a query on a table overview panel or when
using the view creation dialog. Using a crafted column type,
it was possible to produce XSS in the table search and create
index dialogs.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4634</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php</url>
</references>
<dates>
<discovery>2011-11-24</discovery>
<entry>2011-12-01</entry>
</dates>
</vuln>
<vuln vid="eef56761-11eb-11e1-bb94-001c140104d4">
<topic>hiawatha -- memory leak in PreventSQLi routine</topic>
<affects>
<package>
<name>hiawatha</name>
<range><ge>7.6</ge><lt>7.8.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Hugo Leisink reports via private mail to maintainer:</p>
<blockquote>
<p>The memory leak was introduced in version 7.6. It is in the
routing that checks for SQL injections. So, if you have set
PreventSQLi to 'no', there is no problem.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.hiawatha-webserver.org/changelog</url>
</references>
<dates>
<discovery>2011-11-18</discovery>
<entry>2011-11-18</entry>
</dates>
</vuln>
<vuln vid="90cc1494-10ac-11e1-b3ec-0024e830109b">
<topic>BIND -- Remote DOS</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>7.3</ge><lt>7.3_9</lt></range>
<range><ge>7.4</ge><lt>7.4_5</lt></range>
<range><ge>8.1</ge><lt>8.1_7</lt></range>
<range><ge>8.2</ge><lt>8.2_5</lt></range>
</package>
<package>
<name>bind96</name>
<range><lt>9.6.3.1.ESV.R5.1</lt></range>
</package>
<package>
<name>bind97</name>
<range><lt>9.7.4.1</lt></range>
</package>
<package>
<name>bind98</name>
<range><lt>9.8.1.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Internet Systems Consortium reports:</p>
<blockquote cite="https://www.isc.org/software/bind/advisories/cve-2011-4313">
<p>Organizations across the Internet reported crashes interrupting
service on BIND 9 nameservers performing recursive queries.
Affected servers crashed after logging an error in query.c with
the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))"
Multiple versions were reported being affected, including all
currently supported release versions of ISC BIND 9.</p>
<p>Because it may be possible to trigger this bug even on networks
that do not allow untrusted users to access the recursive name
servers (perhaps via specially crafted e-mail messages, and/or
malicious web sites) it is recommended that ALL operators of
recursive name servers upgrade immediately.</p>
</blockquote>
</body>
</description>
<references>
<freebsdsa>SA-11:06.bind</freebsdsa>
<cvename>CVE-2011-4313</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313</url>
<url>https://www.isc.org/software/bind/advisories/cve-2011-4313</url>
</references>
<dates>
<discovery>2011-11-16</discovery>
<entry>2011-11-16</entry>
<modified>2012-01-29</modified>
</dates>
</vuln>
<vuln vid="d8c901ff-0f0f-11e1-902b-20cf30e32f6d">
<topic>Apache 1.3 -- mod_proxy reverse proxy exposure</topic>
<affects>
<package>
<name>apache</name>
<range><lt>1.3.43</lt></range>
</package>
<package>
<name>apache+ssl</name>
<range><lt>1.3.43.1.59_2</lt></range>
</package>
<package>
<name>apache+ipv6</name>
<range><lt>1.3.43</lt></range>
</package>
<package>
<name>apache+mod_perl</name>
<range><lt>1.3.43</lt></range>
</package>
<package>
<name>apache+mod_ssl</name>
<range><lt>1.3.41+2.8.31_4</lt></range>
</package>
<package>
<name>apache+mod_ssl+ipv6</name>
<range><lt>1.3.41+2.8.31_4</lt></range>
</package>
<package>
<name>ru-apache-1.3</name>
<range><lt>1.3.43+30.23_1</lt></range>
</package>
<package>
<name>ru-apache+mod_ssl</name>
<range><lt>1.3.43+30.23_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Apache HTTP server project reports:</p>
<blockquote cite="http://httpd.apache.org/security/vulnerabilities_13.html">
<p>An exposure was found when using mod_proxy in reverse proxy mode.
In certain configurations using RewriteRule with proxy flag, a
remote attacker could cause the reverse proxy to connect to an
arbitrary server, possibly disclosing sensitive information from
internal web servers not directly accessible to attacker. There
is no patch against this issue!</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3368</cvename>
<url>http://httpd.apache.org/security/vulnerabilities_13.html</url>
<url>http://seclists.org/fulldisclosure/2011/Oct/232</url>
</references>
<dates>
<discovery>2011-10-05</discovery>
<entry>2011-11-14</entry>
</dates>
</vuln>
<vuln vid="7fb9e739-0e6d-11e1-87cd-00235a5f2c9a">
<topic>kdeutils4 -- Directory traversal vulnerability</topic>
<affects>
<package>
<name>kdeutils</name>
<range><ge>4.0.*</ge><lt>4.7.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tim Brown from Nth Dimention reports:</p>
<blockquote cite="http://seclists.org/fulldisclosure/2011/Oct/351">
<p>I recently discovered that the Ark archiving tool is vulnerable
to directory traversal via malformed. When attempts are made to
view files within the malformed Zip file in Ark's default view,
the wrong file may be displayed due to incorrect construction of
the temporary file name. Whilst this does not allow the wrong
file to be overwritten, after closing the default view, Ark will
then attempt to delete the temporary file which could result in
the deletion of the incorrect file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2725</cvename>
<url>http://seclists.org/fulldisclosure/2011/Oct/351</url>
</references>
<dates>
<discovery>2011-10-19</discovery>
<entry>2011-11-14</entry>
</dates>
</vuln>
<vuln vid="38560d79-0e42-11e1-902b-20cf30e32f6d">
<topic>Apache APR -- DoS vulnerabilities</topic>
<affects>
<package>
<name>apr0</name>
<range><lt>0.9.20.0.9.19</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache Portable Runtime Project reports:</p>
<blockquote cite="http://www.apache.org/dist/apr/CHANGES-APR-0.9">
<p>Reimplement apr_fnmatch() from scratch using a non-recursive
algorithm; now has improved compliance with the fnmatch()
spec.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0419</cvename>
<url>http://www.apache.org/dist/apr/Announcement0.9.html</url>
</references>
<dates>
<discovery>2011-05-19</discovery>
<entry>2011-11-13</entry>
</dates>
</vuln>
<vuln vid="1f6ee708-0d22-11e1-b5bd-14dae938ec40">
<topic>phpmyadmin -- Local file inclusion</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><gt>3.4</gt><lt>3.4.7.1</lt></range>
<range><lt>3.3.10.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jan Lieskovsky reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php">
<p>Importing a specially-crafted XML file which contains an XML
entity injection permits to retrieve a local file (limited by the
privileges of the user running the web server).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4107</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php</url>
</references>
<dates>
<discovery>2011-11-10</discovery>
<entry>2011-11-12</entry>
</dates>
</vuln>
<vuln vid="0e8e1212-0ce5-11e1-849b-003067b2972c">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>10.3r183.11</lt></range>
<range><gt>11</gt><lt>11.1r102.55</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe Product Security Incident Response Team reports:</p>
<blockquote cite="https://www.adobe.com/support/security/bulletins/apsb11-28.html">
<p>Critical vulnerabilities have been identified in Adobe Flash
Player 11.0.1.152 and earlier versions for Windows, Macintosh,
Linux and Solaris, and Adobe Flash Player 11.0.1.153 and earlier
versions for Android.</p>
</blockquote>
<p>In addition a patch was released for users of flash10.</p>
</body>
</description>
<references>
<cvename>CVE-2011-2445</cvename>
<cvename>CVE-2011-2450</cvename>
<cvename>CVE-2011-2451</cvename>
<cvename>CVE-2011-2452</cvename>
<cvename>CVE-2011-2453</cvename>
<cvename>CVE-2011-2454</cvename>
<cvename>CVE-2011-2455</cvename>
<cvename>CVE-2011-2456</cvename>
<cvename>CVE-2011-2457</cvename>
<cvename>CVE-2011-2458</cvename>
<cvename>CVE-2011-2459</cvename>
<cvename>CVE-2011-2460</cvename>
<url>https://www.adobe.com/support/security/bulletins/apsb11-28.html</url>
</references>
<dates>
<discovery>2011-11-10</discovery>
<entry>2011-11-11</entry>
</dates>
</vuln>
<vuln vid="7be92050-a450-11e2-9898-001060e06fd4">
<topic>libxml -- Integer overflow</topic>
<affects>
<package>
<name>libxml</name>
<range><lt>1.8.17_5</lt></range>
</package>
<package>
<name>libxml2</name>
<name>linux-f10-libxml2</name>
<range><lt>2.7.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Integer overflow in xpath.c, allows context-dependent attackers
to to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted XML file that triggers a heap-based
buffer overflow when adding a new namespace node, related to
handling of XPath expressions.</p>
</body>
</description>
<references>
<cvename>CVE-2011-1944</cvename>
</references>
<dates>
<discovery>2011-09-02</discovery>
<entry>2011-11-10</entry>
<modified>2011-11-12</modified>
</dates>
</vuln>
<vuln vid="ce4b3af8-0b7c-11e1-846b-00235409fd3e">
<topic>libxml -- Multiple use-after-free vulnerabilities</topic>
<affects>
<package>
<name>libxml</name>
<range><lt>1.8.17_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Multiple use-after-free vulnerabilities in libxml 1.8.17 that
allow context-dependent attackers to cause a denial of service
(application crash) via crafted (1) Notation or (2) Enumeration
attribute types in an XML file.</p>
</body>
</description>
<references>
<cvename>CVE-2009-2416</cvename>
</references>
<dates>
<discovery>2009-08-03</discovery>
<entry>2011-11-10</entry>
<modified>2011-11-12</modified>
</dates>
</vuln>
<vuln vid="5a7d4110-0b7a-11e1-846b-00235409fd3e">
<topic>libxml -- Stack consumption vulnerability</topic>
<affects>
<package>
<name>libxml</name>
<range><lt>1.8.17_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Stack consumption vulnerability allows context-dependent
attackers to cause a denial of service (application crash) via
a large depth of element declarations in a DTD.</p>
</body>
</description>
<references>
<cvename>CVE-2009-2414</cvename>
</references>
<dates>
<discovery>2009-08-03</discovery>
<entry>2011-11-10</entry>
<modified>2011-11-12</modified>
</dates>
</vuln>
<vuln vid="bdec8dc2-0b3b-11e1-b722-001cc0476564">
<topic>gnutls -- client session resumption vulnerability</topic>
<affects>
<package>
<name>gnutls</name>
<range><lt>2.12.14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The GnuTLS team reports:</p>
<blockquote cite="http://www.gnu.org/software/gnutls/security.html">
<p>GNUTLS-SA-2011-2 Possible buffer overflow/Denial of service.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4128</cvename>
<url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596</url>
</references>
<dates>
<discovery>2011-11-08</discovery>
<entry>2011-11-10</entry>
</dates>
</vuln>
<vuln vid="6c8ad3e8-0a30-11e1-9580-4061862b8c22">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>4.0,1</gt><lt>8.0,1</lt></range>
<range><gt>3.6.*,1</gt><lt>3.6.24,1</lt></range>
</package>
<package>
<name>libxul</name>
<range><gt>1.9.2.*</gt><lt>1.9.2.24</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>8.0,1</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>8.0</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><gt>4.0</gt><lt>8.0</lt></range>
<range><lt>3.1.16</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2011-46 loadSubScript unwraps XPCNativeWrapper scope
parameter (1.9.2 branch)</p>
<p>MFSA 2011-47 Potential XSS against sites using Shift-JIS</p>
<p>MFSA 2011-48 Miscellaneous memory safety hazards (rv:8.0)</p>
<p>MFSA 2011-49 Memory corruption while profiling using Firebug</p>
<p>MFSA 2011-50 Cross-origin data theft using canvas and Windows
D2D</p>
<p>MFSA 2011-51 Cross-origin image theft on Mac with integrated
Intel GPU</p>
<p>MFSA 2011-52 Code execution via NoWaiverWrapper</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3647</cvename>
<cvename>CVE-2011-3648</cvename>
<cvename>CVE-2011-3649</cvename>
<cvename>CVE-2011-3650</cvename>
<cvename>CVE-2011-3651</cvename>
<cvename>CVE-2011-3652</cvename>
<cvename>CVE-2011-3653</cvename>
<cvename>CVE-2011-3654</cvename>
<cvename>CVE-2011-3655</cvename>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-46.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-47.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-48.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-49.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-50.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-51.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-52.html</url>
</references>
<dates>
<discovery>2011-11-08</discovery>
<entry>2011-11-08</entry>
</dates>
</vuln>
<vuln vid="9dde9dac-08f4-11e1-af36-003067b2972c">
<topic>caml-light -- insecure use of temporary files</topic>
<affects>
<package>
<name>caml-light</name>
<range><le>0.75</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>caml-light uses mktemp() insecurely, and also does
unsafe things in /tmp during make install.</p>
</body>
</description>
<references>
<cvename>CVE-2011-4119</cvename>
<mlist msgid="20111106200911.GC13652@netbsd.org">http://seclists.org/oss-sec/2011/q4/249</mlist>
</references>
<dates>
<discovery>2011-11-02</discovery>
<entry>2011-11-06</entry>
</dates>
</vuln>
<vuln vid="54075e39-04ac-11e1-a94e-bcaec565249c">
<topic>freetype -- Some type 1 fonts handling vulnerabilities</topic>
<affects>
<package>
<name>freetype2</name>
<range><lt>2.4.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The FreeType project reports:</p>
<blockquote cite="http://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view">
<p>A couple of vulnerabilities in handling Type 1 fonts.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3256</cvename>
<url>http://sourceforge.net/projects/freetype/files/freetype2/2.4.7/README/view</url>
<url>https://bugzilla.redhat.com/attachment.cgi?id=528829&action=diff</url>
</references>
<dates>
<discovery>2011-10-12</discovery>
<entry>2011-11-01</entry>
</dates>
</vuln>
<vuln vid="f08e2c15-ffc9-11e0-b0f3-bcaec565249c">
<topic>cacti -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>cacti</name>
<range><lt>0.8.7h</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cacti Group reports:</p>
<blockquote cite="http://www.cacti.net/release_notes_0_8_7h.php">
<p>SQL injection issue with user login, and cross-site scripting
issues.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.cacti.net/release_notes_0_8_7h.php</url>
</references>
<dates>
<discovery>2011-09-26</discovery>
<entry>2011-10-26</entry>
</dates>
</vuln>
<vuln vid="395e0faa-ffa7-11e0-8ac4-6c626dd55a41">
<topic>phpmyfaq -- Remote PHP Code Injection Vulnerability</topic>
<affects>
<package>
<name>phpmyfaq</name>
<range><lt>2.6.19</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyFAQ project reports:</p>
<blockquote cite="http://www.phpmyfaq.de/advisory_2011-10-25.php">
<p>The phpMyFAQ Team has learned of a serious security issue that
has been discovered in our bundled ImageManager library we use
in phpMyFAQ 2.6 and 2.7. The bundled ImageManager library
allows injection of arbitrary PHP code via POST requests.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyfaq.de/advisory_2011-10-25.php</url>
<url>http://forum.phpmyfaq.de/viewtopic.php?f=3&t=13402</url>
</references>
<dates>
<discovery>2011-10-25</discovery>
<entry>2011-10-26</entry>
</dates>
</vuln>
<vuln vid="edf47177-fe3f-11e0-a207-0014a5e3cda6">
<topic>phpLDAPadmin -- Remote PHP code injection vulnerability</topic>
<affects>
<package>
<name>phpldapadmin</name>
<range><ge>1.2.0</ge><lt>1.2.1.1_1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>EgiX (n0b0d13s at gmail dot com) reports:</p>
<blockquote cite="http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt">
<p>The $sortby parameter passed to 'masort' function in file
lib/functions.php isn't properly sanitized before being used in
a call to create_function() at line 1080. This can be exploited
to inject and execute arbitrary PHP code. The only possible
attack vector is when handling the 'query_engine' command, in
which input passed through $_REQUEST['orderby'] is passed as
$sortby parameter to 'masort' function.</p>
</blockquote>
</body>
</description>
<references>
<url>http://packetstormsecurity.org/files/106120/phpldapadmin-inject.txt</url>
<url>http://sourceforge.net/tracker/?func=detail&aid=3417184&group_id=61828&atid=498546</url>
</references>
<dates>
<discovery>2011-10-23</discovery>
<entry>2011-10-24</entry>
</dates>
</vuln>
<vuln vid="6d21a287-fce0-11e0-a828-00235a5f2c9a">
<topic>kdelibs4, rekonq -- input validation failure</topic>
<affects>
<package>
<name>kdelibs</name>
<range><ge>4.0.*</ge><lt>4.7.2</lt></range>
</package>
<package>
<name>rekonq</name>
<range><lt>0.8.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>KDE Security Advisory reports:</p>
<blockquote cite="http://www.kde.org/info/security/advisory-20111003-1.txt">
<p>The default rendering type for a QLabel is QLabel::AutoText,
which uses heuristics to determine whether to render the given
content as plain text or rich text. KSSL and Rekonq did not
properly force its QLabels to use QLabel::PlainText. As a result,
if given a certificate containing rich text in its fields, they
would render the rich text. Specifically, a certificate
containing a common name (CN) that has a table element will cause
the second line of the table to be displayed. This can allow
spoofing of the certificate's common name.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.kde.org/info/security/advisory-20111003-1.txt</url>
<url>http://www.nth-dimension.org.uk/pub/NDSA20111003.txt.asc</url>
<cvename>CVE-2011-3365</cvename>
<cvename>CVE-2011-3366</cvename>
</references>
<dates>
<discovery>2011-10-03</discovery>
<entry>2011-10-23</entry>
</dates>
</vuln>
<vuln vid="411ecb79-f9bc-11e0-a7e6-6c626dd55a41">
<topic>piwik -- unknown critical vulnerabilities</topic>
<affects>
<package>
<name>piwik</name>
<range><gt>1.1</gt><lt>1.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/46461/">
<p>Multiple vulnerabilities with an unknown impact have been
reported in Piwik. The vulnerabilities are caused due to
unspecified errors. No further information is currently
available.</p>
</blockquote>
</body>
</description>
<references>
<url>http://secunia.com/advisories/46461/</url>
<url>http://piwik.org/blog/2011/10/piwik-1-6/</url>
</references>
<dates>
<discovery>2011-10-18</discovery>
<entry>2011-10-20</entry>
</dates>
</vuln>
<vuln vid="8441957c-f9b4-11e0-a78a-bcaec565249c">
<topic>Xorg server -- two vulnerabilities in X server lock handling code</topic>
<affects>
<package>
<name>xorg-server</name>
<range><lt>1.7.7_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Matthieu Herrb reports:</p>
<blockquote cite="http://lists.freedesktop.org/archives/xorg-announce/2011-October/001744.html">
<p>It is possible to deduce if a file exists or not by exploiting
the way that Xorg creates its lock files. This is caused by the
fact that the X server is behaving differently if the lock file
already exists as a symbolic link pointing to an existing or
non-existing file.</p>
<p>It is possible for a non-root user to set the permissions for
all users on any file or directory to 444, giving unwanted read
access or causing denies of service (by removing execute
permission). This is caused by a race between creating the lock
file and setting its access modes.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4028</cvename>
<cvename>CVE-2011-4029</cvename>
</references>
<dates>
<discovery>2011-10-18</discovery>
<entry>2011-10-18</entry>
</dates>
</vuln>
<vuln vid="a95092a6-f8f1-11e0-a7ea-00215c6a37bb">
<topic>asterisk -- remote crash vulnerability in SIP channel driver</topic>
<affects>
<package>
<name>asterisk18</name>
<range><gt>1.8.*</gt><lt>1.8.7.1</lt></range>
</package>
<package>
<name>asterisk</name>
<range><gt>10.0.0.*</gt><lt>10.0.0.r1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Asterisk project reports:</p>
<blockquote cite="http://downloads.asterisk.org/pub/security/AST-2011-012.html">
