Fedora Legacy Update Advisory - FLSA:2072. Updated CUPS packages fix security vulnerability. Updated cups packages that fix a denial of service vulnerability are now available. In versions of CUPS prior to 1.1.21, an attacker can craft packets to the IPP port which will result in a Denial of Service on the CUPS service.
FreeBSD Security Advisory FreeBSD-SA-04:15.syscons - The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of its input arguments. In particular, negative coordinates or large coordinates may cause unexpected behavior.
Gentoo Linux Security Advisory GLSA 200409-35 - An information leak in mod_authz_svn could allow sensitive metadata of protected areas to be leaked to unauthorized users.
Gentoo Linux Security Advisory GLSA 200410-02 - Utilities included in old Netpbm versions are vulnerable to multiple temporary files issues, potentially allowing a local attacker to overwrite files with the rights of the user running the utility.
Gentoo Linux Security Advisory GLSA 200410-05 - Cyrus-SASL contains two vulnerabilities that might allow an attacker to completely compromise the vulnerable system.
Gentoo Linux Security Advisory GLSA 200410-06 - CUPS leaks information about user names and passwords when using remote printing to SMB-shared printers which require authentication.
Gentoo Linux Security Advisory GLSA 200410-08 - compress and uncompress, which could be used by daemon programs, contain a buffer overflow that could lead to remote execution of arbitrary code with the rights of the daemon process.
Gentoo Linux Security Advisory GLSA 200410-10 - The gettext utility is vulnerable to symlink attacks, potentially allowing a local user to overwrite or change permissions on arbitrary files with the rights of the user running gettext, which could be the root user.
Gentoo Linux Security Advisory GLSA 200410-13 - BNC contains an input validation flaw which might allow a remote attacker to issue arbitrary IRC related commands.
Gentoo Linux Security Advisory GLSA 200410-16 - The make_oidjoins_check script, part of the PostgreSQL package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
Gentoo Linux Security Advisory GLSA 200410-17 - OpenOffice.org uses insecure temporary files which could allow a malicious local user to gain knowledge of sensitive information from other users' documents.
Gentoo Linux Security Advisory GLSA 200410-19 - The catchsegv script in the glibc package is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the script.
Gentoo Linux Security Advisory GLSA 200410-21 - A flaw has been found in mod_ssl where the SSLCipherSuite directive could be bypassed in certain configurations if it is used in a directory or location context to restrict the set of allowed cipher suites.
Gentoo Linux Security Advisory GLSA 200410-22 - Several vulnerabilities including privilege abuse, Denial of Service, and potentially remote arbitrary code execution have been discovered in MySQL.
Gentoo Linux Security Advisory GLSA 200410-23 - Multiple vulnerabilities have been found in Gaim which could allow a remote attacker to crash the application, or possibly execute arbitrary code.
Gentoo Linux Security Advisory GLSA 200410-24 - The send-pr.sh script, included in the mit-krb5 package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
Gentoo Linux Security Advisory GLSA 200410-25 - The etc2ps.sh script, included in the Netatalk package, is vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.
Gentoo Linux Security Advisory GLSA 200410-27 - Buffer overflow vulnerabilities have been found in mpg123 which could lead to execution of arbitrary code. The flaws in the getauthfromURL() and http_open() functions have been reported by Carlos Barros. Additionally, the Gentoo Linux Sound Team fixed additional boundary checks which were found to be lacking.
Gentoo Linux Security Advisory GLSA 200410-30 - GPdf, KPDF and KOffice all include vulnerable xpdf code to handle PDF files, making them vulnerable to execution of arbitrary code upon viewing a malicious PDF file.