Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.
An updated firefox package that fixes several security issues is now available for various Linux distributions. All Mozilla Firefox users should upgrade to this updated package as update has been rated as having critical security impact.
An unpatched security hole in Ubuntu Linux 8.04 LTS operating system could be used by attackers to send a crafted packet and cause a denial of service via application crash in applications linked against OpenSSL to take control of vulnerable servers.
Red Hat has issued a security update for its kernel package. The patch plugs a critical flaw that Red Hat said attackers could use to take control of a vulnerable system.
Can bug present in the Debian OpenSSL packages affect Red Hat / FreeBSD / CentOS Linux UNIX / Windows workstation / server users?
Multiple buffer overflows were discovered in the Ubuntu Linux kernel and can be corrected by upgrading your system to latest kernel version.
Luciano Bello discovered that the random number generator in Debian’s openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable.
The PCRE library did not correctly handle certain in-pattern options. An attacker could cause applications linked against pcre3 to crash, leading to a denial of service.