<p>A remote authenticated user can cause a crash with a malformed
request due to an unitialized variable.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-4063</cvename>
</references>
<dates>
<discovery>2011-10-17</discovery>
<entry>2011-10-17</entry>
</dates>
</vuln>
<vuln vid="e454ca2f-f88d-11e0-b566-00163e01a509">
<topic>PivotX -- Remote File Inclusion Vulnerability of TimThumb</topic>
<affects>
<package>
<name>pivotx</name>
<range><lt>2.3.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The PivotX team reports:</p>
<blockquote cite="http://blog.pivotx.net/page/security">
<p>TimThumb domain name security bypass and insecure cache
handling. PivotX before 2.3.0 includes a vulnerable version
of TimThumb.</p>
</blockquote>
<blockquote cite="http://blog.pivotx.net/2011-10-14/timthumb-update-for-older-pivotx-installs">
<p>If you are still running PivotX 2.2.6, you might be vulnerable
to a security exploit, that was patched previously. Version
2.3.0 doesn't have this issue, but any older version of PivotX
might be vulnerable.</p>
</blockquote>
</body>
</description>
<references>
<bid>48963</bid>
<url>https://secunia.com/advisories/45416/</url>
</references>
<dates>
<discovery>2011-08-03</discovery>
<entry>2011-10-17</entry>
</dates>
</vuln>
<vuln vid="9bad5ab1-f3f6-11e0-8b5c-b482fe3f522d">
<topic>OpenTTD -- Multiple buffer overflows in validation of external data</topic>
<affects>
<package>
<name>openttd</name>
<range><ge>0.1.0</ge><lt>1.1.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenTTD Team reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3343">
<p>Multiple buffer overflows in OpenTTD before 1.1.3 allow local
users to cause a denial of service (daemon crash) or possibly
gain privileges via (1) a crafted BMP file with RLE compression
or (2) crafted dimensions in a BMP file.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3343</cvename>
<url>http://security.openttd.org/en/CVE-2011-3343</url>
</references>
<dates>
<discovery>2011-08-25</discovery>
<entry>2011-10-16</entry>
</dates>
</vuln>
<vuln vid="78c25ed7-f3f9-11e0-8b5c-b482fe3f522d">
<topic>OpenTTD -- Buffer overflows in savegame loading</topic>
<affects>
<package>
<name>openttd</name>
<range><ge>0.1.0</ge><lt>1.1.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenTTD Team reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3342">
<p>Multiple buffer overflows in OpenTTD before 1.1.3 allow remote
attackers to cause a denial of service (daemon crash) or possibly
execute arbitrary code via vectors related to (1) NAME, (2) PLYR,
(3) CHTS, or (4) AIPL (aka AI config) chunk loading from a
savegame.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3342</cvename>
<url>http://security.openttd.org/en/CVE-2011-3342</url>
</references>
<dates>
<discovery>2011-08-08</discovery>
<entry>2011-10-16</entry>
</dates>
</vuln>
<vuln vid="e77befb5-f3f9-11e0-8b5c-b482fe3f522d">
<topic>OpenTTD -- Denial of service via improperly validated commands</topic>
<affects>
<package>
<name>openttd</name>
<range><ge>0.3.5</ge><lt>1.1.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenTTD Team reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3341">
<p>Multiple off-by-one errors in order_cmd.cpp in OpenTTD before
1.1.3 allow remote attackers to cause a denial of service (daemon
crash) or possibly execute arbitrary code via a crafted
CMD_INSERT_ORDER command.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3341</cvename>
<url>http://security.openttd.org/en/CVE-2011-3341</url>
</references>
<dates>
<discovery>2011-08-25</discovery>
<entry>2011-10-16</entry>
</dates>
</vuln>
<vuln vid="ab9be2c8-ef91-11e0-ad5a-00215c6a37bb">
<topic>quagga -- multiple vulnerabilities</topic>
<affects>
<package>
<name>quagga</name>
<range><lt>0.99.19</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CERT-FI reports:</p>
<blockquote cite="https://www.cert.fi/en/reports/2011/vulnerability539178.html">
<p>Five vulnerabilities have been found in the BGP, OSPF, and
OSPFv3 components of Quagga. The vulnerabilities allow an
attacker to cause a denial of service or potentially to
execute his own code by sending a specially modified packets
to an affected server. Routing messages are typically accepted
from the routing peers. Exploiting these vulnerabilities may
require an established routing session (BGP peering or
OSPF/OSPFv3 adjacency) to the router.</p>
<p>The vulnerability <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3327">CVE-2011-3327</a>
is related to the extended communities handling in BGP
messages. Receiving a malformed BGP update can result
in a buffer overflow and disruption of IPv4 routing.</p>
<p>The vulnerability <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3326">CVE-2011-3326</a>
results from the handling of LSA (Link State Advertisement)
states in the OSPF service. Receiving a modified Link State
Update message with malicious state information can result in
denial of service in IPv4 routing.</p>
<p>The vulnerability <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3325">CVE-2011-3325</a>
is a denial of service vulnerability related to Hello message
handling by the OSPF service. As Hello messages are used to
initiate adjacencies, exploiting the vulnerability may be
feasible from the same broadcast domain without an established
adjacency. A malformed packet may result in denial of service
in IPv4 routing.</p>
<p>The vulnerabilities <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3324">CVE-2011-3324</a>
and <a href="http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3323">CVE-2011-3323</a>
are related to the IPv6 routing protocol (OSPFv3) implemented
in ospf6d daemon. Receiving modified Database Description and
Link State Update messages, respectively, can result in denial
of service in IPv6 routing.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3323</cvename>
<cvename>CVE-2011-3324</cvename>
<cvename>CVE-2011-3325</cvename>
<cvename>CVE-2011-3326</cvename>
<cvename>CVE-2011-3327</cvename>
</references>
<dates>
<discovery>2011-09-26</discovery>
<entry>2011-10-05</entry>
</dates>
</vuln>
<vuln vid="1fade8a3-e9e8-11e0-9580-4061862b8c22">
<topic>Mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>4.0,1</gt><lt>7.0,1</lt></range>
<range><gt>3.6.*,1</gt><lt>3.6.23,1</lt></range>
</package>
<package>
<name>libxul</name>
<range><gt>1.9.2.*</gt><lt>1.9.2.23</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>7.0,1</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.4</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>7.0</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><lt>2.4</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><gt>4.0</gt><lt>7.0</lt></range>
<range><lt>3.1.15</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2011-36 Miscellaneous memory safety hazards (rv:7.0 /
rv:1.9.2.23)</p>
<p>MFSA 2011-37 Integer underflow when using JavaScript RegExp</p>
<p>MFSA 2011-38 XSS via plugins and shadowed window.location
object</p>
<p>MFSA 2011-39 Defense against multiple Location headers due to
CRLF Injection</p>
<p>MFSA 2011-40 Code installation through holding down Enter</p>
<p>MFSA 2011-41 Potentially exploitable WebGL crashes</p>
<p>MFSA 2011-42 Potentially exploitable crash in the YARR regular
expression library</p>
<p>MFSA 2011-43 loadSubScript unwraps XPCNativeWrapper scope
parameter</p>
<p>MFSA 2011-44 Use after free reading OGG headers</p>
<p>MFSA 2011-45 Inferring Keystrokes from motion data</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2372</cvename>
<cvename>CVE-2011-2995</cvename>
<cvename>CVE-2011-2996</cvename>
<cvename>CVE-2011-2997</cvename>
<cvename>CVE-2011-2999</cvename>
<cvename>CVE-2011-3000</cvename>
<cvename>CVE-2011-3001</cvename>
<cvename>CVE-2011-3002</cvename>
<cvename>CVE-2011-3003</cvename>
<cvename>CVE-2011-3004</cvename>
<cvename>CVE-2011-3005</cvename>
<cvename>CVE-2011-3232</cvename>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-36.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-37.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-38.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-39.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-40.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-41.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-42.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-43.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-44.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-45.html</url>
</references>
<dates>
<discovery>2011-09-27</discovery>
<entry>2011-09-28</entry>
</dates>
</vuln>
<vuln vid="53e531a7-e559-11e0-b481-001b2134ef46">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-flashplugin</name>
<range><le>9.0r289</le></range>
</package>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>10.3r183.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe Product Security Incident Response Team reports:</p>
<blockquote cite="https://www.adobe.com/support/security/bulletins/apsb11-26.html">
<p>Critical vulnerabilities have been identified in Adobe Flash
Player 10.3.183.7 and earlier versions for Windows, Macintosh,
Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier
versions for Android. These vulnerabilities could cause a crash
and potentially allow an attacker to take control of the
affected system.</p>
<p>There are reports that one of these vulnerabilities
(CVE-2011-2444) is being exploited in the wild in active
targeted attacks designed to trick the user into clicking on
a malicious link delivered in an email message. This universal
cross-site scripting issue could be used to take actions on a
user's behalf on any website or webmail provider if the user
visits a malicious website.</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.adobe.com/support/security/bulletins/apsb11-26.html</url>
<cvename>CVE-2011-2426</cvename>
<cvename>CVE-2011-2427</cvename>
<cvename>CVE-2011-2428</cvename>
<cvename>CVE-2011-2429</cvename>
<cvename>CVE-2011-2430</cvename>
<cvename>CVE-2011-2444</cvename>
</references>
<dates>
<discovery>2011-06-06</discovery>
<entry>2011-09-22</entry>
</dates>
</vuln>
<vuln vid="e44fe906-df27-11e0-a333-001cc0a36e12">
<topic>phpMyAdmin -- multiple XSS vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><lt>3.4.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php">
<p>Firstly, if a row contains javascript code, after inline
editing this row and saving, the code is executed. Secondly,
missing sanitization on the db, table and column names leads
to XSS vulnerabilities.</p>
<p>Versions 3.4.0 to 3.4.4 were found vulnerable.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php</url>
</references>
<dates>
<discovery>2011-09-11</discovery>
<entry>2011-09-14</entry>
</dates>
</vuln>
<vuln vid="d01d10c7-de2d-11e0-b215-00215c6a37bb">
<topic>django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py23-django</name>
<name>py24-django</name>
<name>py25-django</name>
<name>py26-django</name>
<name>py27-django</name>
<name>py30-django</name>
<name>py31-django</name>
<range><ge>1.3</ge><lt>1.3.1</lt></range>
<range><ge>1.2</ge><lt>1.2.7</lt></range>
</package>
<package>
<name>py23-django-devel</name>
<name>py24-django-devel</name>
<name>py25-django-devel</name>
<name>py26-django-devel</name>
<name>py27-django-devel</name>
<name>py30-django-devel</name>
<name>py31-django-devel</name>
<range><lt>16758,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Django project reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/">
<p>Please reference CVE/URL list for details</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/</url>
</references>
<dates>
<discovery>2011-09-09</discovery>
<entry>2011-09-13</entry>
<modified>2011-11-01</modified>
</dates>
</vuln>
<vuln vid="4ae68e7c-dda4-11e0-a906-00215c6a37bb">
<topic>roundcube -- XSS vulnerability</topic>
<affects>
<package>
<name>roundcube</name>
<range><lt>0.5.4,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>RoundCube development Team reports:</p>
<blockquote cite="http://sourceforge.net/news/?group_id=139281&id=302769">
<p>We just published a new release which fixes a recently
reported XSS vulnerability as an update to the stable 0.5
branch. Please update your installations with this new
version or patch them with the fix which is also published
in the downloads section or our sourceforge.net page.</p>
</blockquote>
<p>and:</p>
<blockquote cite="http://trac.roundcube.net/ticket/1488030">
<p>During one of pen-tests I found that _mbox parameter is not
properly sanitized and reflected XSS attack is possible.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2937</cvename>
</references>
<dates>
<discovery>2011-08-09</discovery>
<entry>2011-09-13</entry>
</dates>
</vuln>
<vuln vid="b9f3ffa3-dd6c-11e0-b7fc-000a5e1e33c6">
<topic>libsndfile -- PAF file processing integer overflow</topic>
<affects>
<package>
<name>libsndfile</name>
<range><lt>1.0.25</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/45125/">
<p>Hossein Lotfi has discovered a vulnerability in libsndfile,
which can be exploited by malicious people to potentially
compromise an application using the library. The vulnerability
is caused due to an integer overflow error in the "paf24_init()"
function (src/paf.c) when processing Paris Audio (PAF) files.
This can be exploited to cause a heap-based buffer overflow via
a specially crafted file. Successful exploitation may allow
execution of arbitrary code. The vulnerability is confirmed in
version 1.0.24. Other versions may also be affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2696</cvename>
<url>http://secunia.com/advisories/45125/</url>
</references>
<dates>
<discovery>2011-07-12</discovery>
<entry>2011-09-12</entry>
</dates>
</vuln>
<vuln vid="2ecb7b20-d97e-11e0-b2e2-00215c6a37bb">
<topic>OpenSSL -- multiple vulnerabilities</topic>
<affects>
<package>
<name>openssl</name>
<range><ge>1.0.0</ge><lt>1.0.0_6</lt></range>
<range><ge>0.9.8</ge><lt>1.0.0</lt></range>
</package>
<package>
<name>linux-f10-openssl</name>
<range><ge>0.9.8</ge><lt>0.9.8r</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OpenSSL Team reports:</p>
<blockquote cite="http://openssl.org/news/secadv_20110906.txt">
<p>Two security flaws have been fixed in OpenSSL 1.0.0e</p>
<p>Under certain circumstances OpenSSL's internal certificate
verification routines can incorrectly accept a CRL whose
nextUpdate field is in the past. (CVE-2011-3207)</p>
<p>OpenSSL server code for ephemeral ECDH ciphersuites is not
thread-safe, and furthermore can crash if a client violates
the protocol by sending handshake messages in incorrect
order. (CVE-2011-3210)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3207</cvename>
<cvename>CVE-2011-3210</cvename>
<url>http://www.openssl.org/news/secadv_20110906.txt</url>
</references>
<dates>
<discovery>2011-09-06</discovery>
<entry>2011-09-07</entry>
<modified>2014-04-10</modified>
</dates>
</vuln>
<vuln vid="a83f25df-d775-11e0-8bf1-003067b2972c">
<topic>XSS issue in MantisBT</topic>
<affects>
<package>
<name>mantis</name>
<range><ge>1.2.0</ge><lt>1.2.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="http://www.mantisbt.org/blog/?p=142">
<p>Net.Edit0r from BlACK Hat Group reported an XSS issue in
search.php. All MantisBT users (including anonymous users that
are not logged in to public bug trackers) could be impacted by
this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<freebsdpr>ports/160368</freebsdpr>
<cvename>CVE-2011-2938</cvename>
</references>
<dates>
<discovery>2011-08-18</discovery>
<entry>2011-09-05</entry>
</dates>
</vuln>
<vuln vid="e55f948f-d729-11e0-abd1-0017f22d6707">
<topic>security/cfs -- buffer overflow</topic>
<affects>
<package>
<name>cfs</name>
<range><le>1.4.1_6</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Debian reports:</p>
<blockquote cite="http://www.debian.org/security/2002/dsa-116">
<p>Zorgon found several buffer overflows in cfsd, a daemon that
pushes encryption services into the Unix(tm) file system.
We are not yet sure if these overflows can successfully be
exploited to gain root access to the machine running the CFS
daemon. However, since cfsd can easily be forced to die, a
malicious user can easily perform a denial of service attack
to it.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2002-0351</cvename>
<url>http://www.debian.org/security/2002/dsa-116</url>
</references>
<dates>
<discovery>2002-03-02</discovery>
<entry>2011-09-04</entry>
</dates>
</vuln>
<vuln vid="1b27af46-d6f6-11e0-89a6-080027ef73ec">
<topic>ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle</topic>
<affects>
<package>
<name>ca_root_nss</name>
<range><lt>3.12.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Matthias Andree reports that the ca-bundle.pl used in older
versions of the ca_root_nss FreeBSD port before 3.12.11 did not
take the Mozilla/NSS/CKBI untrusted markers into account and
would add certificates to the trust bundle that were marked
unsafe by Mozilla.</p>
</body>
</description>
<references>
<freebsdpr>ports/160455</freebsdpr>
</references>
<dates>
<discovery>2011-09-04</discovery>
<entry>2011-09-04</entry>
</dates>
</vuln>
<vuln vid="aa5bc971-d635-11e0-b3cf-080027ef73ec">
<topic>nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl</topic>
<affects>
<package>
<name>nss</name>
<range><lt>3.12.11</lt></range>
<!-- this builds on the assumption that 3.12.11 in ports actually
contains the CKBI 1.87 update to the built-in certificates
as commited by kwm@ on September 3rd, 2011 -->
</package>
<package>
<name>ca_root_nss</name>
<range><lt>3.12.11</lt></range>
<!-- this builds on the assumption that 3.12.11 in ports actually
contains the CKBI 1.87 update to the built-in certificates
as commited by mandree@ on September 4th, 2011 -->
</package>
<package>
<name>firefox</name>
<range><gt>3.6.*,1</gt><lt>3.6.22,1</lt></range>
<range><gt>4.0.*,1</gt><lt>6.0.2,1</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><lt>2.3.2</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>3.6.22,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><gt>3.1.*</gt><lt>3.1.14</lt></range>
<range><gt>5.0.*</gt><lt>6.0.2</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>3.1.14</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><lt>2.3.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Heather Adkins, Google's Information Security Manager, reported that
Google received</p>
<blockquote cite="http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html">
<p>[...] reports of attempted SSL man-in-the-middle (MITM)
attacks against Google users, whereby someone tried to get between
them and encrypted Google services. The people affected were
primarily located in Iran. The attacker used a fraudulent SSL
certificate issued by DigiNotar, a root certificate authority that
should not issue certificates for Google (and has since revoked
it). [...]</p>
</blockquote>
<p>VASCO Data Security International Inc., owner of DigiNotar, issued a
press statement confirming this incident:</p>
<blockquote cite="http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx">
<p>On July 19th 2011, DigiNotar detected an intrusion
into its Certificate Authority (CA) infrastructure, which resulted
in the fraudulent issuance of public key certificate requests for
a number of domains, including Google.com. [...] an external
security audit concluded that all fraudulently issued certificates
were
revoked. Recently, it was discovered that at least one fraudulent
certificate had not been revoked at the time. [...]</p>
</blockquote>
<p>Mozilla, maintainer of the NSS package, from which FreeBSD derived
ca_root_nss, stated that they:</p>
<blockquote cite="https://blog.mozilla.com/security/2011/09/02/diginotar-removal-follow-up/">
<p>revoked our trust in the DigiNotar certificate authority from
all Mozilla software. This is not a temporary suspension, it is
a complete removal from our trusted root program. Complete
revocation of trust is a decision we treat with careful
consideration, and employ as a last resort.
