http://www.frsirt.com/english/advisories/2008/0503 - Multiple vulnerabilities have been identified in Clam AntiVirus (ClamAV), which could be exploited by remote attackers or malware to cause a denial of service or take complete control of an affected system. It is suggested to upgrade to clamav-0.92.1 available from http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=9...
http://www.securityfocus.com/brief/678 - Ten security holes were patched in Firefox. Exploits including information gathering, rogue script privilege escalation and other problems were fixed in version 18.104.22.168. It is recommended that all Firefox 2.0 users upgrade to version 22.214.171.124.
http://secunia.com/advisories/28872/ - Some vulnerabilities have been reported in Cacti, which can be exploited by malicious people to conduct HTTP response splitting, cross-site scripting, and SQL injection attacks. This affects version 0.8.7a and possibly prior versions. Upgrading to 0.8.7b is highly recommended.
http://secunia.com/advisories/28835/ - A bug in the vmsplice() call in the Linux kernel can allow a local user to escalate privileges to root. Sample code is available and has been verified as working. This bug affects kernel version 2.6.17 - 126.96.36.199, although the privilege escalation only works in the extended version of vmsplice() in 2.6.23 - 2.6.24. A patch partially fixing the bug is available in 188.8.131.52.
http://us1.samba.org/samba/security/CVE-2007-6015.html - (CVE-2007-6015) A vulnerability in Samba 3.0.0 through 3.0.27a allows for remote code execution. This only affects samba shares setup using the domain logons configuration option. Disabling this option, or upgrading to 3.0.28 will remove this vulnerability.
http://docs.info.apple.com/article.html?artnum=307004 - The Block all incoming connections setting for the Application Firewall allows any process running as user root (UID 0) to receive incoming connections, and also allows mDNSResponder to receive connections. This could result in the unexpected exposure of network services, as the original description is misleading. Please take this into account when locking down your OS 10.5 system.
http://research.eeye.com/html/alerts/zeroday/20070812.html - There exists a heap overflow in Yahoo Messenger 184.108.40.2063. It allows for remote code execution for users who accept a webcam invite from a malicious source. A patch is currently not available; please verify the person with whom you are chatting before accepting webcam invites.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3387 - gpdf is used in various programs including (1) poppler, (2) xpdf, (3) kpdf, (4) kdegraphics, (5) CUPS and (6) tetex, and others. This vulnerability is in gpdf prior to version 2.8.2. Please check with your OS provider for updates of any programs with the ability to read PDFs.