The following security announcement applies to firefox and xulrunner. If you have firefox and xulrunner installed, please see below for details on the vulnerability and instructions on patching your system: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause… Read More »
The following security announcement applies to firefox and xulrunner. If you have firefox and xulrunner installed, please see below for details on the vulnerability and instructions on patching your system: Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious website, a remote attacker could cause… Read More »
The following security announcement applies to squid. If you have squid installed, please see below for details on the vulnerability and instructions on patching your system: It was discovered that Squid incorrectly handled certain auth headers. A remote attacker could exploit this with a specially-crafted auth header and cause Squid to go into an infinite… Read More »
The following security announcement applies to libruby1.9 and ruby1.9. If you have libruby1.9 and ruby1.9 installed, please see below for details on the vulnerability and instructions on patching your system: Emmanouel Kellinis discovered that Ruby did not properly handle certain string operations. An attacker could exploit this issue and possibly execute arbitrary code with application… Read More »
The following security announcement applies to libtomcat6-java. If you have libtomcat6-java installed, please see below for details on the vulnerability and instructions on patching your system: It was discovered that Tomcat did not correctly validate WAR filenames or paths when deploying. A remote attacker could send a specially crafted WAR file to be deployed and cause… Read More »
The following security announcement applies to gnome-screensaver. If you have gnome-screensaver installed, please see below for details on the vulnerability and instructions on patching your system: It was discovered that gnome-screensaver did not correctly handle monitor hotplugging. An attacker with physical access could cause gnome-screensaver to crash and gain access to the locked session. The… Read More »
The following security announcement applies to mysql-server. If you have mysql-server installed, please see below for details on the vulnerability and instructions on patching your system: It was discovered that MySQL could be made to overwrite existing table files in the data directory. An authenticated user could use the DATA DIRECTORY and INDEX DIRECTORY options… Read More »
The following security announcement applies to linux-image. If you have linux-image installed, please see below for details on the vulnerability and instructions on patching your system: ATTENTION: Due to an unavoidable ABI change (except for Ubuntu 6.06) the kernel updates have been given a new version number, which requires you to recompile and reinstall all… Read More »
The following security announcement applies to fuse-utils. If you have fuse-utils installed, please see below for details on the vulnerability and instructions on patching your system: Ronald Volgers discovered that FUSE did not correctly check mount locations. A local attacker, with access to use FUSE, could unmount arbitrary locations, leading to a denial of service.… Read More »
The following security announcement applies to smbfs. If you have smbfs installed, please see below for details on the vulnerability and instructions on patching your system: Ronald Volgers discovered that the mount.cifs utility, when installed as a setuid program, suffered from a race condition when verifying user permissions. A local attacker could trick samba into… Read More »