</p><p>Three central issues informed our decision:</p>
<ol><li>Failure to notify. [...]</li>
<li>The scope of the breach remains unknown. [...]</li>
<li>The attack is not theoretical.</li></ol>
</blockquote>
</body>
</description>
<references>
<url>http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-34.html</url>
<url>http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html</url>
</references>
<dates>
<discovery>2011-07-19</discovery>
<entry>2011-09-03</entry>
<modified>2011-09-06</modified>
</dates>
</vuln>
<vuln vid="7f6108d2-cea8-11e0-9d58-0800279895ea">
<topic>apache -- Range header DoS vulnerability</topic>
<affects>
<package>
<name>apache</name>
<name>apache-event</name>
<name>apache-itk</name>
<name>apache-peruser</name>
<name>apache-worker</name>
<range><gt>2.*</gt><lt>2.2.20</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Apache HTTP server project reports:</p>
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192">
<p>A denial of service vulnerability has been found in the way
the multiple overlapping ranges are handled by Apache HTTPD
server.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3192</cvename>
<url>https://people.apache.org/~dirkx/CVE-2011-3192.txt</url>
<url>https://svn.apache.org/viewvc?view=revision&revision=1161534</url>
<url>https://svn.apache.org/viewvc?view=revision&revision=1162874</url>
</references>
<dates>
<discovery>2011-08-24</discovery>
<entry>2011-08-30</entry>
<modified>2011-09-01</modified>
</dates>
</vuln>
<vuln vid="cdeb34e6-d00d-11e0-987e-00215c6a37bb">
<topic>stunnel -- heap corruption vulnerability</topic>
<affects>
<package>
<name>stunnel</name>
<range><ge>4.40</ge><lt>4.42</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Michal Trojnara reports:</p>
<blockquote cite="http://www.stunnel.org/pipermail/stunnel-announce/2011-August/000059.html">
<p>Version 4.42, 2011.08.18, urgency: HIGH:</p>
<p>Fixed a heap corruption vulnerability in versions 4.40 and 4.41.
It may possibly be leveraged to perform DoS or remote code
execution attacks.</p>
</blockquote>
</body>
</description>
<references>
<bid>49254</bid>
<cvename>CVE-2011-2940</cvename>
</references>
<dates>
<discovery>2011-08-25</discovery>
<entry>2011-08-26</entry>
</dates>
</vuln>
<vuln vid="75e26236-ce9e-11e0-b26a-00215c6a37bb">
<topic>phpMyAdmin -- multiple XSS vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><lt>3.4.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-13.php">
<p>Multiple XSS in the Tracking feature.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-3181</cvename>
</references>
<dates>
<discovery>2011-08-24</discovery>
<entry>2011-08-24</entry>
</dates>
</vuln>
<vuln vid="3f1df2f9-cd22-11e0-9bb2-00215c6a37bb">
<topic>PHP -- crypt() returns only the salt for MD5</topic>
<affects>
<package>
<name>php5</name>
<range><ge>5.3.7</ge><lt>5.3.7_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PHP development team reports:</p>
<blockquote cite="https://bugs.php.net/bug.php?id=55439">
<p>If crypt() is executed with MD5 salts, the return value
consists of the salt only. DES and BLOWFISH salts work as
expected.</p>
</blockquote>
</body>
</description>
<references>
<url>https://bugs.php.net/bug.php?id=55439</url>
</references>
<dates>
<discovery>2011-08-17</discovery>
<entry>2011-08-23</entry>
<modified>2011-08-30</modified>
</dates>
</vuln>
<vuln vid="057bf770-cac4-11e0-aea3-00215c6a37bb">
<topic>php -- multiple vulnerabilities</topic>
<affects>
<package>
<name>php5</name>
<name>php5-sockets</name>
<range><lt>5.3.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PHP development team reports:</p>
<blockquote cite="http://www.php.net/ChangeLog-5.php#5.3.7">
<p>Security Enhancements and Fixes in PHP 5.3.7:</p>
<ul>
<li>Updated crypt_blowfish to 1.2. (CVE-2011-2483)</li>
<li>Fixed crash in error_log(). Reported by Mateusz
Kocielski</li>
<li>Fixed buffer overflow on overlog salt in crypt().</li>
<li>Fixed bug #54939 (File path injection vulnerability
in RFC1867 File upload filename). Reported by Krzysztof
Kotowicz. (CVE-2011-2202)</li>
<li>Fixed stack buffer overflow in socket_connect().
(CVE-2011-1938)</li>
<li>Fixed bug #54238 (use-after-free in substr_replace()).
(CVE-2011-1148)</li>
</ul>
</blockquote>
</body>
</description>
<references>
<bid>49241</bid>
<cvename>CVE-2011-2483</cvename>
<cvename>CVE-2011-2202</cvename>
<cvename>CVE-2011-1938</cvename>
<cvename>CVE-2011-1148</cvename>
</references>
<dates>
<discovery>2011-08-18</discovery>
<entry>2011-08-20</entry>
</dates>
</vuln>
<vuln vid="be77eff6-ca91-11e0-aea3-00215c6a37bb">
<topic>rubygem-rails -- multiple vulnerabilities</topic>
<affects>
<package>
<name>rubygem-rails</name>
<range><lt>3.0.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SecurityFocus reports:</p>
<blockquote cite="http://www.securityfocus.com/bid/49179/discuss">
<p>Ruby on Rails is prone to multiple vulnerabilities
including SQL-injection, information-disclosure,
HTTP-header-injection, security-bypass and cross-site
scripting issues.</p>
</blockquote>
</body>
</description>
<references>
<bid>49179</bid>
<url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6a1e473744bc389b</url>
<url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/3420ac71aed312d6</url>
<url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/6ffc93bde0298768</url>
<url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b9130749b74ea12</url>
<url>http://groups.google.com/group/rubyonrails-security/browse_thread/thread/56bffb5923ab1195</url>
</references>
<dates>
<discovery>2011-08-16</discovery>
<entry>2011-08-19</entry>
</dates>
</vuln>
<vuln vid="0b53f5f7-ca8a-11e0-aea3-00215c6a37bb">
<topic>dovecot -- denial of service vulnerability</topic>
<affects>
<package>
<name>dovecot</name>
<range><lt>1.2.17</lt></range>
<range><gt>2.0</gt><lt>2.0.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Timo Sirainen reports:</p>
<blockquote cite="http://dovecot.org/pipermail/dovecot/2011-May/059086.html">
<p> Fixed potential crashes and other problems when parsing header
names that contained NUL characters.</p>
</blockquote>
</body>
</description>
<references>
<bid>47930</bid>
<cvename>CVE-2011-1929</cvename>
</references>
<dates>
<discovery>2011-05-25</discovery>
<entry>2011-08-19</entry>
</dates>
</vuln>
<vuln vid="86baa0d4-c997-11e0-8a8e-00151735203a">
<topic>OTRS -- Vulnerabilities in OTRS-Core allows read access to any file on local file system</topic>
<affects>
<package>
<name>otrs</name>
<range><gt>2.1.*</gt><lt>3.0.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OTRS Security Advisory reports:</p>
<blockquote cite="http://otrs.org/advisory/OSA-2011-03-en/">
<ul>
<li>An attacker with valid session and admin permissions could
get read access to any file on the servers local operating
system. For this it would be needed minimum one installed
OTRS package.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2746</cvename>
<url>http://otrs.org/advisory/OSA-2011-03-en/</url>
</references>
<dates>
<discovery>2011-08-16</discovery>
<entry>2011-08-18</entry>
</dates>
</vuln>
<vuln vid="834591a9-c82f-11e0-897d-6c626dd55a41">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>3.6.*,1</gt><lt>3.6.20,1</lt></range>
<range><gt>5.0.*,1</gt><lt>6.0,1</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><lt>2.3</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>3.6.20,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>3.1.12</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>3.1.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2011-29 Security issues addressed in Firefox 6</p>
<p>MFSA 2011-28 Security issues addressed in Firefox 3.6.20</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-29.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-30.html</url>
<cvename>CVE-2011-2982</cvename>
<cvename>CVE-2011-0084</cvename>
<cvename>CVE-2011-2981</cvename>
<cvename>CVE-2011-2378</cvename>
<cvename>CVE-2011-2984</cvename>
<cvename>CVE-2011-2980</cvename>
<cvename>CVE-2011-2983</cvename>
<cvename>CVE-2011-2989</cvename>
<cvename>CVE-2011-2991</cvename>
<cvename>CVE-2011-2992</cvename>
<cvename>CVE-2011-2985</cvename>
<cvename>CVE-2011-2993</cvename>
<cvename>CVE-2011-2988</cvename>
<cvename>CVE-2011-2987</cvename>
<cvename>CVE-2011-0084</cvename>
<cvename>CVE-2011-2990</cvename>
<cvename>CVE-2011-2986</cvename>
</references>
<dates>
<discovery>2011-08-16</discovery>
<entry>2011-08-16</entry>
</dates>
</vuln>
<vuln vid="56f4b3a6-c82c-11e0-a498-00215c6a37bb">
<topic>Samba -- cross site scripting and request forgery vulnerabilities</topic>
<affects>
<package>
<name>samba34</name>
<range><gt>3.4.*</gt><lt>3.4.14</lt></range>
</package>
<package>
<name>samba35</name>
<range><gt>3.5.*</gt><lt>3.5.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Samba security advisory reports:</p>
<blockquote cite="http://www.samba.org/samba/security/CVE-2011-2522">
<p>All current released versions of Samba are vulnerable to a
cross-site request forgery in the Samba Web Administration Tool
(SWAT). By tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is
possible to manipulate SWAT.</p>
</blockquote>
<blockquote cite="http://www.samba.org/samba/security/CVE-2011-2694">
<p>All current released versions of Samba are vulnerable to a
cross-site scripting issue in the Samba Web Administration Tool
(SWAT). On the "Change Password" field, it is possible to insert
arbitrary content into the "user" field.</p>
</blockquote>
</body>
</description>
<references>
<bid>48901</bid>
<bid>48899</bid>
<cvename>CVE-2011-2522</cvename>
<cvename>CVE-2011-2694</cvename>
</references>
<dates>
<discovery>2011-07-27</discovery>
<entry>2011-08-16</entry>
</dates>
</vuln>
<vuln vid="510b630e-c43b-11e0-916c-00e0815b8da8">
<topic>isc-dhcp-server -- server halt upon processing certain packets</topic>
<affects>
<package>
<name>isc-dhcp31-server</name>
<range><lt>3.1.ESV_1,1</lt></range>
</package>
<package>
<name>isc-dhcp41-server</name>
<range><lt>4.1.e_2,2</lt></range>
</package>
<package>
<name>isc-dhcp42-server</name>
<range><lt>4.2.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="http://www.isc.org/software/dhcp/advisories/cve-2011-2748">
<p>A pair of defects cause the server to halt upon processing
certain packets. The patch is to properly discard or process
those packets.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2748</cvename>
<cvename>CVE-2011-2749</cvename>
</references>
<dates>
<discovery>2011-08-10</discovery>
<entry>2011-08-13</entry>
</dates>
</vuln>
<vuln vid="dc8741b9-c5d5-11e0-8a8e-00151735203a">
<topic>bugzilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>bugzilla</name>
<range><ge>2.4.*</ge><lt>3.6.6</lt></range>
<range><ge>4.0.*</ge><lt>4.0.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Bugzilla Security Advisory reports:</p>
<blockquote cite="http://www.bugzilla.org/security/3.4.11/">
<p>The following security issues have been discovered in Bugzilla:</p>
<ul>
<li>Internet Explorer 8 and older, and Safari before 5.0.6 do
content sniffing when viewing a patch in "Raw Unified" mode,
which could trigger a cross-site scripting attack due to
the execution of malicious code in the attachment.</li>
<li>It is possible to determine whether or not certain group
names exist while creating or updating bugs.</li>
<li>Attachment descriptions with a newline in them could lead
to the injection of crafted headers in email notifications sent
to the requestee or the requester when editing an attachment
flag.</li>
<li>If an attacker has access to a user's session, he can modify
that user's email address without that user being notified
of the change.</li>
<li>Temporary files for uploaded attachments are not deleted
on Windows, which could let a user with local access to
the server read them.</li>
<li>Up to Bugzilla 3.4.11, if a BUGLIST cookie is compromised,
it can be used to inject HTML code when viewing a bug report,
leading to a cross-site scripting attack.</li>
</ul>
<p>All affected installations are encouraged to upgrade as soon as
possible.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2379</cvename>
<cvename>CVE-2011-2380</cvename>
<cvename>CVE-2011-2979</cvename>
<cvename>CVE-2011-2381</cvename>
<cvename>CVE-2011-2978</cvename>
<cvename>CVE-2011-2977</cvename>
<cvename>CVE-2011-2976</cvename>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=637981</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=653477</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=674497</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=657158</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=670868</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=660502</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=660053</url>
</references>
<dates>
<discovery>2011-08-04</discovery>
<entry>2011-08-13</entry>
</dates>
</vuln>
<vuln vid="879b0242-c5b6-11e0-abd1-0017f22d6707">
<topic>dtc -- multiple vulnerabilities</topic>
<affects>
<package>
<name>dtc</name>
<range><lt>0.32.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Ansgar Burchardt reports:</p>
<blockquote cite="http://www.debian.org/security/2011/dsa-2179">
<p>Ansgar Burchardt discovered several vulnerabilities in DTC, a
web control panel for admin and accounting hosting services:
The bw_per_moth.php graph contains an SQL injection
vulnerability; insufficient checks in bw_per_month.php can lead
to bandwidth usage information disclosure; after a registration,
passwords are sent in cleartext email messages and Authenticated
users could delete accounts using an obsolete interface which
was incorrectly included in the package.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0434</cvename>
<cvename>CVE-2011-0435</cvename>
<cvename>CVE-2011-0436</cvename>
<cvename>CVE-2011-0437</cvename>
<url>http://www.debian.org/security/2011/dsa-2179</url>
</references>
<dates>
<discovery>2011-03-02</discovery>
<entry>2011-08-13</entry>
</dates>
</vuln>
<vuln vid="304409c3-c3ef-11e0-8aa5-485d60cb5385">
<topic>libXfont -- possible local privilege escalation</topic>
<affects>
<package>
<name>libXfont</name>
<range><lt>1.4.4_1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tomas Hoger reports:</p>
<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=725760">
<p>The compress/ LZW decompress implentation does not correctly
handle compressed streams that contain code words that were not
yet added to the decompression table. This may lead to
arbitrary memory corruption. Successfull exploitation may
possible lead to a local privilege escalation.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2895</cvename>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=725760</url>
</references>
<dates>
<discovery>2011-07-26</discovery>
<entry>2011-08-11</entry>
<modified>2012-03-13</modified>
</dates>
</vuln>
<vuln vid="5d374b01-c3ee-11e0-8aa5-485d60cb5385">
<topic>freetype2 -- execute arbitrary code or cause denial of service</topic>
<affects>
<package>
<name>freetype2</name>
<range><lt>2.4.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Vincent Danen reports:</p>
<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0226">
<p>Due to an error within the t1_decoder_parse_charstrings()
function (src/psaux/t1decode.c) and can be exploited to corrupt
memory by tricking a user into processing a specially-crafted
postscript Type1 font in an application that uses the freetype
library.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0226</cvename>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0226</url>
</references>
<dates>
<discovery>2011-07-19</discovery>
<entry>2011-08-11</entry>
</dates>
</vuln>
<vuln vid="2c12ae0c-c38d-11e0-8eb7-001b2134ef46">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-flashplugin</name>
<range><le>9.0r289</le></range>
</package>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>10.3r183.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe Product Security Incident Response Team reports:</p>
<blockquote cite="https://www.adobe.com/support/security/bulletins/apsb11-21.html">
<p>Critical vulnerabilities have been identified in Adobe Flash
Player 10.3.181.36 and earlier versions for Windows, Macintosh,
Linux and Solaris, and Adobe Flash Player 10.3.185.25 and
earlier versions for Android. These vulnerabilities could
cause a crash and potentially allow an attacker to take control
of the affected system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2130</cvename>
<cvename>CVE-2011-2134</cvename>
<cvename>CVE-2011-2135</cvename>
<cvename>CVE-2011-2136</cvename>
<cvename>CVE-2011-2137</cvename>
<cvename>CVE-2011-2138</cvename>
<cvename>CVE-2011-2139</cvename>
<cvename>CVE-2011-2140</cvename>
<cvename>CVE-2011-2414</cvename>
<cvename>CVE-2011-2415</cvename>
<cvename>CVE-2011-2416</cvename>
<cvename>CVE-2011-2417</cvename>
<cvename>CVE-2011-2425</cvename>
<url>https://www.adobe.com/support/security/bulletins/apsb11-21.html</url>
</references>
<dates>
<discovery>2011-05-13</discovery>
<entry>2011-08-10</entry>
<modified>2012-11-05</modified>
</dates>
</vuln>
<vuln vid="30cb4522-b94d-11e0-8182-485d60cb5385">
<topic>libsoup -- unintentionally allow access to entire local filesystem</topic>
<affects>
<package>
<name>libsoup</name>
<range><lt>2.32.2_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Dan Winship reports:</p>
<blockquote cite="http://mail.gnome.org/archives/ftp-release-list/2011-July/msg00176.html">
<p>Fixed a security hole that caused some SoupServer users to
unintentionally allow accessing the entire local filesystem when
they thought they were only providing access to a single
directory.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2054</cvename>
<url>http://mail.gnome.org/archives/ftp-release-list/2011-July/msg00176.html</url>
<url>https://bugzilla.gnome.org/show_bug.cgi?id=653258</url>
</references>
<dates>
<discovery>2011-06-23</discovery>
<entry>2011-07-28</entry>
</dates>
</vuln>
<vuln vid="d79fc873-b5f9-11e0-89b4-001ec9578670">
<topic>phpmyadmin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><lt>3.4.3.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php">
<p>XSS in table Print view.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php">
<p>Via a crafted MIME-type transformation parameter, an attacker can
perform a local file inclusion.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php">
<p>In the 'relational schema' code a parameter was not sanitized before
being used to concatenate a class name.</p>
<p>The end result is a local file inclusion vulnerability and code
execution.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php">
<p>It was possible to manipulate the PHP session superglobal using
some of the Swekey authentication code.</p>
<p>This is very similar to PMASA-2011-5, documented in
7e4e5c53-a56c-11e0-b180-00216aa06fc2</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2642</cvename>
<cvename>CVE-2011-2643</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php</url>
</references>
<dates>
<discovery>2011-07-23</discovery>
<entry>2011-07-24</entry>
<modified>2011-07-28</modified>
</dates>
</vuln>
<vuln vid="9f14cb36-b6fc-11e0-a044-445c73746d79">
<topic>opensaml2 -- unauthenticated login</topic>
<affects>
<package>
<name>opensaml2</name>
<range><gt>0</gt><lt>2.4.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OpenSAML developer reports:</p>
<blockquote cite="http://shibboleth.internet2.edu/secadv/secadv_20110725.txt">
<p>The Shibboleth software relies on the OpenSAML libraries to
perform verification of signed XML messages such as attribute
queries or SAML assertions. Both the Java and C++ versions are
vulnerable to a so-called "wrapping attack" that allows a remote,
unauthenticated attacker to craft specially formed messages that
can be successfully verified, but contain arbitrary content.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1411</cvename>
<mlist msgid="CA530061.113D6%cantor.2@osu.edu">https://groups.google.com/a/shibboleth.net/group/announce/browse_thread/thread/cf3e0d76afbb57d9</mlist>
</references>
<dates>
<discovery>2011-07-25</discovery>
<entry>2011-07-25</entry>
</dates>
</vuln>
<vuln vid="9a777c23-b310-11e0-832d-00215c6a37bb">
<topic>rsync -- incremental recursion memory corruption vulnerability</topic>
<affects>
<package>
<name>rsync</name>
<range><gt>3.0</gt><lt>3.0.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>rsync development team reports:</p>
<blockquote cite="http://rsync.samba.org/ftp/rsync/src/rsync-3.0.8-NEWS">
<p>Fixed a data-corruption issue when preserving hard-links
without preserving file ownership, and doing deletions either
before or during the transfer (CVE-2011-1097). This
fixes some assert errors in the hard-linking code, and some
potential failed checksums (via -c) that should have matched.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1097</cvename>
<url>https://bugzilla.samba.org/show_bug.cgi?id=7936</url>
</references>
<dates>
<discovery>2011-04-08</discovery>
<entry>2011-07-20</entry>
</dates>
</vuln>
<vuln vid="fd64188d-a71d-11e0-89b4-001ec9578670">
<topic>BIND -- Remote DoS against authoritative and recursive servers</topic>
<affects>
<package>
<name>bind96</name>
<range><lt>9.6.3.1.ESV.R4.3</lt></range>
</package>
<package>
<name>bind97</name>
<range><lt>9.7.3.3</lt></range>
</package>
<package>
<name>bind98</name>
<range><lt>9.8.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="https://www.isc.org/software/bind/advisories/cve-2011-2464">
