Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 5433 5434 5435 5436 5437 5438 5439 5440 5441 5442 5443 ... 5510 ) Next »

Red Hat alert: Updated Perl packages fix security issues.

  • Mailing list (Posted by dave on Sep 22, 2003 12:53 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Perl packages that fix a security issue in Safe.pm and a cross-site scripting (XSS) vulnerability in CGI.pm are now available.

Red Hat alert: Updated Apache and mod_ssl packages fix security vulnerabilities

  • Mailing list (Posted by dave on Sep 22, 2003 12:39 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Apache and mod_ssl packages that fix several minor security issues are now available for Red Hat Linux 7.1, 7.2, and 7.3.

Debian alert: OpenSSH buffer management fix

  • Mailing list (Posted by dave on Sep 21, 2003 11:05 AM EDT)
  • Story Type: Security; Groups: Debian
This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer found four more bugs in OpenSSH that may be exploitable.

Debian alert: OpenSSH buffer management fix

  • Mailing list (Posted by dave on Sep 21, 2003 11:05 AM EDT)
  • Story Type: Security; Groups: Debian
This advisory is an addition to the earlier DSA-382-1 and DSA-382-3 advisories: Solar Designer found four more bugs in OpenSSH that may be exploitable.

Debian alert: New ipmasq packages fix insecure packet filtering rules

  • Mailing list (Posted by dave on Sep 20, 2003 2:05 PM EDT)
  • Story Type: Security; Groups: Debian
ipmasq is a package which simplifies configuration of Linux IP masquerading, a form of network address translation which allows a number of hosts to share a single public IP address. Due to use of certain improper filtering rules, traffic arriving on the external interface addressed for an internal host would be forwarded, regardless of whether it was associated with an established connection. This vulnerability could be exploited by an attacker capable of forwarding IP traffic with an arbitrary destination address to the external interface of a system with ipmasq installed.

SuSE alert: sendmail, sendmail-tls

  • Mailing list (Posted by dave on Sep 20, 2003 8:09 AM EDT)
  • Story Type: Security; Groups: SUSE
sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SuSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SuSE products up to and including SuSE Linux 8.0 and the SuSE Linux Enterprise Server 7.

Debian alert: New kdebase packages fix multiple vulnerabilites in KDM

  • Mailing list (Posted by dave on Sep 19, 2003 6:35 PM EDT)
  • Story Type: Security; Groups: Debian
Two vulnerabilities were discovered in kdebase:

Mandrake alert: Updated MySQL packages fix buffer overflow vulnerability

A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables.

Mandrake alert: Updated gtkhtml packages fix vulnerability

Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash due to a null pointer dereference in the GtkHTML library, versions prior to 1.1.0.

Debian alert: New gopher packages fix buffer overflows

  • Mailing list (Posted by dave on Sep 18, 2003 6:22 PM EDT)
  • Story Type: Security; Groups: Debian
gopherd, a gopher server from the University of Minnesota, contains a number of buffer overflows which could be exploited by a remote attacker to execute arbitrary code with the privileges of the gopherd process (the "gopher" user by default).

Debian alert: New libmailtools-perl packages fix input validation bug

  • Mailing list (Posted by dave on Sep 18, 2003 4:30 PM EDT)
  • Story Type: Security; Groups: Debian
The SuSE security team discovered during an audit that the Mail::Mailer module, a Perl module used for sending email, whereby potentially untrusted input is passed to a program such as mailx, which may interpret certain escape sequences as commands to be executed.

Debian alert: New hztty packages fix buffer overflows

  • Mailing list (Posted by dave on Sep 18, 2003 3:50 PM EDT)
  • Story Type: Security; Groups: Debian
Jens Steube reported a pair of buffer overflow vulnerabilities in hztty, a program to translate Chinese character encodings in a terminal session. These vulnerabilities could be exploited by a local attacker to gain root privileges on a system where hztty is installed.

SuSE alert: openssh (second release)

  • Mailing list (Posted by dave on Sep 18, 2003 10:18 AM EDT)
  • Story Type: Security; Groups: SUSE
The openssh package is the most widely used implementation of the secure shell protocol family (ssh). It provides a set of network connectivity tools for remote (shell) login, designed to substitute the traditional BSD-style r-protocols (rsh, rlogin). openssh has various authentification mechanisms and many other features such as TCP connection and X11 display forwarding over the fully encrypted network connection as well as file transfer facilities.

Mandrake alert: Updated sendmail packages fix buffer overflow vulnerability

A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694).

Debian alert: New sendmail packages fix buffer overflows

  • Mailing list (Posted by dave on Sep 17, 2003 6:19 PM EDT)
  • Story Type: Security; Groups: Debian
Two vulnerabilities were reported in sendmail.

Red Hat alert: Updated Sendmail packages fix vulnerability.

  • Mailing list (Posted by dave on Sep 17, 2003 3:45 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Sendmail packages that fix a potentially-exploitable vulnerability are now available.

Red Hat alert: Updated OpenSSH packages fix potential vulnerabilities

  • Mailing list (Posted by dave on Sep 17, 2003 1:13 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated OpenSSH packages are now available that fix bugs that may be remotely exploitable. [Updated 17 Sep 2003] Updated packages are now available to fix additional buffer manipulation problems which were fixed in OpenSSH 3.7.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0695 to these additional issues. We have also included fixes from Solar Designer for some additional memory bugs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0682 to these issues.

Slackware alert: Sendmail vulnerabilities fixed (SSA:2003-260-02)

The sendmail packages in Slackware 8.1, 9.0, and -current have been patched to fix security problems. These issues seem to be remotely exploitable, so all sites running sendmail should upgrade right away.

Slackware alert: OpenSSH updated again (SSA:2003-260-01)

Upgraded OpenSSH 3.7.1p1 packages are available for Slackware 8.1, 9.0 and -current. These fix additional buffer management errors that were not corrected in the recent 3.7p1 release. The possibility exists that these errors could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenSSH package immediately.

Mandrake alert: Updated openssh packages fix buffer management error

A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild.

« Previous ( 1 ... 5433 5434 5435 5436 5437 5438 5439 5440 5441 5442 5443 ... 5510 ) Next »