ep's blog

Multiple Vulnerabilities in Horde v3.1.5

http://secunia.com/advisories/28382/ - http://secunia.com/advisories/28020/ - Multiple vulnerabilities in Horde v3.1.5 (and before) allow for security restriction bypass (by an authenticated user) and allow for iframe injection in HTML email which could be used to delete the users mail (from any external person). It is highly recommended to upgrade to v3.1.6.

Security update available for Adobe Reader and Acrobat 8 fixes vulnerability

http://www.adobe.com/support/security/advisories/apsa08-01.html - An error in the printSepsWithParams() function within the Adobe Reader and Acrobat 8.1.1 program could lead to arbitrary code execution. In order to be compromised, a user must open a malicious PDF file. It is recommended to upgrade to Adobe Reader/Acrobat 8.1.2.

Clam AntiVirus Memory Corruption and Integer Overflow Vulnerabilities

http://www.frsirt.com/english/advisories/2008/0503 - Multiple vulnerabilities have been identified in Clam AntiVirus (ClamAV), which could be exploited by remote attackers or malware to cause a denial of service or take complete control of an affected system. It is suggested to upgrade to clamav-0.92.1 available from http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=9...

Linux kernel vmsplice() local privilege escalation exploit

http://secunia.com/advisories/28835/ - A bug in the vmsplice() call in the Linux kernel can allow a local user to escalate privileges to root. Sample code is available and has been verified as working. This bug affects kernel version 2.6.17 -, although the privilege escalation only works in the extended version of vmsplice() in 2.6.23 - 2.6.24. A patch partially fixing the bug is available in