<p>A defect in the affected BIND 9 versions allows an attacker to
remotely cause the "named" process to exit using a specially
crafted packet.</p>
<p>This defect affects both recursive and authoritative servers.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2464</cvename>
<url>https://www.isc.org/software/bind/advisories/cve-2011-2464</url>
</references>
<dates>
<discovery>2011-07-05</discovery>
<entry>2011-07-05</entry>
</dates>
</vuln>
<vuln vid="4ccee784-a721-11e0-89b4-001ec9578670">
<topic>BIND -- Remote DoS with certain RPZ configurations</topic>
<affects>
<package>
<name>bind98</name>
<range><lt>9.8.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="https://www.isc.org/software/bind/advisories/cve-2011-2465">
<p>Two defects were discovered in ISC's BIND 9.8 code. These
defects only affect BIND 9.8 servers which have recursion
enabled and which use a specific feature of the software known
as Response Policy Zones (RPZ) and where the RPZ zone contains
a specific rule/action pattern.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2465</cvename>
<url>https://www.isc.org/software/bind/advisories/cve-2011-2465</url>
</references>
<dates>
<discovery>2011-07-05</discovery>
<entry>2011-07-05</entry>
</dates>
</vuln>
<vuln vid="7e4e5c53-a56c-11e0-b180-00216aa06fc2">
<topic>phpmyadmin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><lt>3.4.3.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php">
<p>It was possible to manipulate the PHP session superglobal using
some of the Swekey authentication code. This could open a path
for other attacks.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php">
<p>An unsanitized key from the Servers array is written in a comment
of the generated config. An attacker can modify this key by
modifying the SESSION superglobal array. This allows the attacker
to close the comment and inject code.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php">
<p>Through a possible bug in PHP running on Windows systems a NULL
byte can truncate the pattern string allowing an attacker to
inject the /e modifier causing the preg_replace function to
execute its second argument as PHP code.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php">
<p>Fixed filtering of a file path in the MIME-type transformation
code, which allowed for directory traversal.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2505</cvename>
<cvename>CVE-2011-2506</cvename>
<cvename>CVE-2011-2507</cvename>
<cvename>CVE-2011-2508</cvename>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php</url>
</references>
<dates>
<discovery>2011-07-02</discovery>
<entry>2011-07-03</entry>
<modified>2011-07-28</modified>
</dates>
</vuln>
<vuln vid="40544e8c-9f7b-11e0-9bec-6c626dd55a41">
<topic>Asterisk -- multiple vulnerabilities</topic>
<affects>
<package>
<name>asterisk14</name>
<range><gt>1.4.*</gt><lt>1.4.41.2</lt></range>
</package>
<package>
<name>asterisk16</name>
<range><gt>1.6.*</gt><lt>1.6.2.18.2</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><gt>1.8.*</gt><lt>1.8.4.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk Development Team reports:</p>
<blockquote cite="http://www.asterisk.org/node/51650">
<p>AST-2011-008: If a remote user sends a SIP packet containing a
NULL, Asterisk assumes available data extends past the null to
the end of the packet when the buffer is actually truncated when
copied. This causes SIP header parsing to modify data past the
end of the buffer altering unrelated memory structures. This
vulnerability does not affect TCP/TLS connections.</p>
<p>AST-2011-009: A remote user sending a SIP packet containing a
Contact header with a missing left angle bracket causes Asterisk
to access a null pointer.</p>
<p>AST-2011-010: A memory address was inadvertently transmitted
over the network via IAX2 via an option control frame and the
remote party would try to access it.</p>
<p>Possible enumeration of SIP users due to differing
authentication responses.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2529</cvename>
<cvename>CVE-2011-2535</cvename>
<cvename>CVE-2011-2536</cvename>
<url>http://downloads.asterisk.org/pub/security/AST-2011-008.html</url>
<url>http://downloads.asterisk.org/pub/security/AST-2011-009.html</url>
<url>http://downloads.asterisk.org/pub/security/AST-2011-010.html</url>
<url>http://downloads.asterisk.org/pub/security/AST-2011-011.html</url>
</references>
<dates>
<discovery>2011-06-24</discovery>
<entry>2011-06-25</entry>
<modified>2011-06-29</modified>
</dates>
</vuln>
<vuln vid="01d3ab7d-9c43-11e0-bc0f-0014a5e3cda6">
<topic>ejabberd -- remote denial of service vulnerability</topic>
<affects>
<package>
<name>ejabberd</name>
<range><lt>2.1.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>It's reported in CVE advisory that:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1753">
<p>expat_erl.c in ejabberd before 2.1.7 and 3.x before
3.0.0-alpha-3, and exmpp before 0.9.7, does not properly detect
recursion during entity expansion, which allows remote attackers
to cause a denial of service (memory and CPU consumption) via a
crafted XML document containing a large number of nested entity
references, a similar issue to CVE-2003-1564.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1753</cvename>
<url>http://www.ejabberd.im/ejabberd-2.1.7</url>
</references>
<dates>
<discovery>2011-04-27</discovery>
<entry>2011-06-24</entry>
</dates>
</vuln>
<vuln vid="dfe40cff-9c3f-11e0-9bec-6c626dd55a41">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>3.5.*,1</gt><lt>3.5.20,1</lt></range>
<range><gt>3.6.*,1</gt><lt>3.6.18,1</lt></range>
<range><gt>4.0.*,1</gt><lt>5.0,1</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>3.6.18,1</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>3.1.11</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><lt>3.1.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2011-19 Miscellaneous memory safety hazards
(rv:3.0/1.9.2.18)</p>
<p>MFSA 2011-20 Use-after-free vulnerability when viewing XUL
document with script disabled</p>
<p>MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace
images</p>
<p>MFSA 2011-22 Integer overflow and arbitrary code execution in
Array.reduceRight()</p>
<p>MFSA 2011-23 Multiple dangling pointer vulnerabilities</p>
<p>MFSA 2011-24 Cookie isolation error</p>
<p>MFSA 2011-25 Stealing of cross-domain images using WebGL
textures</p>
<p>MFSA 2011-26 Multiple WebGL crashes</p>
<p>MFSA 2011-27 XSS encoding hazard with inline SVG</p>
<p>MFSA 2011-28 Non-whitelisted site can trigger xpinstall</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-19.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-20.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-21.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-22.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-23.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-24.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-25.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-26.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-27.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-28.html</url>
</references>
<dates>
<discovery>2011-06-21</discovery>
<entry>2011-06-21</entry>
<modified>2011-06-23</modified>
</dates>
</vuln>
<vuln vid="bfdbc7ec-9c3f-11e0-9bec-6c626dd55a41">
<topic>Samba -- Denial of service - memory corruption</topic>
<affects>
<package>
<name>samba34</name>
<range><gt>3.4.*</gt><lt>3.4.12</lt></range>
</package>
<package>
<name>samba35</name>
<range><gt>3.5.*</gt><lt>3.5.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Samba team reports:</p>
<blockquote cite="http://www.samba.org/samba/security/CVE-2011-0719.html">
<p>Samba is vulnerable to a denial of service, caused by a memory
corruption error related to missing range checks on file
descriptors being used in the "FD_SET" macro. By performing a
select on a bad file descriptor set, a remote attacker could
exploit this vulnerability to cause the application to crash or
possibly execute arbitrary code on the system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0719</cvename>
<url>http://www.samba.org/samba/security/CVE-2011-0719.html</url>
<url>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0719</url>
</references>
<dates>
<discovery>2011-02-28</discovery>
<entry>2011-06-21</entry>
</dates>
</vuln>
<vuln vid="23c8423e-9bff-11e0-8ea2-0019d18c446a">
<topic>Piwik -- remote command execution vulnerability</topic>
<affects>
<package>
<name>piwik</name>
<range><ge>1.2</ge><lt>1.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Piwik security advisory reports:</p>
<blockquote cite="http://piwik.org/blog/2011/06/piwik-1-5-security-advisory/">
<p>The Piwik 1.5 release addresses a critical security
vulnerability, which affect all Piwik users that have let
granted some access to the "anonymous" user.</p>
<p>Piwik contains a remotely exploitable vulnerability that could
allow a remote attacker to execute arbitrary code. Only
installations that have granted untrusted view access to their
stats (ie. grant "view" access to a website to anonymous) are
at risk.</p>
</blockquote>
</body>
</description>
<references>
<freebsdpr>ports/158084</freebsdpr>
<url>http://piwik.org/blog/2011/06/piwik-1-5-security-advisory/</url>
</references>
<dates>
<discovery>2011-06-21</discovery>
<entry>2011-06-21</entry>
</dates>
</vuln>
<vuln vid="0b535cd0-9b90-11e0-800a-00215c6a37bb">
<topic>Dokuwiki -- cross site scripting vulnerability</topic>
<affects>
<package>
<name>dokuwiki</name>
<range><lt>20110525a</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Dokuwiki reports:</p>
<blockquote cite="http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind">
<p>We just released a Hotfix Release "2011-05-25a Rincewind".
It contains the following changes:</p>
<p>Security fix for a Cross Site Scripting vulnerability.
Malicious users could abuse DokuWiki's RSS embedding mechanism
to create links containing arbitrary JavaScript. Note: this
security problem is present in at least Anteater and Rincewind
but probably in older releases as well.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind</url>
</references>
<dates>
<discovery>2011-06-14</discovery>
<entry>2011-06-20</entry>
</dates>
</vuln>
<vuln vid="55a528e8-9787-11e0-b24a-001b2134ef46">
<topic>linux-flashplugin -- remote code execution vulnerability</topic>
<affects>
<package>
<name>linux-flashplugin</name>
<range><le>9.0r289</le></range>
</package>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>10.3r181.26</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe Product Security Incident Response Team reports:</p>
<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb11-18.html">
<p>A critical vulnerability has been identified in Adobe Flash
Player 10.3.181.23 and earlier versions for Windows, Macintosh,
Linux and Solaris, and Adobe Flash Player 10.3.185.23 and
earlier versions for Android. This memory corruption
vulnerability (CVE-2011-2110) could cause a crash and
potentially allow an attacker to take control of the affected
system. There are reports that this vulnerability is being
exploited in the wild in targeted attacks via malicious Web
pages.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2110</cvename>
<url>http://www.adobe.com/support/security/bulletins/apsb11-18.html</url>
</references>
<dates>
<discovery>2011-05-13</discovery>
<entry>2011-06-15</entry>
</dates>
</vuln>
<vuln vid="3145faf1-974c-11e0-869e-000c29249b2e">
<topic>ikiwiki -- tty hijacking via ikiwiki-mass-rebuild</topic>
<affects>
<package>
<name>ikiwiki</name>
<range><lt>3.20110608</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The IkiWiki development team reports:</p>
<blockquote cite="http://ikiwiki.info/security/#index40h2">
<p>Ludwig Nussel discovered a way for users to hijack root's tty
when ikiwiki-mass-rebuild was run. Additionally, there was
some potential for information disclosure via symlinks.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1408</cvename>
<url>http://ikiwiki.info/security/#index40h2</url>
</references>
<dates>
<discovery>2011-06-08</discovery>
<entry>2011-06-15</entry>
</dates>
</vuln>
<vuln vid="57573136-920e-11e0-bdc9-001b2134ef46">
<topic>linux-flashplugin -- cross-site scripting vulnerability</topic>
<affects>
<package>
<name>linux-flashplugin</name>
<range><le>9.0r289</le></range>
</package>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>10.3r181.22</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe Product Security Incident Response Team reports:</p>
<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb11-13.html">
<p>An important vulnerability has been identified in Adobe
Flash Player 10.3.181.16 and earlier versions for Windows,
Macintosh, Linux and Solaris, and Adobe Flash Player
10.3.185.22 and earlier versions for Android. This universal
cross-site scripting vulnerability (CVE-2011-2107) could be
used to take actions on a user's behalf on any website or
webmail provider, if the user visits a malicious website.
There are reports that this vulnerability is being exploited
in the wild in active targeted attacks designed to trick
the user into clicking on a malicious link delivered in an
email message.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2107</cvename>
<url>http://www.adobe.com/support/security/bulletins/apsb11-13.html</url>
</references>
<dates>
<discovery>2011-05-13</discovery>
<entry>2011-06-08</entry>
</dates>
</vuln>
<vuln vid="1e1421f0-8d6f-11e0-89b4-001ec9578670">
<topic>BIND -- Large RRSIG RRsets and Negative Caching DoS</topic>
<affects>
<package>
<name>bind9-sdb-ldap</name>
<name>bind9-sdb-postgresql</name>
<range><lt>9.4.3.4</lt></range>
</package>
<package>
<name>bind96</name>
<range><lt>9.6.3.1.ESV.R4.1</lt></range>
</package>
<package>
<name>bind97</name>
<range><lt>9.7.3.1</lt></range>
</package>
<package>
<name>bind98</name>
<range><lt>9.8.0.2</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>7.3</ge><lt>7.3_6</lt></range>
<range><ge>7.4</ge><lt>7.4_2</lt></range>
<range><ge>8.1</ge><lt>8.1_4</lt></range>
<range><ge>8.2</ge><lt>8.2_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="http://www.isc.org/software/bind/advisories/cve-2011-1910">
<p>A BIND 9 DNS server set up to be a caching resolver is
vulnerable to a user querying a domain with very large resource
record sets (RRSets) when trying to negatively cache a response.
This can cause the BIND 9 DNS server (named process) to crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1910</cvename>
<freebsdsa>SA-11:02.bind</freebsdsa>
<url>http://www.isc.org/software/bind/advisories/cve-2011-1910</url>
</references>
<dates>
<discovery>2011-05-26</discovery>
<entry>2011-06-04</entry>
<modified>2016-08-09</modified>
</dates>
</vuln>
<vuln vid="f7d838f2-9039-11e0-a051-080027ef73ec">
<topic>fetchmail -- STARTTLS denial of service</topic>
<affects>
<package>
<name>fetchmail</name>
<range><lt>6.3.20</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Matthias Andree reports:</p>
<blockquote cite="http://www.fetchmail.info/fetchmail-SA-2011-01.txt">
<p>Fetchmail version 5.9.9 introduced STLS support for POP3,
version 6.0.0 added STARTTLS for IMAP. However, the actual
S(TART)TLS-initiated in-band SSL/TLS negotiation was not guarded
by a timeout.</p>
<p>Depending on the operating system defaults as to TCP stream
keepalive mode, fetchmail hangs in excess of one week after
sending STARTTLS were observed if the connection failed without
notifying the operating system, for instance, through network
outages or hard server crashes.</p>
<p>A malicious server that does not respond, at the network level,
after acknowledging fetchmail's STARTTLS or STLS request, can
hold fetchmail in this protocol state, and thus render fetchmail
unable to complete the poll, or proceed to the next server,
effecting a denial of service.</p>
<p>SSL-wrapped mode on dedicated ports was unaffected by this
problem, so can be used as a workaround.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1947</cvename>
<url>http://www.fetchmail.info/fetchmail-SA-2011-01.txt</url>
<url>https://gitorious.org/fetchmail/fetchmail/commit/7dc67b8cf06f74aa57525279940e180c99701314</url>
</references>
<dates>
<discovery>2011-04-28</discovery>
<entry>2011-06-06</entry>
</dates>
</vuln>
<vuln vid="34ce5817-8d56-11e0-b5a2-6c626dd55a41">
<topic>asterisk -- Remote crash vulnerability</topic>
<affects>
<package>
<name>asterisk18</name>
<range><gt>1.8.*</gt><lt>1.8.4.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk Development Team reports:</p>
<blockquote cite="http://lists.digium.com/pipermail/asterisk-announce/2011-June/000325.html">
<p>If a remote user initiates a SIP call and the recipient picks
up, the remote user can reply with a malformed Contact header
that Asterisk will improperly handle and cause a crash due to a
segmentation fault.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-2216</cvename>
<url>http://downloads.asterisk.org/pub/security/AST-2011-007.pdf</url>
</references>
<dates>
<discovery>2011-06-02</discovery>
<entry>2011-06-02</entry>
</dates>
</vuln>
<vuln vid="e27a1af3-8d21-11e0-a45d-001e8c75030d">
<topic>Subversion -- multiple vulnerabilities</topic>
<affects>
<package>
<name>subversion</name>
<range><lt>1.6.17</lt></range>
</package>
<package>
<name>subversion-freebsd</name>
<range><lt>1.6.17</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Subversion team reports:</p>
<blockquote cite="http://subversion.apache.org/security/CVE-2011-1752-advisory.txt">
<p>Subversion's mod_dav_svn Apache HTTPD server module will
dereference a NULL pointer if asked to deliver baselined WebDAV
resources.</p>
<p>This can lead to a DoS. An exploit has been tested, and tools
or users have been observed triggering this problem in the
wild.</p>
</blockquote>
<blockquote cite="http://subversion.apache.org/security/CVE-2011-1783-advisory.txt">
<p>Subversion's mod_dav_svn Apache HTTPD server module may in
certain scenarios enter a logic loop which does not exit and
which allocates memory in each iteration, ultimately exhausting
all the available memory on the server.</p>
<p>This can lead to a DoS. There are no known instances of this
problem being observed in the wild, but an exploit has been
tested.</p>
</blockquote>
<blockquote cite="http://subversion.apache.org/security/CVE-2011-1921-advisory.txt">
<p>Subversion's mod_dav_svn Apache HTTPD server module may leak to
remote users the file contents of files configured to be
unreadable by those users.</p>
<p>There are no known instances of this problem being observed in
the wild, but an exploit has been tested.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1752</cvename>
<cvename>CVE-2011-1783</cvename>
<cvename>CVE-2011-1921</cvename>
</references>
<dates>
<discovery>2011-05-28</discovery>
<entry>2011-06-02</entry>
</dates>
</vuln>
<vuln vid="1acf9ec5-877d-11e0-b937-001372fd0af2">
<topic>drupal6 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>drupal6</name>
<range><lt>6.22</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Drupal Team reports:</p>
<blockquote cite="http://drupal.org/node/1168756">
<p>A reflected cross site scripting vulnerability was discovered
in Drupal's error handler. Drupal displays PHP errors in the
messages area, and a specially crafted URL can cause malicious
scripts to be injected into the message. The issue can be
mitigated by disabling on-screen error display at admin /
settings / error-reporting. This is the recommended setting
for production sites.</p>
<p>When using re-colorable themes, color inputs are not sanitized.
Malicious color values can be used to insert arbitrary CSS and
script code. Successful exploitation requires the "Administer
themes" permission.</p>
</blockquote>
</body>
</description>
<references>
<url>http://drupal.org/node/1168756</url>
</references>
<dates>
<discovery>2011-05-25</discovery>
<entry>2011-05-26</entry>
</dates>
</vuln>
<vuln vid="e4833927-86e5-11e0-a6b4-000a5e1e33c6">
<topic>Erlang -- ssh library uses a weak random number generator</topic>
<affects>
<package>
<name>erlang</name>
<range><lt>r14b03</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>US-CERT reports:</p>
<blockquote cite="http://www.kb.cert.org/vuls/id/178990">
<p>The Erlang/OTP ssh library implements a number of
cryptographic operations that depend on cryptographically
strong random numbers. Unfortunately the RNG used by the
library is not cryptographically strong, and is further
weakened by the use of predictable seed material. The RNG
(Wichman-Hill) is not mixed with an entropy source.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0766</cvename>
<url>http://www.erlang.org/download/otp_src_R14B03.readme</url>
<url>https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5</url>
</references>
<dates>
<discovery>2011-05-25</discovery>
<entry>2011-05-25</entry>
</dates>
</vuln>
<vuln vid="dc96ac1f-86b1-11e0-9e85-00215af774f0">
<topic>Unbound -- an empty error packet handling assertion failure</topic>
<affects>
<package>
<name>unbound</name>
<range><lt>1.4.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Unbound developer reports:</p>
<blockquote cite="http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt">
<p>NLnet Labs was notified of an error in Unbound's code-path
for error replies which is triggered under special conditions.
