sudo version 1.6.8p1 has been released to address a security flaw in sudoedit that could give a malicious user read access to file that would normally be unreadable.
SUSE Security Announcement - Alvaro Martinez Echevarria has found a remote Denial of Service condition within CUPS which allows remote users to make the cups server unresponsive. Additionally the SUSE Security Team has discovered a flaw in the foomatic-rip print filter which is commonly installed along with cups. It allows remote attackers, which are listed in the printing ACLs, to execute arbitrary commands as the printing user 'lp'.
Technical Cyber Security Alert TA04-245A - Several vulnerabilities exist in the Oracle Database Server, Application Server, and Enterprise Manager software. The most serious vulnerabilities could allow a remote attacker to execute arbitrary code on an affected system. Oracle's Collaboration Suite and E-Business Suite 11i contain the vulnerable software and are affected as well.
Technical Cyber Security Alert TA04-247A - The MIT Kerberos 5 implementation contains several vulnerabilities, the most severe of which could allow an unauthenticated, remote attacker to execute arbitrary code on a Kerberos Distribution Center (KDC). This could result in the compromise of an entire Kerberos realm.
Technical Cyber Security Alert TA04-260A - Microsoft's Graphic Device Interface Plus (GDI+) contains a vulnerability in the processing of JPEG images. This vulnerability may allow attackers to remotely execute arbitrary code on the affected system. Exploitation may occur as the result of viewing a malicious web site, reading an HTML-rendered email message, or opening a crafted JPEG image in any vulnerable application. The privileges gained by a remote attacker depend on the software component being attacked.
Technical Cyber Security Alert TA04-261A - Several vulnerabilities exist in the Mozilla web browser and derived products, the most serious of which could allow a remote attacker to execute arbitrary code on an affected system.
A directory traversal vulnerability exists in several FTP commands of TwinFTP that may be exploited by a malicious user to access files outside the FTP directory. The problem lies with the incorrect filtering of directory name supplied to CWD, STOR and RETR commands. Versions tested: TwinFTP Server Standard 1.0.3 R2 (Win32) on English WinXP SP1, TwinFTP Server Enterprise 1.0.3 R2 (Win32) on English Win2K SP2.
Westpoint Security Advisory wp-04-0001 - Multiple browsers are susceptible to multiple cookie injection vulnerabilities. Tested: Internet Explorer 6.0 for Windows 2000 with all patches, Konqueror 3.1.4 for SuSE 9.0, Mozilla Firefox 0.9.2 for Windows 2000, Opera 7.51 for Windows 2000.
The firmware of Motorola's wireless WR850G router has a flaw that enables an attacker to log into the router's web interface without knowing username or password and the ability to gain knowledge of the router's username and password after logging in.