The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service by opening a large number of UNIX sockets without closing them, which triggers an infinite loop . The updated packages have been patched to prevent this.
racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service via crafted fragmented packets without a payload, which triggers a NULL pointer dereference . Updated packages are available that brings ipsec-tools to version 0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous bugfixes over the previous 0.7.1 version, and also corrects this is ...
A vulnerability has been found and corrected in irssi: Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow . This update provides fixes for this vulnerability.
A vulnerability has been found and corrected in ntp: A buffer overflow flaw was discovered in the ntpd daemon"s NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request packet that could crash ntpd . The updated packages have been patched to prevent this.
A vulnerability has been found and corrected in ImageMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow . This update fixes this vulnerability.
A vulnerability has been found and corrected in ntp: Requesting peer information from a malicious remote time server may lead to an unexpected application termination or arbitrary code execution . The updated packages have been patched to correct this issue.
A vulnerability has been found and corrected in subversion: Multiple integer overflows in the libsvn_delta library in Subversion before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users and remote Subversion servers to execute arbitrary code via an svndiff stream with large windows that trigger a heap-based buffer overflow, a related issue to CVE-2009-2412 . This update provides a so ...
A vulnerability has been found and corrected in ImageMagick, which could lead to integer overflow in the XMakeImage function in magick/xwindow.c, allowing remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow . This update fixes this vulnerability. Update: Packages for 2008.0 are being provided due to extended s ...
The daemon in acpid before 1.0.10 allows remote attackers to cause a denial of service by opening a large number of UNIX sockets without closing them, which triggers an infinite loop . The updated packages have been patched to prevent this. Update: Packages for 2008.0 are being provided due to extended support for Corporate products.
Data length values in metadata Audible Audio media file can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code . Failure on checking heap allocation on Audible Audio media files allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file . This update prov ...