The error causes the program to abort.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1922</cvename>
<url>http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt</url>
</references>
<dates>
<discovery>2011-05-25</discovery>
<entry>2011-05-25</entry>
</dates>
</vuln>
<vuln vid="115a1389-858e-11e0-a76c-000743057ca2">
<topic>Pubcookie Login Server -- XSS vulnerability</topic>
<affects>
<package>
<name>pubcookie-login-server</name>
<range><lt>3.3.2d</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Nathan Dors, Pubcookie Project reports:</p>
<blockquote cite="http://pubcookie.org/news/20070606-login-secadv.html">
<p>A new non-persistent XSS vulnerability was found in the
Pubcookie login server's compiled binary "index.cgi" CGI
program. The CGI program mishandles untrusted data when
printing responses to the browser. This makes the program
vulnerable to carefully crafted requests containing script
or HTML. If an attacker can lure an unsuspecting user to
visit carefully staged content, the attacker can use it to
redirect the user to his or her local Pubcookie login page
and attempt to exploit the XSS vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<url>http://pubcookie.org/news/20070606-login-secadv.html</url>
</references>
<dates>
<discovery>2007-05-25</discovery>
<entry>2011-05-23</entry>
</dates>
</vuln>
<vuln vid="1ca8228f-858d-11e0-a76c-000743057ca2">
<topic>mod_pubcookie -- Empty Authentication Security Advisory</topic>
<affects>
<package>
<name>ap20-mod_pubcookie</name>
<range><ge>3.1.0</ge><lt>3.3.2b</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Nathan Dors, Pubcookie Project reports:</p>
<blockquote cite="http://pubcookie.org/news/20061106-empty-auth-secadv.html">
<p>An Abuse of Functionality vulnerability in the Pubcookie
authentication process was found. This vulnerability allows an
attacker to appear as if he or she were authenticated using an
empty userid when such a userid isn't expected. Unauthorized
access to web content and applications may result where access
is restricted to users who can authenticate successfully but
where no additional authorization is performed after
authentication.</p>
</blockquote>
</body>
</description>
<references>
<url>http://pubcookie.org/news/20061106-empty-auth-secadv.html</url>
</references>
<dates>
<discovery>2006-10-04</discovery>
<entry>2011-05-23</entry>
</dates>
</vuln>
<vuln vid="7af2fb85-8584-11e0-96b7-00300582f9fc">
<topic>ViewVC -- user-reachable override of cvsdb row limit</topic>
<affects>
<package>
<name>viewvc</name>
<range><lt>1.1.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ViewVC.org reports:</p>
<blockquote cite="http://viewvc.tigris.org/source/browse/viewvc/trunk/CHANGES?r1=2536&r2=2574">
<p>Security fix: remove user-reachable override of cvsdb row limit.</p>
</blockquote>
</body>
</description>
<references>
<url>http://viewvc.tigris.org/source/browse/*checkout*/viewvc/branches/1.1.x/CHANGES</url>
</references>
<dates>
<discovery>2011-05-17</discovery>
<entry>2011-05-23</entry>
</dates>
</vuln>
<vuln vid="99a5590c-857e-11e0-96b7-00300582f9fc">
<topic>Apache APR -- DoS vulnerabilities</topic>
<affects>
<package>
<name>apr1</name>
<range><lt>1.4.5.1.3.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache Portable Runtime Project reports:</p>
<blockquote cite="http://www.apache.org/dist/apr/CHANGES-APR-1.4">
<p>A flaw was discovered in the apr_fnmatch() function in the
Apache Portable Runtime (APR) library 1.4.4 (or any backported
versions that contained the upstream fix for CVE-2011-0419).
This could cause httpd workers to enter a hung state (100% CPU
utilization).</p>
<p>apr-util 1.3.11 could cause crashes with httpd's
mod_authnz_ldap in some situations.</p>
</blockquote>
</body>
</description>
<references>
<bid>47929</bid>
<cvename>CVE-2011-1928</cvename>
<cvename>CVE-2011-0419</cvename>
<url>http://www.apache.org/dist/apr/Announcement1.x.html</url>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1928</url>
</references>
<dates>
<discovery>2011-05-19</discovery>
<entry>2011-05-23</entry>
</dates>
</vuln>
<vuln vid="d226626c-857f-11e0-95cc-001b2134ef46">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-flashplugin</name>
<range><le>9.0r289</le></range>
</package>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>10.3r181.14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe Product Security Incident Response Team reports:</p>
<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb11-12.html">
<p>Critical vulnerabilities have been identified in Adobe Flash
Player 10.2.159.1 and earlier versions (Adobe Flash Player
10.2.154.28 and earlier for Chrome users) for Windows,
Macintosh, Linux and Solaris, and Adobe Flash Player 10.2.157.51
and earlier versions for Android. These vulnerabilities could
cause the application to crash and could potentially allow an
attacker to take control of the affected system. There are
reports of malware attempting to exploit one of the
vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf)
file embedded in a Microsoft Word (.doc) or Microsoft Excel
(.xls) file delivered as an email attachment targeting the
Windows platform. However, to date, Adobe has not obtained a
sample that successfully completes an attack.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0579</cvename>
<cvename>CVE-2011-0618</cvename>
<cvename>CVE-2011-0619</cvename>
<cvename>CVE-2011-0620</cvename>
<cvename>CVE-2011-0621</cvename>
<cvename>CVE-2011-0622</cvename>
<cvename>CVE-2011-0623</cvename>
<cvename>CVE-2011-0624</cvename>
<cvename>CVE-2011-0625</cvename>
<cvename>CVE-2011-0626</cvename>
<cvename>CVE-2011-0627</cvename>
<url>http://www.adobe.com/support/security/bulletins/apsb11-12.html</url>
</references>
<dates>
<discovery>2011-01-20</discovery>
<entry>2011-05-23</entry>
</dates>
</vuln>
<vuln vid="e666498a-852a-11e0-8f78-080027ef73ec">
<topic>Opera -- code injection vulnerability through broken frameset handling</topic>
<affects>
<package><name>opera</name><range><lt>11.11</lt></range></package>
<package><name>opera-devel</name><range><lt>11.11</lt></range></package>
<package><name>linux-opera</name><range><lt>11.11</lt></range></package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Opera Software ASA reports:</p>
<blockquote cite="http://www.opera.com/docs/changelogs/unix/1111/">
<p>Fixed an issue with framesets that could allow execution of
arbitrary code, as reported by an anonymous contributor working
with the SecuriTeam Secure Disclosure program.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.opera.com/docs/changelogs/unix/1111/</url>
<url>http://www.opera.com/support/kb/view/992/</url>
</references>
<dates>
<discovery>2011-05-18</discovery>
<entry>2011-05-23</entry>
</dates>
</vuln>
<vuln vid="1495f931-8522-11e0-a1c1-00215c6a37bb">
<topic>pureftpd -- multiple vulnerabilities</topic>
<affects>
<package>
<name>pure-ftpd</name>
<range><lt>1.0.32</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Pure-FTPd development team reports:</p>
<blockquote cite="http://www.pureftpd.org/project/pure-ftpd/news">
<p>Support for braces expansion in directory listings has been
disabled -- Cf. CVE-2011-0418.</p>
<p>Fix a STARTTLS flaw similar to Postfix's CVE-2011-0411.
If you're using TLS, upgrading is recommended.</p>
</blockquote>
</body>
</description>
<references>
<bid>46767</bid>
<cvename>CVE-2011-0418</cvename>
<cvename>CVE-2011-1575</cvename>
</references>
<dates>
<discovery>2011-04-01</discovery>
<entry>2011-05-23</entry>
</dates>
</vuln>
<vuln vid="36594c54-7be7-11e0-9838-0022156e8794">
<topic>Exim -- remote code execution and information disclosure</topic>
<affects>
<package>
<name>exim</name>
<range><ge>4.70</ge><lt>4.76</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Release notes for Exim 4.76 says:</p>
<blockquote cite="ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.76">
<p>Bugzilla 1106: CVE-2011-1764 - DKIM log line was subject to
a format-string attack -- SECURITY: remote arbitrary code
execution.</p>
<p>DKIM signature header parsing was double-expanded, second
time unintentionally subject to list matching rules, letting
the header cause arbitrary Exim lookups (of items which can
occur in lists, *not* arbitrary string expansion). This
allowed for information disclosure.</p>
</blockquote>
<p>Also, impact assessment was redone shortly after the original
announcement:</p>
<blockquote cite="https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html">
<p>Further analysis revealed that the second security was
more severe than I realised at the time that I wrote the
announcement. The second security issue has been assigned
CVE-2011-1407 and is also a remote code execution flaw.
For clarity: both issues were introduced with 4.70.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1764</cvename>
<cvename>CVE-2011-1407</cvename>
<mlist msgid="20110512102909.GA58484@redoubt.spodhuis.org">https://lists.exim.org/lurker/message/20110512.102909.8136175a.en.html</mlist>
<url>http://bugs.exim.org/show_bug.cgi?id=1106</url>
</references>
<dates>
<discovery>2011-05-10</discovery>
<entry>2011-05-14</entry>
</dates>
</vuln>
<vuln vid="00b296b6-7db1-11e0-96b7-00300582f9fc">
<topic>Apache APR -- DoS vulnerabilities</topic>
<affects>
<package>
<name>apr1</name>
<range><lt>1.4.4.1.3.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache Portable Runtime Project reports:</p>
<blockquote cite="http://www.apache.org/dist/apr/CHANGES-APR-1.4">
<p>Note especially a security fix to APR 1.4.4, excessive CPU
consumption was possible due to an unconstrained, recursive
invocation of apr_fnmatch, as apr_fnmatch processed '*' wildcards.
Reimplement apr_fnmatch() from scratch using a non-recursive
algorithm now has improved compliance with the fnmatch() spec.
(William Rowe)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0419</cvename>
<url>http://www.apache.org/dist/apr/Announcement1.x.html</url>
</references>
<dates>
<discovery>2011-05-10</discovery>
<entry>2011-05-12</entry>
</dates>
</vuln>
<vuln vid="34e8ccf5-7d71-11e0-9d83-000c29cc39d3">
<topic>Zend Framework -- potential SQL injection when using PDO_MySql</topic>
<affects>
<package>
<name>ZendFramework</name>
<range><lt>1.11.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Zend Framework team reports:</p>
<blockquote cite="http://framework.zend.com/security/advisory/ZF2011-02">
<p>Developers using non-ASCII-compatible encodings in conjunction
with the MySQL PDO driver of PHP may be vulnerable to SQL
injection attacks. Developers using ASCII-compatible encodings
like UTF8 or latin1 are not affected by this PHP issue.</p>
</blockquote>
</body>
</description>
<references>
<url>http://framework.zend.com/security/advisory/ZF2011-02</url>
<url>http://zend-framework-community.634137.n4.nabble.com/Zend-Framework-1-11-6-and-1-10-9-released-td3503741.html</url>
</references>
<dates>
<discovery>2011-05-06</discovery>
<entry>2011-05-13</entry>
</dates>
</vuln>
<vuln vid="3fadb7c6-7b0a-11e0-89b4-001ec9578670">
<topic>mediawiki -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mediawiki</name>
<range><lt>1.16.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mediawiki reports:</p>
<blockquote cite="http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html">
<p>(Bug 28534) XSS vulnerability for IE 6 clients. This is the
third attempt at fixing bug 28235.</p>
<p>(Bug 28639) Potential privilege escalation when
$wgBlockDisablesLogin is enabled.</p>
</blockquote>
</body>
</description>
<references>
<url>https://bugzilla.wikimedia.org/show_bug.cgi?id=28534</url>
<url>https://bugzilla.wikimedia.org/show_bug.cgi?id=28639</url>
<url>http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html</url>
<url>http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_5/phase3/RELEASE-NOTES</url>
</references>
<dates>
<discovery>2011-04-14</discovery>
<entry>2011-05-12</entry>
</dates>
</vuln>
<vuln vid="3eb2c100-738b-11e0-89f4-001e90d46635">
<topic>Postfix -- memory corruption vulnerability</topic>
<affects>
<package>
<name>postfix</name>
<name>postfix-base</name>
<range><ge>2.8.*,1</ge><lt>2.8.3,1</lt></range>
<range><ge>2.7.*,1</ge><lt>2.7.4,1</lt></range>
<range><ge>2.6.*,1</ge><lt>2.6.10,1</lt></range>
<range><ge>2.5.*,2</ge><lt>2.5.13,2</lt></range>
<range><le>2.4.16,1</le></range>
</package>
<package>
<name>postfix-current</name>
<name>postfix-current-base</name>
<range><lt>2.9.20110501,4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Postfix SMTP server has a memory corruption error, when the
Cyrus SASL library is used with authentication mechanisms other
than PLAIN and LOGIN (ANONYMOUS is not affected, but should not
be used for other reasons). This memory corruption is known to
result in a program crash (SIGSEV).</p>
</body>
</description>
<references>
<cvename>CVE-2011-1720</cvename>
<url>http://www.postfix.org/CVE-2011-1720.html</url>
</references>
<dates>
<discovery>2011-05-09</discovery>
<entry>2011-05-09</entry>
</dates>
</vuln>
<vuln vid="04b7d46c-7226-11e0-813a-6c626dd55a41">
<topic>Mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>3.6.*,1</gt><lt>3.6.17,1</lt></range>
<range><gt>3.5.*,1</gt><lt>3.5.19,1</lt></range>
<range><gt>4.0.*,1</gt><lt>4.0.1,1</lt></range>
</package>
<package>
<name>libxul</name>
<range><gt>1.9.2.*</gt><lt>1.9.2.17</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>3.6.17,1</lt></range>
</package>
<package>
<name>linux-firefox-devel</name>
<range><lt>3.5.19</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><gt>2.0.*</gt><lt>2.0.14</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><gt>2.0.*</gt><lt>2.0.14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2011-12 Miscellaneous memory safety hazards</p>
<p>MFSA 2011-13 Multiple dangling pointer vulnerabilities</p>
<p>MFSA 2011-14 Information stealing via form history</p>
<p>MFSA 2011-15 Escalation of privilege through Java Embedding Plugin</p>
<p>MFSA 2011-16 Directory traversal in resource: protocol</p>
<p>MFSA 2011-17 WebGLES vulnerabilities</p>
<p>MFSA 2011-18 XSLT generate-id() function heap address leak</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-12.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-13.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-14.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-15.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-16.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-17.html</url>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-18.html</url>
</references>
<dates>
<discovery>2011-04-28</discovery>
<entry>2011-04-29</entry>
</dates>
</vuln>
<vuln vid="3c7d565a-6c64-11e0-813a-6c626dd55a41">
<topic>Asterisk -- multiple vulnerabilities</topic>
<affects>
<package>
<name>asterisk14</name>
<range><gt>1.4.*</gt><lt>1.4.40.1</lt></range>
</package>
<package>
<name>asterisk16</name>
<range><gt>1.6.*</gt><lt>1.6.2.17.3</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><gt>1.8.*</gt><lt>1.8.3.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk Development Team reports:</p>
<blockquote cite="http://lists.digium.com/pipermail/asterisk-announce/2011-April/000316.html">
<p>It is possible for a user of the Asterisk Manager Interface to
bypass a security check and execute shell commands when they
should not have that ability. Sending the "Async" header with
the "Application" header during an Originate action, allows
authenticated manager users to execute shell commands. Only
users with the "system" privilege should be able to do this.</p>
<p>On systems that have the Asterisk Manager Interface, Skinny, SIP
over TCP, or the built in HTTP server enabled, it is possible for
an attacker to open as many connections to asterisk as he wishes.
