Two new DoS Vulnerabilities in Asterisk Fixed

2007-03-21 Thread Matt Riddell (NZ)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Digium have released fixes for two new DoS vulnerabilities in Asterisk today. Excerpt from 1.2.17: Along with minor bug fixes, this release incorporates a fix for the SIP DoS vulnerability recently discovered by INRIA Lorraine: http://voipsa.org/pip

RE: Your Opinion

2007-03-21 Thread Neale Green
FWIW, My concerns in regard to this do not relate to the fact that Microsoft is selling products to address security issues in its other products, they, like all other major players, are in business for the revenue, if people are prepared to pay for their products they will, if not they'll go

HPSBGN02189 SSRT071297 rev.2 - ServiceGuard for Linux, Remote Unauthorized Access

2007-03-21 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00860750 Version: 2 HPSBGN02189 SSRT071297 rev.2 - ServiceGuard for Linux, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon as soon as possibl

[security bulletin] HPSBUX02156 SSRT061236 rev.2 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS)

2007-03-21 Thread security-alert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00774579 Version: 2 HPSBUX02156 SSRT061236 rev.2 - HP-UX Running Thunderbird, Remote Unauthorized Access or Elevation of Privileges or Denial of Service (DoS) NOTICE: The information in this S

Secunia Research: XMMS Integer Overflow and Underflow Vulnerabilities

2007-03-21 Thread Secunia Research
== Secunia Research 21/03/2007 - XMMS Integer Overflow and Underflow Vulnerabilities - = Table of Contents Affected Software

Secunia Research: Evolution Shared Memo Categories Format String Vulnerability

2007-03-21 Thread Secunia Research
== Secunia Research 21/03/2007 - Evolution Shared Memo Categories Format String Vulnerability - == Table of Contents Affected Softwar

Secunia Research: InterActual Player / CinePlayer IASystemInfo.dll ActiveX Control Buffer Overflow

2007-03-21 Thread Secunia Research
== Secunia Research 21/03/2007 - InterActual Player / CinePlayer - - IASystemInfo.dll ActiveX Control Buffer Overflow - ==

[USN-438-1] Inkscape vulnerability

2007-03-21 Thread Kees Cook
=== Ubuntu Security Notice USN-438-1 March 20, 2007 inkscape vulnerability CVE-2007-1463 === A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06

[ MDKSA-2007:066 ] - Updated OpenAFS packages address vulnerability

2007-03-21 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:066 http://www.mandriva.com/security/ ___

[ MDKSA-2007:065 ] - Updated nas packages address multiple vulnerabilities

2007-03-21 Thread security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDKSA-2007:065 http://www.mandriva.com/security/ ___

Linksys WAG200G - Information disclosure

2007-03-21 Thread dniggebrugge
Hi there, About 2 months ago I bought a wireless ADSL modem/router, the Linksys WAG200G. Just did some basic security checks and to my utter surprise the device responded with about all sensitive information it knows: * Product model * Password webinterface * Username PPPoA * Password PPPoA * S

Re: Your Opinion +

2007-03-21 Thread Thor (Hammer of God)
It's no more of a conflict of interest than it is for Symantec to sell firewall products that protect Veritas backup software (which everyone knows has had multiple, serious security issues). t - Original Message - From: "Mark Litchfield" <[EMAIL PROTECTED]> To: ; <[EMAIL PROTECTED]>