Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 5408 5409 5410 5411 5412 5413 5414 5415 ... 5416 ) Next »

Red Hat alert: syslog format vulnerability in klogd

  • Mailing list (Posted by dave on Sep 18, 2000 11:42 AM EDT)
  • Story Type: Security; Groups: Red Hat
Various vulnerabilities exist in syslogd/klogd. By exploiting these vulnerabilities, it could be possible for local users to gain root access. No remote exploit exists at this time, but it remains theoretically possible that this vulnerability could be exploited remotely under certain rare circumstances. All users should upgrade to the new sysklogd packages. Users of Red Hat Linux 6.0 and 6.1 should use the packages for Red Hat Linux 6.

Debian alert: Security update policy for Debian 2.1 (slink)

  • Mailing list (Posted by dave on Sep 14, 2000 2:40 PM EDT)
  • Story Type: Security; Groups: Debian
We would appreciate hearing whether we have allowed enough time for the slink->potato transition. Please direct your comments to feedback@security.debian.org

Red Hat alert: Format string exploit in screen

  • Mailing list (Posted by dave on Sep 14, 2000 10:20 AM EDT)
  • Story Type: Security; Groups: Red Hat
Security hole in screen in Red Hat Linux 5.2 and earlier releases

Slackware alert: xchat input validation bug fixed

An input validation bug was found to affect Slackware Linux 7.0, 7.1, and -current.

Red Hat alert: xpdf bugfix release

  • Mailing list (Posted by dave on Sep 13, 2000 2:57 PM EDT)
  • Story Type: Security; Groups: Red Hat
Security problem in temporary file and malicious URL.

SuSE alert: pam_smb

  • Mailing list (Posted by dave on Sep 13, 2000 8:06 AM EDT)
  • Story Type: Security; Groups: SUSE
pam_smb is a package for a PAM (Pluggable Authentication Modules) module that allows Linux/Unix user authentication using a Windows NT server. Versions 1.1.5 and before contain a buffer overflow that would allow a remote attacker to gain root access on the target host, provided that the target host has the module installed and configured. The bug was found by Shaun Clowes <shaun@securereality.com.au>, and a new, fixed version of the package was promptly published by Dave Airlie <airlied@samba.org>, the author of the pam_smb package.

Debian alert: New version of libpam-smb released

  • Mailing list (Posted by dave on Sep 11, 2000 7:30 PM EDT)
  • Story Type: Security; Groups: Debian
libpam-smb contains a buffer overflow that can be used to execute arbitrary commands with root privilege. libpam-smb was not shipped with Debian 2.1 (slink), but was included in Debian 2.2 (potato).

Red Hat alert: Updated mgetty packages are now available.

  • Mailing list (Posted by dave on Sep 11, 2000 10:57 AM EDT)
  • Story Type: Security; Groups: Red Hat
The mgetty-sendfax package contains a vulnerability which allows any user with access to the /var/tmp directory to destroy any file on any mounted filesystem.

Debian alert: New version of xpdf released

  • Mailing list (Posted by dave on Sep 10, 2000 5:22 AM EDT)
  • Story Type: Security; Groups: Debian
xpdf as distributed in Debian GNU/Linux 2.2 suffered from two problems: 1. creation of temporary files was not done safely which made xpdf vulnerable to a symlink attack. 2. when handling URLs in documents no checking was done for shell metacharacters before starting the browser. This makes it possible to construct a document which cause xpdf to run arbitrary commands when the user views an URL.

Debian alert: New version of horde and imp released

  • Mailing list (Posted by dave on Sep 10, 2000 5:05 AM EDT)
  • Story Type: Security; Groups: Debian
imp as distributed in Debian GNU/Linux 2.2 suffered from insufficient checking of user supplied data: the IMP webmail interface did not check the $from variable which contains the sender address for shell metacharacters. This could be used to run arbitrary commands on the server running imp.

Red Hat alert: glibc vulnerabilities in ld.so, locale and gettext

  • Mailing list (Posted by dave on Sep 7, 2000 12:37 PM EDT)
  • Story Type: Security; Groups: Red Hat
Several bugs were discovered in glibc which could allow local users to gain root privileges.

SuSE alert: apache

  • Mailing list (Posted by dave on Sep 7, 2000 10:02 AM EDT)
  • Story Type: Security; Groups: SUSE
The default package selection in SuSE distributions includes apache. The configuration file that comes with the package contains two security relevant errors:

SuSE alert: screen

  • Mailing list (Posted by dave on Sep 6, 2000 9:37 AM EDT)
  • Story Type: Security; Groups: SUSE
screen, a tty multiplexer, is installed suid root by default on SuSE Linux distributions. By supplying a thoughtfully designed string as the visual bell message, local users can obtain root privilege. Exploit information has been published on security forums.

SuSE alert: shlibs (glibc)

  • Mailing list (Posted by dave on Sep 6, 2000 2:30 AM EDT)
  • Story Type: Security; Groups: SUSE
The glibc implementations in all SuSE distributions starting with SuSE-6.0 have multiple security problems where at least one of them allows any local user to gain root access to the system.

Slackware alert: glibc 2.1.3 vulnerabilities patched

Three locale-related vulnerabilities with glibc 2.1.3 were recently reported on BugTraq. These vulnerabilities could allow local users to gain root access.

Debian alert: glibc update for Debian GNU/Linux 2.1 (update)

  • Mailing list (Posted by dave on Sep 5, 2000 6:58 AM EDT)
  • Story Type: Security; Groups: Debian
Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.

Debian alert: glibc update for Debian GNU/Linux 2.1

  • Mailing list (Posted by dave on Sep 4, 2000 3:59 PM EDT)
  • Story Type: Security; Groups: Debian
Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.

Debian alert: new version of screen released

  • Mailing list (Posted by dave on Sep 4, 2000 3:56 AM EDT)
  • Story Type: Security; Groups: Debian
A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid. Debian 2.1 (slink) did ship screen setuid and the exploit can be used to gain root privilages. In Debian 2.2 (potato) screen is not setuid, and is not vulnerable to a root exploit. screen is, however, setgid utmp in Debian 2.2 (potato) and we recommend upgrading.

Slackware alert: Perl root exploit in Slackware 7.1 & -current

A root exploit was found in the /usr/bin/suidperl5.6.0 program that shipped with the Slackware 7.1 perl.tgz package.

Debian alert: New version of glibc released

  • Mailing list (Posted by dave on Sep 2, 2000 8:17 AM EDT)
  • Story Type: Security; Groups: Debian
Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.

« Previous ( 1 ... 5408 5409 5410 5411 5412 5413 5414 5415 ... 5416 ) Next »