This will cause Asterisk to run out of available file descriptors
and stop processing any new calls. Additionally, disk space can
be exhausted as Asterisk logs failures to open new file
descriptors.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1507</cvename>
<url>http://downloads.asterisk.org/pub/security/AST-2011-005.pdf</url>
<url>http://downloads.asterisk.org/pub/security/AST-2011-006.pdf</url>
</references>
<dates>
<discovery>2011-04-21</discovery>
<entry>2011-04-21</entry>
</dates>
</vuln>
<vuln vid="6a4bfe75-692a-11e0-bce7-001eecdd401a">
<topic>VLC -- Heap corruption in MP4 demultiplexer</topic>
<affects>
<package>
<name>vlc</name>
<range><ge>1.0.0</ge><lt>1.1.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>VideoLAN project reports:</p>
<blockquote cite="http://www.videolan.org/security/sa1103.html">
<p>When parsing some MP4 (MPEG-4 Part 14) files, insufficient
buffer size might lead to corruption of the heap.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.videolan.org/security/sa1103.html</url>
</references>
<dates>
<discovery>2011-04-07</discovery>
<entry>2011-04-17</entry>
</dates>
</vuln>
<vuln vid="32b05547-6913-11e0-bdc4-001b2134ef46">
<topic>linux-flashplugin -- remote code execution vulnerability</topic>
<affects>
<package>
<name>linux-flashplugin</name>
<range><le>9.0r289</le></range>
</package>
<package>
<name>linux-f10-flashplugin</name>
<range><lt>10.2r159.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe Product Security Incident Response Team reports:</p>
<blockquote cite="http://www.adobe.com/support/security/advisories/apsa11-02.html">
<p>A critical vulnerability exists in Flash Player 10.2.153.1
and earlier versions (Adobe Flash Player 10.2.154.25 and
earlier for Chrome users) for Windows, Macintosh, Linux
and Solaris, Adobe Flash Player 10.2.156.12 and earlier
versions for Android, and the Authplay.dll component that
ships with Adobe Reader and Acrobat X (10.0.2) and earlier
10.x and 9.x versions for Windows and Macintosh operating
systems.</p>
<p>This vulnerability (CVE-2011-0611) could cause a crash
and potentially allow an attacker to take control of the
affected system. There are reports that this vulnerability
is being exploited in the wild in targeted attacks via a
malicious Web page or a Flash (.swf) file embedded in a
Microsoft Word (.doc) or Microsoft Excel (.xls) file
delivered as an email attachment, targeting the Windows
platform. At this time, Adobe is not aware of any attacks
via PDF targeting Adobe Reader and Acrobat. Adobe Reader
X Protected Mode mitigations would prevent an exploit of
this kind from executing.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0611</cvename>
<url>http://www.adobe.com/support/security/advisories/apsa11-02.html</url>
</references>
<dates>
<discovery>2011-01-20</discovery>
<entry>2011-04-17</entry>
</dates>
</vuln>
<vuln vid="bf171509-68dd-11e0-afe6-0003ba02bf30">
<topic>rt -- multiple vulnerabilities</topic>
<affects>
<package>
<name>rt36</name>
<range><lt>3.6.11</lt></range>
</package>
<package>
<name>rt38</name>
<range><lt>3.8.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Best Practical reports:</p>
<blockquote cite="http://blog.bestpractical.com/2011/04/security-vulnerabilities-in-rt.html">
<p>In the process of preparing the release of RT 4.0.0, we performed
an extensive security audit of RT's source code. During this
audit, several vulnerabilities were found which affect earlier
releases of RT.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1685</cvename>
<cvename>CVE-2011-1686</cvename>
<cvename>CVE-2011-1687</cvename>
<cvename>CVE-2011-1688</cvename>
<cvename>CVE-2011-1689</cvename>
<cvename>CVE-2011-1690</cvename>
<url>http://secunia.com/advisories/44189</url>
</references>
<dates>
<discovery>2011-04-14</discovery>
<entry>2011-04-17</entry>
</dates>
</vuln>
<vuln vid="6a3c3e5c-66cb-11e0-a116-c535f3aa24f0">
<topic>krb5 -- MITKRB5-SA-2011-004, kadmind invalid pointer free() [CVE-2011-0285]</topic>
<affects>
<package>
<name>krb5</name>
<range><ge>1.7</ge><lt>1.7.2</lt></range>
<range><ge>1.8</ge><lt>1.8.4</lt></range>
<range><eq>1.9</eq></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>An advisory published by the MIT Kerberos team says:</p>
<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt">
<p>The password-changing capability of the MIT krb5 administration
daemon (kadmind) has a bug that can cause it to attempt to free()
an invalid pointer under certain error conditions. This can cause
the daemon to crash or induce the execution of arbitrary code
(which is believed to be difficult). No exploit that executes
arbitrary code is known to exist, but it is easy to trigger a
denial of service manually.</p>
<p>Some platforms detect attempted freeing of invalid pointers and
protectively terminate the process, preventing arbitrary code
execution on those platforms.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0285</cvename>
<url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-004.txt</url>
</references>
<dates>
<discovery>2011-04-12</discovery>
<entry>2011-04-14</entry>
</dates>
</vuln>
<vuln vid="7edac52a-66cd-11e0-9398-5d45f3aa24f0">
<topic>krb5 -- MITKRB5-SA-2011-003, KDC vulnerable to double-free when PKINIT enabled</topic>
<affects>
<package>
<name>krb5</name>
<range><ge>1.7</ge><lt>1.7.2</lt></range>
<range><ge>1.8</ge><lt>1.8.4</lt></range>
<range><eq>1.9</eq></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>An advisory published by the MIT Kerberos team says:</p>
<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt">
<p>The MIT Kerberos 5 Key Distribution Center (KDC) daemon is
vulnerable to a double-free condition if the Public Key
Cryptography for Initial Authentication (PKINIT) capability is
enabled, resulting in daemon crash or arbitrary code execution
(which is believed to be difficult).</p>
<p>An unauthenticated remote attacker can induce a double-free
event, causing the KDC daemon to crash (denial of service),
or to execute arbitrary code. Exploiting a double-free event
to execute arbitrary code is believed to be difficult.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0284</cvename>
<url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-003.txt</url>
</references>
<dates>
<discovery>2011-03-15</discovery>
<entry>2011-04-14</entry>
</dates>
</vuln>
<vuln vid="4ab413ea-66ce-11e0-bf05-d445f3aa24f0">
<topic>krb5 -- MITKRB5-SA-2011-002, KDC vulnerable to hang when using LDAP back end</topic>
<affects>
<package>
<name>krb5</name>
<range><ge>1.7</ge><lt>1.7.2</lt></range>
<range><ge>1.8</ge><le>1.8.4</le></range>
<range><eq>1.9</eq></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>An advisory published by the MIT Kerberos team says:</p>
<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt">
<p>The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable
to denial of service attacks from unauthenticated remote
attackers. CVE-2011-0281 and CVE-2011-0282 occur only in KDCs
using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9
KDCs.</p>
<p>Exploit code is not known to exist, but the vulnerabilities are
easy to trigger manually. The trigger for CVE-2011-0281 has
already been disclosed publicly, but that fact might not be
obvious to casual readers of the message in which it was
disclosed. The triggers for CVE-2011-0282 and CVE-2011-0283
have not yet been disclosed publicly, but they are also
trivial.</p>
<p>CVE-2011-0281: An unauthenticated remote attacker can cause a KDC
configured with an LDAP back end to become completely unresponsive
until restarted.</p>
<p>CVE-2011-0282: An unauthenticated remote attacker can cause a KDC
configured with an LDAP back end to crash with a null pointer
dereference.</p>
<p>CVE-2011-0283: An unauthenticated remote attacker can cause a
krb5-1.9 KDC with any back end to crash with a null pointer
dereference.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0281</cvename>
<cvename>CVE-2011-0282</cvename>
<cvename>CVE-2011-0283</cvename>
<url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt</url>
</references>
<dates>
<discovery>2011-02-08</discovery>
<entry>2011-04-14</entry>
</dates>
</vuln>
<vuln vid="64f24a1e-66cf-11e0-9deb-f345f3aa24f0">
<topic>krb5 -- MITKRB5-SA-2011-001, kpropd denial of service</topic>
<affects>
<package>
<name>krb5</name>
<range><ge>1.7</ge><lt>1.7.2</lt></range>
<range><ge>1.8</ge><lt>1.8.4</lt></range>
<range><eq>1.9</eq></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>An advisory published by the MIT Kerberos team says:</p>
<blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt">
<p>The MIT krb5 KDC database propagation daemon (kpropd) is
vulnerable to a denial-of-service attack triggered by invalid
network input. If a kpropd worker process receives invalid
input that causes it to exit with an abnormal status, it can
cause the termination of the listening process that spawned it,
preventing the slave KDC it was running on from receiving
database updates from the master KDC.</p>
<p>Exploit code is not known to exist, but the vulnerabilities are
easy to trigger manually.</p>
<p>An unauthenticated remote attacker can cause kpropd running in
standalone mode (the "-S" option) to terminate its listening
process, preventing database propagations to the KDC host on
which it was running. Configurations where kpropd runs in
incremental propagation mode ("iprop") or as an inetd server
are not affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2010-4022</cvename>
<url>http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt</url>
</references>
<dates>
<discovery>2011-02-08</discovery>
<entry>2011-04-14</entry>
</dates>
</vuln>
<vuln vid="2eccb24f-61c0-11e0-b199-0015f2db7bde">
<topic>xrdb -- root hole via rogue hostname</topic>
<affects>
<package>
<name>xrdb</name>
<range><lt>1.0.6_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Matthias Hopf reports:</p>
<blockquote cite="http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html">
<p>By crafting hostnames with shell escape characters, arbitrary
commands can be executed in a root environment when a display
manager reads in the resource database via xrdb.</p>
<p>These specially crafted hostnames can occur in two environments:</p>
<p>Systems are affected are: systems set their hostname via DHCP,
and the used DHCP client allows setting of hostnames with illegal
characters. And systems that allow remote logins via xdmcp.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0465</cvename>
<url>http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html</url>
</references>
<dates>
<discovery>2011-04-05</discovery>
<entry>2011-04-14</entry>
</dates>
</vuln>
<vuln vid="a4372a68-652c-11e0-a25a-00151735203a">
<topic>OTRS -- Several XSS attacks possible</topic>
<affects>
<package>
<name>otrs</name>
<range><gt>2.3.*</gt><lt>3.0.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OTRS Security Advisory reports:</p>
<blockquote cite="http://otrs.org/advisory/OSA-2011-01-en/">
<ul>
<li>Several XSS attacks possible:
An attacker could trick a logged in user to following a prepared
URL inside of the OTRS system which causes a page to be shown that
possibly includes malicious !JavaScript code because of incorrect
escaping during the generation of the HTML page.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1518</cvename>
<url>http://otrs.org/advisory/OSA-2011-01-en/</url>
</references>
<dates>
<discovery>2011-03-12</discovery>
<entry>2011-04-12</entry>
</dates>
</vuln>
<vuln vid="7e69f00d-632a-11e0-9f3a-001d092480a4">
<topic>isc-dhcp-client -- dhclient does not strip or escape shell meta-characters</topic>
<affects>
<package>
<name>isc-dhcp31-client</name>
<range><lt>3.1.ESV_1,1</lt></range>
</package>
<package>
<name>isc-dhcp41-client</name>
<range><lt>4.1.e,2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="http://www.isc.org/software/dhcp/advisories/cve-2011-0997">
<p>ISC dhclient did not strip or escape certain shell meta-characters
in responses from the dhcp server (like hostname) before passing the
responses on to dhclient-script. Depending on the script and OS,
this can result in execution of exploit code on the client.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0997</cvename>
<certvu>107886</certvu>
</references>
<dates>
<discovery>2011-04-05</discovery>
<entry>2011-04-10</entry>
</dates>
</vuln>
<vuln vid="b9281fb9-61b2-11e0-b1ce-0019d1a7ece2">
<topic>tinyproxy -- ACL lists ineffective when range is configured</topic>
<affects>
<package>
<name>tinyproxy</name>
<range><lt>1.8.2_2,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>When including a line to allow a network of IP addresses, the access to tinyproxy
56 is actually allowed for all IP addresses.</p>
</body>
</description>
<references>
<cvename>CVE-2011-1499</cvename>
<url>https://banu.com/bugzilla/show_bug.cgi?id=90</url>
</references>
<dates>
<discovery>2010-05-18</discovery>
<entry>2011-04-08</entry>
</dates>
</vuln>
<vuln vid="b2a40507-5c88-11e0-9e85-00215af774f0">
<topic>quagga -- two DoS vulnerabilities</topic>
<affects>
<package>
<name>quagga</name>
<range><lt>0.99.17_6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Quagga developers report:</p>
<blockquote cite="http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200">
<p>Quagga 0.99.18 has been released.
This release fixes 2 denial of services in bgpd, which can be
remotely triggered by malformed AS-Pathlimit or Extended-Community
attributes. These issues have been assigned CVE-2010-1674 and
CVE-2010-1675. Support for AS-Pathlimit has been removed with this
release.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2010-1674</cvename>
<cvename>CVE-2010-1675</cvename>
<url>http://www.quagga.net/news2.php?y=2011&m=3&d=21#id1300723200</url>
</references>
<dates>
<discovery>2010-04-30</discovery>
<entry>2011-04-01</entry>
</dates>
</vuln>
<vuln vid="c6fbd447-59ed-11e0-8d04-0015f2db7bde">
<topic>gdm -- privilege escalation vulnerability</topic>
<affects>
<package>
<name>gdm</name>
<range><lt>2.30.5_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Sebastian Krahmer reports:</p>
<blockquote cite="http://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html">
<p>It was discovered that the GNOME Display Manager (gdm) cleared the cache
directory, which is owned by an unprivileged user, with the privileges of the
root user. A race condition exists in gdm where a local user could take
advantage of this by writing to the cache directory between ending the session
and the signal to clean up the session, which could lead to the execution of
arbitrary code as the root user.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0727</cvename>
<url>http://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html</url>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=688323</url>
</references>
<dates>
<discovery>2011-03-28</discovery>
<entry>2011-03-29</entry>
</dates>
</vuln>
<vuln vid="fe853666-56ce-11e0-9668-001fd0d616cf">
<topic>php -- ZipArchive segfault with FL_UNCHANGED on empty archive</topic>
<affects>
<package>
<name>php5-zip</name>
<range><lt>5.3.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>US-CERT/NIST reports:</p>
<blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0421">
<p>The _zip_name_locate function in zip_name_locate.c in the Zip extension
in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED
argument, which might allow context-dependent attackers to cause a
denial of service (application crash) via an empty ZIP archive that is
processed with a (1) locateName or (2) statName operation.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0421</cvename>
</references>
<dates>
<discovery>2011-03-20</discovery>
<entry>2011-03-25</entry>
</dates>
</vuln>
<vuln vid="cc3bfec6-56cd-11e0-9668-001fd0d616cf">
<topic>php -- crash on crafted tag in exif</topic>
<affects>
<package>
<name>php5-exif</name>
<range><lt>5.3.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>US-CERT/NIST reports:</p>
<blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0708">
<p>exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms
performs an incorrect cast, which allows remote attackers to cause a
denial of service (application crash) via an image with a crafted
Image File Directory (IFD) that triggers a buffer over-read.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0708</cvename>
</references>
<dates>
<discovery>2011-03-20</discovery>
<entry>2011-03-25</entry>
</dates>
</vuln>
<vuln vid="501ee07a-5640-11e0-985a-001b2134ef46">
<topic>linux-flashplugin -- remote code execution vulnerability</topic>
<affects>
<package>
<name>linux-flashplugin</name>
<range><le>9.0r289</le></range>
</package>
<package>
<name>linux-f8-flashplugin</name>
<name>linux-f10-flashplugin</name>
<range><lt>10.2r153</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe Product Security Incident Response Team reports:</p>
<blockquote cite="http://www.adobe.com/support/security/advisories/apsa11-01.html">
<p>A critical vulnerability exists in Adobe Flash Player
10.2.152.33 and earlier versions (Adobe Flash Player
10.2.154.18 and earlier for Chrome users) for Windows,
Macintosh, Linux and Solaris operating systems, Adobe
Flash Player 10.1.106.16 and earlier versions for Android,
and the Authplay.dll component that ships with Adobe Reader
and Acrobat X (10.0.1) and earlier 10.x and 9.x versions of
Reader and Acrobat for Windows and Macintosh operating systems.</p>
<p>This vulnerability (CVE-2011-0609) could cause a crash and
potentially allow an attacker to take control of the affected
system. There are reports that this vulnerability is being
exploited in the wild in targeted attacks via a Flash (.swf)
file embedded in a Microsoft Excel (.xls) file delivered as
an email attachment.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0609</cvename>
<url>http://www.adobe.com/support/security/advisories/apsa11-01.html</url>
</references>
<dates>
<discovery>2011-01-20</discovery>
<entry>2011-03-24</entry>
</dates>
</vuln>
<vuln vid="b2f09169-55af-11e0-9d6f-000f20797ede">
<topic>mozilla -- update to HTTPS certificate blacklist</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>3.6.*,1</gt><lt>3.6.16,1</lt></range>
<range><gt>3.5.*,1</gt><lt>3.5.18,1</lt></range>
</package>
<package>
<name>libxul</name>
<range><gt>1.9.2.*</gt><lt>1.9.2.16</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>3.6.16,1</lt></range>
</package>
<package>
<name>linux-firefox-devel</name>
<range><lt>3.5.18</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><gt>2.0.*</gt><lt>2.0.13</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><gt>2.0.*</gt><lt>2.0.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2011-11 Update to HTTPS certificate blacklist</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.mozilla.org/security/announce/2011/mfsa2011-11.html</url>
</references>
<dates>
<discovery>2011-03-22</discovery>
<entry>2011-03-24</entry>
</dates>
</vuln>
<vuln vid="14a6f516-502f-11e0-b448-bbfa2731f9c7">
<topic>postfix -- plaintext command injection with SMTP over TLS</topic>
<affects>
<package>
<name>postfix</name>
<name>postfix-base</name>
<range><ge>2.7.*,1</ge><lt>2.7.3,1</lt></range>
<range><ge>2.6.*,1</ge><lt>2.6.9,1</lt></range>
<range><ge>2.5.*,2</ge><lt>2.5.12,2</lt></range>
<range><ge>2.4.*,1</ge><lt>2.4.16,1</lt></range>
</package>
<package>
<name>postfix-current</name>
<name>postfix-current-base</name>
<range><lt>2.9.20100120,4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Wietse Venema has discovered a software flaw that allows
an attacker to inject client commands into an SMTP session
during the unprotected plaintext SMTP protocol phase, such
that the server will execute those commands during the SMTP-
over-TLS protocol phase when all communication is supposed
to be protected.</p>
</body>
</description>
<references>
<cvename>CVE-2011-0411</cvename>
<url>http://www.postfix.org/CVE-2011-0411.html</url>
<url>http://secunia.com/advisories/43646/</url>
</references>
<dates>
<discovery>2011-03-07</discovery>
<entry>2011-03-19</entry>
</dates>
</vuln>
<vuln vid="b13414c9-50ba-11e0-975a-000c29cc39d3">
<topic>hiawatha -- integer overflow in Content-Length header parsing</topic>
<affects>
<package>
<name>hiawatha</name>
<range><lt>7.4_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Hugo Leisink reports:</p>
<blockquote cite="http://www.hiawatha-webserver.org/weblog/16">
<p>A bug has been found in version 7.4 of the Hiawatha webserver,
which could lead to a server crash. This is caused by an integer
overflow in the routine that reads the HTTP request. A too large
value of the Content-Length HTTP header results in an overflow.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.hiawatha-webserver.org/weblog/16</url>
<url>http://secunia.com/advisories/43660/</url>
<url>http://securityvulns.com/Zdocument902.html</url>
<url>http://packetstormsecurity.org/files/99021/Hiawatha-WebServer-7.4-Denial-Of-Service.html</url>
<url>http://seclists.org/bugtraq/2011/Mar/65</url>
</references>
<dates>
<discovery>2011-02-25</discovery>
<entry>2011-03-17</entry>
</dates>
</vuln>
<vuln vid="bfe9c75e-5028-11e0-b2d2-00215c6a37bb">
<topic>asterisk -- Multiple Vulnerabilities</topic>
<affects>
<package>
<name>asterisk16</name>
<range><gt>1.6.*</gt><lt>1.6.2.17.1</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><gt>1.8.*</gt><lt>1.8.3.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk Development Team reports:</p>
<blockquote cite="http://www.venturevoip.com/news.php?rssid=2521">
<p>The releases of Asterisk 1.6.1.23, 1.6.2.17.1, and 1.8.3.1
resolve two issues:</p>
<ul>
<li>Resource exhaustion in Asterisk Manager Interface
(AST-2011-003)</li>
<li>Remote crash vulnerability in TCP/TLS server
(AST-2011-004)</li>
</ul>
<p>The issues and resolutions are described in the AST-2011-003
and AST-2011-004 security advisories.</p>
</blockquote>
</body>
</description>
<references>
<url>http://downloads.asterisk.org/pub/security/AST-2011-003.html</url>
<url>http://downloads.asterisk.org/pub/security/AST-2011-004.html</url>
</references>
<dates>
<discovery>2011-03-01</discovery>
<entry>2011-03-16</entry>
</dates>
</vuln>
<vuln vid="8b986a05-4dbe-11e0-8b9a-02e0184b8d35">
<topic>avahi -- denial of service</topic>
<affects>
<package>
<name>avahi</name>
<name>avahi-app</name>
<name>avahi-autoipd</name>
<name>avahi-gtk</name>
<name>avahi-libdns</name>
<name>avahi-qt3</name>
<name>avahi-qt4</name>
<name>avahi-sharp</name>
<range><lt>0.6.29</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Avahi developers reports:</p>
<blockquote cite="http://secunia.com/advisories/43361/">
<p>A vulnerability has been reported in Avahi, which can be exploited
by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error when processing certain
UDP packets, which can be exploited to trigger an infinite loop by
e.g. sending an empty packet to port 5353/UDP.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1002</cvename>
<cvename>CVE-2010-2244</cvename>
<url>http://secunia.com/advisories/43361/</url>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=667187</url>
</references>
<dates>
<discovery>2011-02-21</discovery>
<entry>2011-03-13</entry>
</dates>
</vuln>
<vuln vid="64691c49-4b22-11e0-a226-00e0815b8da8">
<topic>mailman -- XSS vulnerability</topic>
<affects>
<package>
<name>mailman</name>
<range><lt>2.1.14_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>CVE reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0707">
<p>Multiple cross-site scripting (XSS) vulnerabilities in
Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote
attackers to inject arbitrary web script or HTML via the (1)
full name or (2) username field in a confirmation message.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0707</cvename>
<url>http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html</url>
</references>
<dates>
<discovery>2011-02-13</discovery>
<entry>2011-03-10</entry>
</dates>
</vuln>
<vuln vid="cf96cd8d-48fb-11e0-98a6-0050569b2d21">
<topic>redmine -- XSS vulnerability</topic>
<affects>
<package>
<name>redmine</name>
<range><gt>1.0</gt><lt>1.1.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jean-Philippe Lang reports:</p>
<blockquote cite="http://www.redmine.org/news/53">
<p>This maintenance release for 1.1.x users includes
13 bug fixes since 1.1.1 and a security fix (XSS
vulnerability affecting all Redmine versions from
1.0.1 to 1.1.1).
