similar to: SA54438

hi , anybody knows more about this ? http://secunia.com/advisories/36698/ http://secunia.com/advisories/36629/ http://secunia.com/advisories/36713/ -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria

Please, note: http://secunia.com/advisories/23115/ A port maintainer CC'ed. -- Dixi. Sem.

I just confirmed the following bug on my firefox. http://secunia.com/advisories/14820/ Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050219 Firefox/1.0 (I think my firefox is a month or two behind, from ports, but the advisary indicates both 1.0.1 and 1.0.2 are effected.) FreeBSD localhost 5.3-RELEASE FreeBSD 5.3-RELEASE #0: Fri Nov 5 04:19:18 UTC 2004

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure when parsing SMB responses == can result in a buffer overrun == == CVE ID#: CVE-2008-1105 == == Versions: Samba 3.0.0 - 3.0.29 (inclusive) == == Summary: Specifically crafted SMB responses can result == in a heap overflow

As a Cygwin rsync package maintainer, the following security fixes have been brought to my attention: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-stats-fix.patch http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-fname-obo.patch And while they seem "trusted" enough to me (present in many packages such as Gentoo, FreeBSD

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ========================================================== == == Subject: Boundary failure in GETDC mailslot == processing can result in a buffer overrun == == CVE ID#: CVE-2007-6015 == == Versions: Samba 3.0.0 - 3.0.27a (inclusive) == == Summary: Specifically crafted GETDC mailslot requests == can trigger a

For those who haven't yet received this warning yet. Anybody from the core can tell about the background and possible fixes? <p>Regards, Stefan ------- Forwarded message follows ------- Date sent: Wed, 12 May 2004 13:50:17 +0200 To: secunia_security_advisories@stefan-neufeind.de Subject: [SA11578] Icecast Basic Authorization Denial of Service Vulnerability

Keir, I noticed that a Shadow patch went into the 3.1.1 staging tree today. Does this mean that we should expect a 4th release candidate before the 3.1.1 release tag is official? If so - how much testing time are you going to give that release candidate before deciding whether a release tag, or another RC round is appropriate? Ben Guthro _______________________________________________

I think, there is a neat exploit in the phpbb2.0.8 because I found my home page defaced one dark morning. The patch for phpBB is here. http://www.phpbb.com/downloads.php The excerpt of the log is attached. I believe the link to the described exploit is here. http://secunia.com/advisories/13239 The defacement braggen page is here filter to show the exploited FreeBSD machines that aneurysm.inc

Hello, For some reason, I thought little about the "clear" command today.. Let's say a privileged user (root) logs on, edit a sensitive file (e.g, a file containing a password, running vipw, etc) .. then runs clear and logout. Then anyone can press the scroll-lock command, scroll back up and read the sensitive information.. Isn't "clear" ment to clear the

Hi, FYI, Red Hat released an advisory today about a vulnerability in Ruby. So far it doesn't appear in the VuXML, but am I correct in presuming it will soon? https://rhn.redhat.com/errata/RHSA-2006-0604.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694 cheers, -- Joel Hatton -- Infrastructure Manager | Hotline: +61 7 3365 4417 AusCERT - Australia's national

I need some advice. I updated the kernel but when I restarted my computer I got the following error message: -- I cannot start the X server (your graphical interface). It is likely that it is not set up correctly. ... Failed to load the NVIDIA kernel module! -- I've started my computer using the old kernel. I found out that there's a new nvidia driver so I will also update it.

Version 4.x users , ERIFY ADVISORY: http://secunia.com/advisories/15261/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch.asc VERIFY ADVISORY: http://secunia.com/advisories/15260/ ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch

Hi all, In an attempt to get the old v2.2 Samba behaviour to work, I tried to enable the ldapsam_compat mode in passwd backend. Win2k cannot connect, username and password not accepted. The LDAP logs reveal that Samba is trying to make the following search: (&(&(uid=minfrin)(objectClass=sambaSamAccount))(objectClass=sambaAccount)) This search returns users who have both the old v2.2

I upgraded from V2.2 to V2.4. I use the "upslog" command to log the values of my belkin ups (belkinunv via serial port). It would occasionally start to record garbage, but it would always go back to normal in V2.2 if I restarted. In V2.4 it would not record the values, and the process would fail after the next interval had passed. I had set if for 300 seconds. I walked through the

Hi, http://dev.rubyonrails.org/ticket/8453 http://dev.rubyonrails.org/ticket/8371 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3227 I came across the above by accident. While I am subscribed to the so called rails security list where supposed announcement of security issues were to be posted, neither of the above problem made the list. While I use rails a lot and like it, the above

Hello all, Long time, no write :-) I am building a spanking, wonderful new mail server. I am very excited about this, since I am going to use the new dovecot v2.2.12 !! However, last time I did this (and documented it), I was working with v1.2. I consulted my notes and it seems there are huge differences between v1.2 and v2.2. So my question is, would anyone know if there's a "quick

Has anybody noticed Outlook 2007 & 2010 (but apparently not 2013) hanging IMAP connections with Dovecot v2.2 (but not v2.1) when they're FETCHing large mails? I can't think of any reasonable explanation for this.

http://dovecot.org/releases/2.2/beta/dovecot-2.2.beta2.tar.gz http://dovecot.org/releases/2.2/beta/dovecot-2.2.beta2.tar.gz.sig A ton of fixes since beta1. Especially the new dsync and the replication server related to that should really work now. It also works correctly now for shared mailboxes with private \Seen flags. And the replication server uses incremental syncing after the initial full

http://dovecot.org/releases/2.2/beta/dovecot-2.2.beta2.tar.gz http://dovecot.org/releases/2.2/beta/dovecot-2.2.beta2.tar.gz.sig A ton of fixes since beta1. Especially the new dsync and the replication server related to that should really work now. It also works correctly now for shared mailboxes with private \Seen flags. And the replication server uses incremental syncing after the initial full