Package CVE RHSA Description Reported Public Update on RHN "Days of Risk"
mozilla CVE-2006-0292 RHSA-2006:0199 RHSA-2006:0200 A bug in the way Mozilla's Javascript interpreter dereferences objects. If a user visits a malicious web page, Mozilla could crash or execute arbitrary code as the user running Mozilla. 20060127 20060202 20060202 0
kdelibs CVE-2006-0019 RHSA-2006:0184 A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. 20060110 20060119 20060119 0
mod_auth_pgsql CVE-2005-3656 RHSA-2006:0164 Several format string flaws were found in the way mod_auth_pgsql logs information. It may be possible for a remote attacker to execute arbitrary code as the 'apache' user if mod_auth_pgsql is installed and configured to perform user authentication against a PostgreSQL database. 20060105 20060105 20060105 0
lynx CVE-2005-2929 RHSA-2005:839 An arbitrary command execute bug was found in the lynx "lynxcgi:" URI handler. An attacker could create a web page redirecting to a malicious URL which could execute arbitrary code as the user running lynx. 20051111 20051111 20051111 0
lynx CVE-2005-3120 RHSA-2005:803 A stack overflow bug in Lynx when handling connections to NNTP (news) servers. An attacker could create a web page redirecting to a malicious news server which could execute arbitrary code as the user running lynx. 20051008 20051017 20051017 0
HelixPlayer CVE-2005-2629 RHSA-2005:788 A stack overflow bug was discovered in the way HelixPlayer processes RealPlayer (.rm) files. It is possible for a malformed RealPlayer file to execute arbitrary code as the user running HelixPlayer. Note that this issue was disclosed to the public several weeks after a fix was made available. 20050819 20051110 20050927 0
HelixPlayer CVE-2005-2710 RHSA-2005:788 A format string bug was discovered in the way HelixPlayer processes RealPix (.rp) files. It is possible for a malformed RealPix file to execute arbitrary code as the user running HelixPlayer. 20050908 20050926 20050927 1
firefox, mozilla CVE-2005-2701 RHSA-2005:785 RHSA-2005:789 A bug was found in the way Firefox and Mozilla processed XBM image files. If a user viewed a specially crafted XBM file, it would be possible to execute arbitrary code as the user running the browser. 20050915 20050922 20050922 0
firefox, mozilla CVE-2005-2702 RHSA-2005:785 RHSA-2005:789 A bug was found in the way Firefox and Mozilla processed certain Unicode sequences. It may be possible to execute arbitrary code as the user running the browser if the user views a specially crafted Unicode sequence. 20050915 20050922 20050922 0
firefox, mozilla CVE-2005-2705 RHSA-2005:785 RHSA-2005:789 An integer overflow bug was found in the Firefox and Mozilla JavaScript engine. Under favorable conditions, it may be possible for a malicious web page to execute arbitrary code as the user running the borwser 20050915 20050922 20050922 0
firefox, mozilla CVE-2005-2871 RHSA-2005:768 RHSA-2005:769 A bug was found in the way Firefox and Mozilla processed certain international domain names. An attacker could create a specially crafted HTML file, which when viewed by the victim would cause the browser to crash or possibly execute arbitrary code. 20050909 20050909 20050909 0
gaim CVE-2005-2103 RHSA-2005:627 A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ that could result in arbitrary code execution. 20050808 20050808 20050809 1
kopete (kdenetwork) CVE-2005-1852 RHSA-2005:639 Multiple integer overflow flaws were found in the way Kopete processes Gadu-Gadu messages. A remote attacker could send a specially crafted Gadu-Gadu message which would cause Kopete to crash or possibly execute arbitrary code. 20050721 20050721 20050721 0
HelixPlayer CVE-2005-1766 RHSA-2005:517 A buffer overflow bug was found in the way HelixPlayer processes SMIL files. An attacker could create a specially crafted SMIL file, which when combined with a malicious web server, could execute arbitrary code when opened by a user. 20050608 20050623 20050623 0
gaim CVE-2005-1261 RHSA-2005:429 A stack based buffer overflow bug was found in the way gaim processes a message containing a URL. A remote attacker could send a carefully crafted message resulting in the execution of arbitrary code on a victim's machine. 20050505 20050511 20050511 0
HelixPlayer CVE-2005-0755 RHSA-2005:392 A buffer overflow bug was found in the way HelixPlayer processes RAM files. An attacker could create a specially crafted RAM file which could execute arbitrary code when opened by a user. 20050405 20050419 20050420 1
firefox, mozilla, thunderbird CVE-2005-0399 RHSA-2005:335 RHSA-2005:336 RHSA-2005:337 A buffer overflow bug was found in the way Mozilla and Firefox processed GIF images. It is possible for an attacker to create a specially crafted GIF image, which when viewed by a victim will execute arbitrary code as the victim. 20050310 20050323 20050323 0
HelixPlayer CVE-2005-0455 RHSA-2005:271 A stack based buffer overflow bug was found in HelixPlayer's Synchronized Multimedia Integration Language (SMIL) file processor. An attacker could create a specially crafted SMIL file which would execute arbitrary code when opened by a user. 20050301 20050301 20050303 2
HelixPlayer CVE-2005-0611 RHSA-2005:271 A buffer overflow bug was found in the way HelixPlayer decodes WAV files. An attacker could create a specially crafted WAV file which could execute arbitrary code when opened by a user. 20050301 20050302 20050303 1

Table 3. Critical flaws in Enterprise Linux 4

Close Window