</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.redmine.org/news/53</url>
</references>
<dates>
<discovery>2011-03-07</discovery>
<entry>2011-03-07</entry>
</dates>
</vuln>
<vuln vid="e27ca763-4721-11e0-bdc4-001e8c75030d">
<topic>subversion -- remote HTTP DoS vulnerability</topic>
<affects>
<package>
<name>subversion</name>
<range><ge>1.6</ge><le>1.6.15</le></range>
<range><ge>1.5</ge><le>1.6.9</le></range>
</package>
<package>
<name>subversion-freebsd</name>
<range><ge>1.6</ge><le>1.6.15</le></range>
<range><ge>1.5</ge><le>1.6.9</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Subversion project reports:</p>
<blockquote cite="http://subversion.apache.org/security/CVE-2011-0715-advisory.txt">
<p>Subversion HTTP servers up to 1.5.9 (inclusive) or 1.6.15 (inclusive)
are vulnerable to a remotely triggerable NULL-pointer dereference.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0715</cvename>
</references>
<dates>
<discovery>2011-02-27</discovery>
<entry>2011-03-05</entry>
</dates>
</vuln>
<vuln vid="45f102cd-4456-11e0-9580-4061862b8c22">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
<package>
<name>firefox</name>
<range><gt>3.6.*,1</gt><lt>3.6.14,1</lt></range>
<range><gt>3.5.*,1</gt><lt>3.5.17,1</lt></range>
</package>
<package>
<name>libxul</name>
<range><gt>1.9.2.*</gt><lt>1.9.2.14</lt></range>
</package>
<package>
<name>linux-firefox</name>
<range><lt>3.6.14,1</lt></range>
</package>
<package>
<name>linux-firefox-devel</name>
<range><lt>3.5.17</lt></range>
</package>
<package>
<name>linux-seamonkey</name>
<range><gt>2.0.*</gt><lt>2.0.12</lt></range>
</package>
<package>
<name>linux-thunderbird</name>
<range><ge>3.1</ge><lt>3.1.8</lt></range>
</package>
<package>
<name>seamonkey</name>
<range><gt>2.0.*</gt><lt>2.0.12</lt></range>
</package>
<package>
<name>thunderbird</name>
<range><lt>3.1.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Mozilla Project reports:</p>
<blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/">
<p>MFSA 2011-01 Miscellaneous memory safety hazards (rv:1.9.2.14/ 1.9.1.17)</p>
<p>MFSA 2011-02 Recursive eval call causes confirm dialogs to evaluate to true</p>
<p>MFSA 2011-03 Use-after-free error in JSON.stringify</p>
<p>MFSA 2011-04 Buffer overflow in JavaScript upvarMap</p>
<p>MFSA 2011-05 Buffer overflow in JavaScript atom map</p>
<p>MFSA 2011-06 Use-after-free error using Web Workers</p>
<p>MFSA 2011-07 Memory corruption during text run construction (Windows)</p>
<p>MFSA 2011-08 ParanoidFragmentSink allows javascript: URLs in chrome documents</p>
<p>MFSA 2011-09 Crash caused by corrupted JPEG image</p>
<p>MFSA 2011-10 CSRF risk with plugins and 307 redirects</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2010-1585</cvename>
<cvename>CVE-2011-0051</cvename>
<cvename>CVE-2011-0053</cvename>
<cvename>CVE-2011-0054</cvename>
<cvename>CVE-2011-0055</cvename>
<cvename>CVE-2011-0056</cvename>
<cvename>CVE-2011-0057</cvename>
<cvename>CVE-2011-0058</cvename>
<cvename>CVE-2011-0059</cvename>
<cvename>CVE-2011-0061</cvename>
<cvename>CVE-2011-0062</cvename>
<url>https://www.mozilla.org/security/announce/2011/mfsa2011-01.html</url>
<url>https://www.mozilla.org/security/announce/2011/mfsa2011-02.html</url>
<url>https://www.mozilla.org/security/announce/2011/mfsa2011-03.html</url>
<url>https://www.mozilla.org/security/announce/2011/mfsa2011-04.html</url>
<url>https://www.mozilla.org/security/announce/2011/mfsa2011-05.html</url>
<url>https://www.mozilla.org/security/announce/2011/mfsa2011-06.html</url>
<url>https://www.mozilla.org/security/announce/2011/mfsa2011-07.html</url>
<url>https://www.mozilla.org/security/announce/2011/mfsa2011-08.html</url>
<url>https://www.mozilla.org/security/announce/2011/mfsa2011-09.html</url>
<url>https://www.mozilla.org/security/announce/2011/mfsa2011-10.html</url>
</references>
<dates>
<discovery>2011-03-01</discovery>
<entry>2011-03-01</entry>
</dates>
</vuln>
<vuln vid="be3dfe33-410b-11e0-9e02-00215c6a37bb">
<topic>openldap -- two security bypass vulnerabilities</topic>
<affects>
<package>
<name>openldap-server</name>
<range><gt>2.4.0</gt><lt>2.4.24</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/43331/">
<p>Two vulnerabilities have been reported in
OpenLDAP, which can be exploited by malicious
people to bypass certain security restrictions.</p>
<p>The vulnerabilities are reported in versions
prior to 2.4.24.</p>
</blockquote>
</body>
</description>
<references>
<url>http://secunia.com/advisories/43331/</url>
</references>
<dates>
<discovery>2011-02-14</discovery>
<entry>2011-02-25</entry>
</dates>
</vuln>
<vuln vid="65d16342-3ec8-11e0-9df7-001c42d23634">
<topic>asterisk -- Exploitable Stack and Heap Array Overflows</topic>
<affects>
<package>
<name>asterisk14</name>
<range><gt>1.4.*</gt><lt>1.4.39.2</lt></range>
</package>
<package>
<name>asterisk16</name>
<range><gt>1.6.*</gt><lt>1.6.2.16.2</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><gt>1.8.*</gt><lt>1.8.2.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk Development Team reports:</p>
<blockquote cite="http://lists.digium.com/pipermail/asterisk-announce/2011-February/000302.html">
<p>The releases of Asterisk 1.4.39.2, 1.6.1.22, 1.6.2.16.2, and
1.8.2.4 resolve an issue that when decoding UDPTL packets, multiple
heap based arrays can be made to overflow by specially
crafted packets. Systems configured for T.38 pass through or
termination are vulnerable. The issue and resolution are described
in the AST-2011-002 security advisory.</p>
</blockquote>
</body>
</description>
<references>
<url>http://downloads.asterisk.org/pub/security/AST-2011-002.html</url>
<url>http://secunia.com/advisories/43429/</url>
</references>
<dates>
<discovery>2011-02-21</discovery>
<entry>2011-02-22</entry>
</dates>
</vuln>
<vuln vid="ae0e5835-3cad-11e0-b654-00215c6a37bb">
<topic>PivotX -- administrator password reset vulnerability</topic>
<affects>
<package>
<name>pivotx</name>
<range><lt>2.2.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>US CERT reports:</p>
<blockquote cite="http://www.kb.cert.org/vuls/id/175068">
<p>PivotX contains a vulnerability that allows an
attacker to change the password of any account
just by guessing the username. Version 2.2.4 has
been reported to not be affected.
This vulnerability is being exploited in the wild
and users should immediately upgrade to 2.2.5 or
later. Mitigation steps for users that have been
compromised have been posted to the <a href="http://forum.pivotx.net/viewtopic.php?f=2&t=1967">PivotX
Support Community</a>.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-1035</cvename>
</references>
<dates>
<discovery>2011-02-18</discovery>
<entry>2011-02-20</entry>
</dates>
</vuln>
<vuln vid="553ec4ed-38d6-11e0-94b1-000c29ba66d2">
<topic>tomcat -- Cross-site scripting vulnerability</topic>
<affects>
<package>
<name>tomcat</name>
<range><gt>5.5.0</gt><lt>5.5.32</lt></range>
</package>
<package>
<name>tomcat</name>
<range><gt>6.0.0</gt><lt>6.0.30</lt></range>
</package>
<package>
<name>tomcat</name>
<range><gt>7.0.0</gt><lt>7.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Tomcat security team reports:</p>
<blockquote cite="http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32">
<p>The HTML Manager interface displayed web applciation
provided data, such as display names, without filtering.
A malicious web application could trigger script execution
by an administartive user when viewing the manager pages.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0013</cvename>
<url>http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.32</url>
<url>http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.30</url>
<url>http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.6</url>
</references>
<dates>
<discovery>2010-11-12</discovery>
<entry>2011-02-15</entry>
<modified>2011-09-30</modified>
</dates>
</vuln>
<vuln vid="cd68ff50-362b-11e0-ad36-00215c6a37bb">
<topic>phpMyAdmin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><lt>3.3.9.2</lt></range>
</package>
<package>
<name>phpMyAdmin211</name>
<range><lt>2.11.11.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>phpMyAdmin team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php">
<p>It was possible to create a bookmark which would be executed
unintentionally by other users.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php">
<p>When the files README, ChangeLog or LICENSE have been removed
from their original place (possibly by the distributor), the
scripts used to display these files can show their full path,
leading to possible further attacks.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php</url>
</references>
<dates>
<discovery>2011-02-08</discovery>
<entry>2011-02-11</entry>
</dates>
</vuln>
<vuln vid="4a3482da-3624-11e0-b995-001b2134ef46">
<topic>linux-flashplugin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>linux-flashplugin</name>
<range><le>9.0r289</le></range>
</package>
<package>
<name>linux-f8-flashplugin</name>
<name>linux-f10-flashplugin</name>
<range><lt>10.2r152</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Adobe Product Security Incident Response Team reports:</p>
<blockquote cite="http://www.adobe.com/support/security/bulletins/apsb11-02.html">
<p>Critical vulnerabilities have been identified in
Adobe Flash Player 10.1.102.64 and earlier versions for
Windows, Macintosh, Linux, and Solaris. These vulnerabilities
could cause the application to crash and could potentially
allow an attacker to take control of the affected system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0558</cvename>
<cvename>CVE-2011-0559</cvename>
<cvename>CVE-2011-0560</cvename>
<cvename>CVE-2011-0561</cvename>
<cvename>CVE-2011-0571</cvename>
<cvename>CVE-2011-0572</cvename>
<cvename>CVE-2011-0573</cvename>
<cvename>CVE-2011-0574</cvename>
<cvename>CVE-2011-0575</cvename>
<cvename>CVE-2011-0577</cvename>
<cvename>CVE-2011-0578</cvename>
<cvename>CVE-2011-0607</cvename>
<cvename>CVE-2011-0608</cvename>
<url>http://www.adobe.com/support/security/bulletins/apsb11-02.html</url>
</references>
<dates>
<discovery>2011-02-08</discovery>
<entry>2011-02-11</entry>
</dates>
</vuln>
<vuln vid="53bde960-356b-11e0-8e81-0022190034c0">
<topic>mupdf -- Remote System Access</topic>
<affects>
<package>
<name>mupdf</name>
<range><lt>0.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/43020/">
<p>The vulnerability is caused due to an error within the
"closedctd()" function in fitz/filt_dctd.c when processing PDF
files containing certain malformed JPEG images. This can be
exploited to cause a stack corruption by e.g. tricking a user
into opening a specially crafted PDF file.</p>
</blockquote>
</body>
</description>
<references>
<bid>46027</bid>
<url>http://secunia.com/advisories/43020/</url>
</references>
<dates>
<discovery>2011-01-26</discovery>
<entry>2011-02-10</entry>
</dates>
</vuln>
<vuln vid="1cae628c-3569-11e0-8e81-0022190034c0">
<topic>rubygem-mail -- Remote Arbitrary Shell Command Injection Vulnerability</topic>
<affects>
<package>
<name>rubygem-mail</name>
<range><lt>2.2.15</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/43077/">
<p>Input passed via an email from address is not properly sanitised
in the "deliver()" function (lib/mail/network/delivery_methods/sendmail.rb)
before being used as a command line argument. This can be exploited
to inject arbitrary shell commands.</p>
</blockquote>
</body>
</description>
<references>
<bid>46021</bid>
<cvename>CVE-2011-0739</cvename>
<url>http://secunia.com/advisories/43077/</url>
<url>http://groups.google.com/group/mail-ruby/browse_thread/thread/e93bbd05706478dd?pli=1</url>
</references>
<dates>
<discovery>2011-01-25</discovery>
<entry>2011-02-10</entry>
</dates>
</vuln>
<vuln vid="7c492ea2-3566-11e0-8e81-0022190034c0">
<topic>plone -- Remote Security Bypass</topic>
<affects>
<package>
<name>plone</name>
<range><ge>2.5</ge><lt>3</lt></range>
</package>
<package>
<name>plone3</name>
<range><ge>3</ge><le>3.3</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Plone developer reports:</p>
<blockquote cite="http://plone.org/products/plone/security/advisories/cve-2011-0720">
<p>This is an escalation of privileges attack that can be used by
anonymous users to gain access to a Plone site's administration
controls, view unpublished content, create new content and modify a
site's skin. The sandbox protecting access to the underlying
system is still in place, and it does not grant access to other
applications running on the same Zope instance.</p>
</blockquote>
</body>
</description>
<references>
<bid>46102</bid>
<cvename>CVE-2011-0720</cvename>
<url>http://plone.org/products/plone/security/advisories/cve-2011-0720</url>
</references>
<dates>
<discovery>2011-02-02</discovery>
<entry>2011-02-10</entry>
</dates>
</vuln>
<vuln vid="44ccfab0-3564-11e0-8e81-0022190034c0">
<topic>exim -- local privilege escalation</topic>
<affects>
<package>
<name>exim</name>
<name>exim-ldap</name>
<name>exim-ldap2</name>
<name>exim-mysql</name>
<name>exim-postgresql</name>
<name>exim-sa-exim</name>
<range><lt>4.74</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>exim.org reports:</p>
<blockquote cite="ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74">
<p>CVE-2011-0017 - check return value of setuid/setgid. This is a
privilege escalation vulnerability whereby the Exim run-time user
can cause root to append content of the attacker's choosing to
arbitrary files.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0017</cvename>
<url>ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74</url>
</references>
<dates>
<discovery>2011-01-31</discovery>
<entry>2011-02-10</entry>
</dates>
</vuln>
<vuln vid="f2b43905-3545-11e0-8e81-0022190034c0">
<topic>openoffice.org -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>openoffice.org</name>
<range><lt>3.3.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>OpenOffice.org Security Team reports:</p>
<blockquote cite="http://www.openoffice.org/security/bulletin.html">
<p>Fixed in OpenOffice.org 3.3</p>
<ul>
<li><a href="http://www.openoffice.org/security/cves/CVE-2010-2935_CVE-2010-2936.html">
CVE-2010-2935 / CVE-2010-2936</a>: Security Vulnerability in OpenOffice.org related to PowerPoint document processing</li>
<li><a href="http://www.openoffice.org/security/cves/CVE-2010-3450.html">
CVE-2010-3450</a>: Security Vulnerability in OpenOffice.org related to Extensions and filter package files</li>
<li><a href="http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html">
CVE-2010-3451 / CVE-2010-3452</a>: Security Vulnerability in OpenOffice.org related to RTF document processing </li>
<li><a href="http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html">
CVE-2010-3453 / CVE-2010-3454</a>: Security Vulnerability in OpenOffice.org related to Word document processing </li>
<li><a href="http://www.openoffice.org/security/cves/CVE-2010-3689.html">
CVE-2010-3689</a>: Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts </li>
<li><a href="http://www.openoffice.org/security/cves/CVE-2010-3702_CVE-2010-3704.html">
CVE-2010-3702 / CVE-2010-3704</a>: Security Vulnerability in OpenOffice.org's PDF Import extension resulting from 3rd party library XPDF</li>
<li><a href="http://www.openoffice.org/security/cves/CVE-2010-4008_CVE-2010-4494.html">
CVE-2010-4008 / CVE-2010-4494</a>: Possible Security Vulnerability in OpenOffice.org resulting from 3rd party library LIBXML2 </li>
<li><a href="http://www.openoffice.org/security/cves/CVE-2010-4253.html">
CVE-2010-4253</a>: Security Vulnerability in OpenOffice.org related to PNG file processing </li>
<li><a href="http://www.openoffice.org/security/cves/CVE-2010-4643.html">
CVE-2010-4643</a>: Security Vulnerability in OpenOffice.org related to TGA file processing </li>
</ul>
</blockquote>
</body>
</description>
<references>
<url>http://www.openoffice.org/security/bulletin.html</url>
<url>http://secunia.com/advisories/40775/</url>
</references>
<dates>
<discovery>2010-08-04</discovery>
<entry>2011-02-10</entry>
</dates>
</vuln>
<vuln vid="35ecdcbe-3501-11e0-afcd-0015f2db7bde">
<topic>webkit-gtk2 -- Multiple vurnabilities.</topic>
<affects>
<package>
<name>webkit-gtk2</name>
<range><lt>1.2.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gustavo Noronha Silva reports:</p>
<blockquote cite="http://permalink.gmane.org/gmane.os.opendarwin.webkit.gtk/405">
<p>This release has essentially security fixes. Refer to the
WebKit/gtk/NEWS file inside the tarball for details. We would like
to thank the Red Hat security team (Huzaifa Sidhpurwala in
particular) and Michael Gilbert from Debian for their help in
checking (and pushing!) security issues affecting the WebKitGTK+
stable branch for this release.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2010-2901</cvename>
<cvename>CVE-2010-4040</cvename>
<cvename>CVE-2010-4042</cvename>
<cvename>CVE-2010-4199</cvename>
<cvename>CVE-2010-4492</cvename>
<cvename>CVE-2010-4493</cvename>
<cvename>CVE-2010-4578</cvename>
<cvename>CVE-2011-0482</cvename>
<cvename>CVE-2011-0778</cvename>
<url>https://bugs.webkit.org/show_bug.cgi?id=48328</url>
<url>https://bugs.webkit.org/show_bug.cgi?id=50710</url>
<url>https://bugs.webkit.org/show_bug.cgi?id=50840</url>
<url>https://bugs.webkit.org/show_bug.cgi?id=50932</url>
<url>https://bugs.webkit.org/show_bug.cgi?id=51993</url>
<url>https://bugs.webkit.org/show_bug.cgi?id=53265</url>
<url>https://bugs.webkit.org/show_bug.cgi?id=53276</url>
<url>http://permalink.gmane.org/gmane.os.opendarwin.webkit.gtk/405</url>
</references>
<dates>
<discovery>2011-02-08</discovery>
<entry>2011-02-10</entry>
</dates>
</vuln>
<vuln vid="ce6ce2f8-34ac-11e0-8103-00215c6a37bb">
<topic>awstats -- arbitrary commands execution vulnerability</topic>
<affects>
<package>
<name>awstats</name>
<range><lt>7.0,1</lt></range>
</package>
<package>
<name>awstats-devel</name>
<range><gt>0</gt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Awstats change log reports:</p>
<blockquote cite="http://awstats.sourceforge.net/docs/awstats_changelog.txt">
<ul>
<li>Security fix (Traverse directory of LoadPlugin)</li>
<li>Security fix (Limit config to defined directory
to avoid access to external config file via a nfs
or webdav link).</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2010-4367</cvename>
<url>http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html</url>
<url>http://awstats.sourceforge.net/docs/awstats_changelog.txt</url>
</references>
<dates>
<discovery>2010-05-01</discovery>
<entry>2011-02-10</entry>
</dates>
</vuln>
<vuln vid="2eda0c54-34ab-11e0-8103-00215c6a37bb">
<topic>opera -- multiple vulnerabilities</topic>
<affects>
<package>
<name>opera</name>
<name>opera-devel</name>
<name>linux-opera</name>
<range><lt>11.01</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Opera reports:</p>
<blockquote cite="http://www.opera.com/docs/changelogs/unix/1101/">
<p>Opera 11.01 is a recommended upgrade offering security and
stability enhancements.</p>
<p>The following security vulnerabilities have been fixed:</p>
<ul>
<li>Removed support for "<code>javascript:</code>" URLs in
CSS -o-link values, to make it easier for sites to filter
untrusted CSS.</li>
<li>Fixed an issue where large form inputs could allow
execution of arbitrary code, as reported by Jordi Chancel;
see our <a href="http://www.opera.com/support/kb/view/982/">advisory</a>.</li>
<li>Fixed an issue which made it possible to carry out
clickjacking attacks against internal opera: URLs;
see our <a href="http://www.opera.com/support/kb/view/983/">advisory</a>.</li>
<li>Fixed issues which allowed web pages to gain limited
access to files on the user's computer; see our
<a href="http://www.opera.com/support/kb/view/984/">advisory</a>.</li>
<li>Fixed an issue where email passwords were not immediately
deleted when deleting private data; see our
<a href="http://www.opera.com/support/kb/view/986/">advisory</a>.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0450</cvename>
<cvename>CVE-2011-0681</cvename>
<cvename>CVE-2011-0682</cvename>
<cvename>CVE-2011-0683</cvename>
<cvename>CVE-2011-0684</cvename>
<cvename>CVE-2011-0685</cvename>
<cvename>CVE-2011-0686</cvename>
<cvename>CVE-2011-0687</cvename>
<url>http://www.opera.com/support/kb/view/982/</url>
<url>http://www.opera.com/support/kb/view/983/</url>
<url>http://www.opera.com/support/kb/view/984/</url>
<url>http://secunia.com/advisories/43023</url>
</references>
<dates>
<discovery>2011-01-26</discovery>
<entry>2011-02-10</entry>
</dates>
</vuln>
<vuln vid="bd760627-3493-11e0-8103-00215c6a37bb">
<topic>django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py23-django</name>
<name>py24-django</name>
<name>py25-django</name>
<name>py26-django</name>
<name>py27-django</name>
<name>py30-django</name>
<name>py31-django</name>
<range><gt>1.2</gt><lt>1.2.5</lt></range>
<range><gt>1.1</gt><lt>1.1.4</lt></range>
</package>
<package>
<name>py23-django-devel</name>
<name>py24-django-devel</name>
<name>py25-django-devel</name>
<name>py26-django-devel</name>
<name>py27-django-devel</name>
<name>py30-django-devel</name>
<name>py31-django-devel</name>
<range><lt>15470,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Django project reports:</p>
<blockquote cite="http://www.djangoproject.com/weblog/2011/feb/08/security/">
<p>Today the Django team is issuing multiple releases --
Django 1.2.5 and Django 1.1.4 -- to remedy three security
issues reported to us. All users of affected versions of
Django are urged to upgrade immediately.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.djangoproject.com/weblog/2011/feb/08/security/</url>
</references>
<dates>
<discovery>2011-02-08</discovery>
<entry>2011-02-09</entry>
</dates>
</vuln>
<vuln vid="8d04cfbd-344d-11e0-8669-0025222482c5">
<topic>mediawiki -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mediawiki</name>
<range><lt>1.16.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Medawiki reports:</p>
<blockquote cite="http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html">
<p>An arbitrary script inclusion vulnerability was discovered. The
vulnerability only allows execution of files with names ending in
".php" which are already present in the local filesystem. Only servers
running Microsoft Windows and possibly Novell Netware are affected.
