Debian released a patch to fix multiple vulnerabilities in OpenOffice that open up the users' systems to compromise, Secunia reported on Wednesday.
One vulnerability was originally discovered by an anonymous researcher and reported to VeriSign’s iDefense Labs.
iDefense reported that research by Sean Larsson found additional flaws.
A vulnerability has been identified in KDE Konqueror, which could be exploited by attackers to gain knowledge of sensitive information.
Version 2.1.2 of the open-source BitTorrent client KTorrent for KDE removes two vulnerabilities. The first one is said to enable an attacker to cause the application to crash. According to the bug report by Ubuntu the vulnerability also allows code to be injected onto a system and executed. The vulnerability is found in the module chunkcounter.cpp and is triggered by large idx values.
An unknown cracker broke into a server hosting downloads of the popular WordPress blogging software and rigged the file with a remotely exploitable code execution vulnerability. If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker.
A flaw in Snort, the popular open-source intrusion detection system, could be used by attackers to run malicious code on vulnerable machines, several security organizations reported yesterday.
Microsoft and Mozilla are each working to tackle recently disclosed security flaws in the Internet Explorer and Firefox Web browsers.
Security researcher/hacker, Michal Zalewski has released a report on a security vulnerability affecting Firefox 220.127.116.11 and possibly earlier versions. The vulnerability could allow a malicious web site to impersonate an authentic one and set a cookie on its behalf. Zalewski recommends this workaround:
If you want to encrypt your sensitive files so that no one can access them without your personal password or decryption key, you have several options. But if you want a free, cross-platform, open source encryption application, try TrueCrypt.
Mark Dowd discovered that the netfilter iptables module did not correctly handle fragmented IPv6 packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules.
A security company has reported two new flaws in the Mozilla Firefox browser that may leave locally saved files vulnerable to outside attacks.