Despite these mitigating factors, all users are advised to upgrade,
since there is a risk of complete server compromise. MediaWiki 1.8.0
and later is affected.</p>
<p>Security researcher mghack discovered a CSS injection
vulnerability. For Internet Explorer and similar browsers, this is
equivalent to an XSS vulnerability, that is to say, it allows the
compromise of wiki user accounts. For other browsers, it allows private
data such as IP addresses and browsing patterns to be sent to a malicious
external web server. It affects all versions of MediaWiki. All users are
advised to upgrade.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0047</cvename>
<url>https://bugzilla.wikimedia.org/show_bug.cgi?id=27094</url>
<url>https://bugzilla.wikimedia.org/show_bug.cgi?id=27093</url>
<url>http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES</url>
<url>http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html</url>
</references>
<dates>
<discovery>2011-02-01</discovery>
<entry>2011-02-09</entry>
</dates>
</vuln>
<vuln vid="8c93e997-30e0-11e0-b300-485d605f4717">
<topic>wordpress -- SQL injection vulnerability</topic>
<affects>
<package>
<name>wordpress</name>
<range><lt>3.0.2,1</lt></range>
</package>
<package>
<name>de-wordpress</name>
<name>zh-wordpress-zh_CN</name>
<name>zh-wordpress-zh_TW</name>
<range><lt>3.0.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Vendor reports:</p>
<blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4257">
<p>SQL injection vulnerability in the do_trackbacks function in
wp-includes/comment.php in WordPress before 3.0.2 allows remote
authenticated users to execute arbitrary SQL commands via the Send
Trackbacks field.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2010-4257</cvename>
<url>http://www.cvedetails.com/cve/CVE-2010-4257/</url>
</references>
<dates>
<discovery>2010-11-16</discovery>
<entry>2011-02-05</entry>
<modified>2011-02-09</modified>
</dates>
</vuln>
<vuln vid="f9258873-2ee2-11e0-afcd-0015f2db7bde">
<topic>vlc -- Insufficient input validation in MKV demuxer</topic>
<affects>
<package>
<name>vlc</name>
<range><lt>1.1.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>VLC team reports:</p>
<blockquote cite="http://www.videolan.org/security/sa1102.html">
<p>When parsing an invalid MKV (Matroska or WebM) file, input
validation are insufficient.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.videolan.org/security/sa1102.html</url>
</references>
<dates>
<discovery>2011-01-26</discovery>
<entry>2011-02-02</entry>
</dates>
</vuln>
<vuln vid="8015600f-2c80-11e0-9cc1-00163e5bf4f9">
<topic>maradns -- denial of service when resolving a long DNS hostname</topic>
<affects>
<package>
<name>maradns</name>
<range><lt>1.4.06</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MaraDNS developer Sam Trenholme reports:</p>
<blockquote cite="http://samiam.org/blog/20110129.html">
<p>... a mistake in allocating an array of integers, allocating it
in bytes instead of sizeof(int) units. This resulted in a buffer
being too small, allowing it to be overwritten. The impact of this
programming error is that MaraDNS can be crashed by sending
MaraDNS a single "packet of death". Since the data placed in the
overwritten array cannot be remotely controlled (it is a list of
increasing integers), there is no way to increase privileges
exploiting this bug.</p>
</blockquote>
</body>
</description>
<references>
<bid>45966</bid>
<cvename>CVE-2011-0520</cvename>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610834</url>
</references>
<dates>
<discovery>2011-01-23</discovery>
<entry>2011-01-31</entry>
</dates>
</vuln>
<vuln vid="dc9f8335-2b3b-11e0-a91b-00e0815b8da8">
<topic>isc-dhcp-server -- DHCPv6 crash</topic>
<affects>
<package>
<name>isc-dhcp41-server</name>
<range><le>4.1.2,1</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>ISC reports:</p>
<blockquote cite="http://www.isc.org/software/dhcp/advisories/cve-2011-0413">
<p>When the DHCPv6 server code processes a message for an address
that was previously declined and internally tagged as abandoned
it can trigger an assert failure resulting in the server crashing.
This could be used to crash DHCPv6 servers remotely. This issue
only affects DHCPv6 servers. DHCPv4 servers are unaffected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0413</cvename>
<url>http://www.isc.org/software/dhcp/advisories/cve-2011-0413</url>
<url>http://www.kb.cert.org/vuls/id/686084</url>
</references>
<dates>
<discovery>2011-01-26</discovery>
<entry>2011-01-28</entry>
</dates>
</vuln>
<vuln vid="c8c927e5-2891-11e0-8f26-00151735203a">
<topic>bugzilla -- multiple serious vulnerabilities</topic>
<affects>
<package>
<name>bugzilla</name>
<range><ge>2.14.*</ge><lt>3.6.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>A Bugzilla Security Advisory reports:</p>
<blockquote cite="http://www.bugzilla.org/security/3.2.9/">
<p>This advisory covers three security issues that have recently been
fixed in the Bugzilla code:</p>
<ul>
<li>A weakness in Bugzilla could allow a user to gain unauthorized
access to another Bugzilla account.</li>
<li>A weakness in the Perl CGI.pm module allows injecting HTTP
headers and content to users via several pages in Bugzilla.</li>
<li>If you put a harmful "javascript:" or "data:" URL into
Bugzilla's "URL" field, then there are multiple situations in
which Bugzilla will unintentionally make that link clickable.</li>
<li>Various pages lack protection against cross-site request
forgeries.</li>
</ul>
<p>All affected installations are encouraged to upgrade as soon as
possible.</p>
</blockquote>
</body>
</description>
<references>
<bid>25425</bid>
<cvename>CVE-2010-4568</cvename>
<cvename>CVE-2010-2761</cvename>
<cvename>CVE-2010-4411</cvename>
<cvename>CVE-2010-4572</cvename>
<cvename>CVE-2010-4567</cvename>
<cvename>CVE-2010-0048</cvename>
<cvename>CVE-2011-0046</cvename>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=621591</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=619594</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=591165</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=621572</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=619588</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=628034</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=621090</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=621105</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=621107</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=621108</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=621109</url>
<url>https://bugzilla.mozilla.org/show_bug.cgi?id=621110</url>
</references>
<dates>
<discovery>2011-01-24</discovery>
<entry>2011-01-25</entry>
</dates>
</vuln>
<vuln vid="7580f00e-280c-11e0-b7c8-00215c6a37bb">
<topic>dokuwiki -- multiple privilege escalation vulnerabilities</topic>
<affects>
<package>
<name>dokuwiki</name>
<range><lt>20101107a</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Dokuwiki reports:</p>
<blockquote cite="http://bugs.dokuwiki.org/index.php?do=details&task_id=2136">
<p>This security update fixes problems in the XMLRPC
interface where ACLs where not checked correctly
sometimes, making it possible to access and write
information that should not have been accessible/writable.
This only affects users who have enabled the XMLRPC
interface (default is off) and have enabled XMLRPC
access for users who can't access/write all content
anyway (default is nobody, see <a href="http://www.dokuwiki.org/config:xmlrpcuser">http://www.dokuwiki.org/config:xmlrpcuser</a>
for details).</p>
<p>This update also includes a fix for a problem in
the general ACL checking function that could be exploited
to gain access to restricted pages and media files in rare
conditions (when you had rights for an id you could get
the same rights on ids where one character has been
replaced by a ".").</p>
</blockquote>
</body>
</description>
<references>
<url>http://bugs.dokuwiki.org/index.php?do=details&task_id=2136</url>
</references>
<dates>
<discovery>2011-01-16</discovery>
<entry>2011-01-24</entry>
</dates>
</vuln>
<vuln vid="5ab9fb2a-23a5-11e0-a835-0003ba02bf30">
<topic>asterisk -- Exploitable Stack Buffer Overflow</topic>
<affects>
<package>
<name>asterisk14</name>
<range><gt>1.4.*</gt><lt>1.4.39.1</lt></range>
</package>
<package>
<name>asterisk16</name>
<range><gt>1.6.*</gt><lt>1.6.2.16.1</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><gt>1.8.*</gt><lt>1.8.2.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk Development Team reports:</p>
<blockquote cite="http://lists.digium.com/pipermail/asterisk-announce/2011-January/000297.html">
<p>The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1,
1.6.2.16.2, 1.8.1.2, and 1.8.2.1 resolve an issue when forming an
outgoing SIP request while in pedantic mode, which can cause a stack
buffer to be made to overflow if supplied with carefully crafted
caller ID information. The issue and resolution are described in the
AST-2011-001 security advisory.</p>
</blockquote>
</body>
</description>
<references>
<url>http://downloads.asterisk.org/pub/security/AST-2011-001.pdf</url>
</references>
<dates>
<discovery>2011-01-18</discovery>
<entry>2011-01-19</entry>
</dates>
</vuln>
<vuln vid="2c2d4e83-2370-11e0-a91b-00e0815b8da8">
<topic>tarsnap -- cryptographic nonce reuse</topic>
<affects>
<package>
<name>tarsnap</name>
<range><ge>1.0.22</ge><le>1.0.27</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Colin Percival reports:</p>
<blockquote cite="http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html">
<p>In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value
is not incremented after each chunk is encrypted. (The CTR counter
is correctly incremented after each 16 bytes of data was processed,
but this counter is reset to zero for each new chunk.)</p>
<p>Note that since the Tarsnap client-server protocol is encrypted,
being able to intercept Tarsnap client-server traffic does not
provide an attacker with access to the data.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html</url>
</references>
<dates>
<discovery>2011-01-18</discovery>
<entry>2011-01-19</entry>
</dates>
</vuln>
<vuln vid="4c017345-1d89-11e0-bbee-0014a5e3cda6">
<topic>MoinMoin -- cross-site scripting vulnerabilities</topic>
<affects>
<package>
<name>moinmoin</name>
<range><lt>1.9.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The MoinMoin developers reports:</p>
<blockquote cite="http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES">
<p>Fix XSS in Despam action (CVE-2010-0828)</p>
</blockquote>
<blockquote cite="http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg">
<p>Fix XSS issues</p>
<ul>
<li>by escaping template name in messages</li>
<li>by fixing other places that had similar issues</li>
</ul>
</blockquote>
</body>
</description>
<references>
<bid>39110</bid>
<cvename>CVE-2010-0828</cvename>
<url>http://hg.moinmo.in/moin/1.9/raw-file/1.9.3/docs/CHANGES</url>
<url>http://moinmo.in/MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg</url>
</references>
<dates>
<discovery>2010-04-05</discovery>
<entry>2011-01-11</entry>
</dates>
</vuln>
<vuln vid="38bdf10e-2293-11e0-bfa4-001676740879">
<topic>tor -- remote code execution and crash</topic>
<affects>
<package>
<name>tor</name>
<range><lt>0.2.1.29</lt></range>
</package>
<package>
<name>tor-devel</name>
<range><lt>0.2.2.21.a</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Tor Project reports:</p>
<blockquote cite="http://archives.seul.org/or/announce/Jan-2011/msg00000.html">
<p>A remote heap overflow vulnerability that can allow remote
code execution. Other fixes address a variety of assert and crash
bugs, most of which we think are hard to exploit remotely.
All Tor users should upgrade.</p>
</blockquote>
</body>
</description>
<references>
<bid>45832</bid>
<cvename>CVE-2011-0427</cvename>
<freebsdpr>ports/154099</freebsdpr>
<mlist msgid="20110117155813.GG3300@moria.seul.org">http://archives.seul.org/or/announce/Jan-2011/msg00000.html</mlist>
<url>https://gitweb.torproject.org/tor.git/blob/release-0.2.1:/ChangeLog</url>
<url>https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ChangeLog</url>
</references>
<dates>
<discovery>2011-01-15</discovery>
<entry>2011-01-17</entry>
</dates>
</vuln>
<vuln vid="908f4cf2-1e8b-11e0-a587-001b77d09812">
<topic>sudo -- local privilege escalation</topic>
<affects>
<package>
<name>sudo</name>
<range><ge>1.7.0</ge><lt>1.7.4.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Todd Miller reports:</p>
<blockquote cite="http://www.sudo.ws/sudo/alerts/runas_group_pw.html">
<p>Beginning with sudo version 1.7.0 it has been possible
to grant permission to run a command using a specified
group via sudo's -g option (run as group), if allowed by
the sudoers file. A flaw exists in sudo's password
checking logic that allows a user to run a command
with only the group changed without being prompted
for a password.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2011-0010</cvename>
<url>http://www.sudo.ws/sudo/alerts/runas_group_pw.html</url>
<url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641</url>
</references>
<dates>
<discovery>2011-01-11</discovery>
<entry>2011-01-13</entry>
</dates>
</vuln>
<vuln vid="71612099-1e93-11e0-a587-001b77d09812">
<topic>subversion -- multiple DoS</topic>
<affects>
<package>
<name>subversion</name>
<range><lt>1.6.15</lt></range>
</package>
<package>
<name>subversion-freebsd</name>
<range><lt>1.6.15</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Entry for CVE-2010-4539 says:</p>
<blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4539">
<p>The walk function in repos.c in the mod_dav_svn module
for the Apache HTTP Server, as distributed in Apache
Subversion before 1.6.15, allows remote authenticated
users to cause a denial of service (NULL pointer
dereference and daemon crash) via vectors that trigger
the walking of SVNParentPath collections.</p>
</blockquote>
<p>Entry for CVE-2010-4644 says:</p>
<blockquote cite="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4644">
<p>Multiple memory leaks in rev_hunt.c in Apache Subversion
before 1.6.15 allow remote authenticated users to cause
a denial of service (memory consumption and daemon crash)
via the -g option to the blame command.</p>
</blockquote>
</body>
</description>
<references>
<bid>45655</bid>
<cvename>CVE-2010-4539</cvename>
<cvename>CVE-2010-4644</cvename>
</references>
<dates>
<discovery>2011-01-02</discovery>
<entry>2011-01-13</entry>
</dates>
</vuln>
<vuln vid="2b6ed5c7-1a7f-11e0-b61d-000c29d1636d">
<topic>php -- multiple vulnerabilities</topic>
<affects>
<package>
<name>php5</name>
<range><lt>5.3.5</lt></range>
</package>
<package>
<name>php52</name>
<range><lt>5.2.17</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PHP developers reports:</p>
<blockquote cite="http://www.php.net/releases/5_3_5.php">
<p>Security Enhancements and Fixes in PHP 5.3.5:</p>
<ul>
<li>Fixed bug #53632 (PHP hangs on numeric value
2.2250738585072011e-308). (CVE-2010-4645)</li>
</ul>
</blockquote>
<blockquote cite="http://www.php.net/releases/5_2_17.php">
<p>Security Enhancements and Fixes in PHP 5.2.17:</p>
<ul>
<li>Fixed bug #53632 (PHP hangs on numeric value
2.2250738585072011e-308). (CVE-2010-4645)</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2010-4645</cvename>
</references>
<dates>
<discovery>2011-01-06</discovery>
<entry>2011-01-09</entry>
<modified>2011-01-09</modified>
</dates>
</vuln>
<vuln vid="e4fcf020-0447-11e0-becc-0022156e8794">
<topic>exim -- local privilege escalation</topic>
<affects>
<package>
<name>exim</name>
<range><lt>4.73</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>David Woodhouse reports:</p>
<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=661756#c3">
<p>Secondly a privilege escalation where the trusted 'exim'
user is able to tell Exim to use arbitrary config files,
in which further ${run ...} commands will be invoked as
root.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2010-4345</cvename>
<url>http://www.exim.org/lurker/message/20101209.022730.dbb6732d.en.html</url>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=661756#c3</url>
</references>
<dates>
<discovery>2010-12-10</discovery>
<entry>2011-01-08</entry>
</dates>
</vuln>
<vuln vid="e177c410-1943-11e0-9d1c-000c29ba66d2">
<topic>mediawiki -- Clickjacking vulnerabilities</topic>
<affects>
<package>
<name>mediawiki</name>
<range><gt>1.16</gt><lt>1.16.1</lt></range>
<range><gt>1.15</gt><lt>1.15.5_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Clickjacking vulnerabilities:</p>
<blockquote cite="https://bugzilla.wikimedia.org/show_bug.cgi?id=26561">
<p>Clickjacking is a type of vulnerability discovered in 2008, which
is similar to CSRF. The attack involves displaying the target webpage
in a iframe embedded in a malicious website. Using CSS, the submit button
of the form on the targeit webpage is made invisible, and then overlaid
with some button or link on the malicious website that encourages
the user to click on it.</p>
</blockquote>
</body>
</description>
<references>
<url>https://bugzilla.wikimedia.org/show_bug.cgi?id=26561</url>
</references>
<dates>
<discovery>2011-01-04</discovery>
<entry>2011-01-06</entry>
</dates>
</vuln>