Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 5592 5593 5594 5595 5596 5597 5598 5599 5600 5601 5602 ... 5667 ) Next »

Slackware alert: OpenSSH Security Advisory (SSA:2003-259-01)

Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and - -current. These fix a buffer management error found in versions of OpenSSH earlier than 3.7. The possibility exists that this error could allow a remote exploit, so we recommend all sites running OpenSSH upgrade to the new OpenSSH package immediately.

Debian alert: OpenSSH buffer management fix

  • Mailing list (Posted by dave on Sep 16, 2003 10:41 AM EDT)
  • Story Type: Security; Groups: Debian
A bug has been found in OpenSSH's buffer handling where a buffer could be marked as grown when the actual reallocation failed.

Red Hat alert: Updated OpenSSH packages fix potential vulnerability

  • Mailing list (Posted by dave on Sep 16, 2003 9:55 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated OpenSSH packages are now available that fix a bug that may be remotely exploitable.

Havoc Pennington: Linux has its Nails on UNIX's Coffin

Today we feature a very interesting interview with Havoc Pennington. Havoc works for Red Hat, he is heading the desktop team, while he is well known also for his major contributions to GNOME, his GTK+ programming book, plus the freedesktop.org initiative which aims to standardize the X11 desktop environments. In the following interview we discuss about the changes inside Red Hat, Xouvert, freedesktop.org and Gnome's future, and how Linux, in general, is doing in the desktop market.

Debian alert: New mysql packages fix buffer overflow

  • Mailing list (Posted by dave on Sep 13, 2003 6:20 PM EDT)
  • Story Type: Security; Groups: Debian
MySQL, a popular relational database system, contains a buffer overflow condition which could be exploited by a user who has permission to execute "ALTER TABLE" commands on the tables in the "mysql" database. If successfully exploited, this vulnerability could allow the attacker to execute arbitrary code with the privileges of the mysqld process (by default, user "mysql"). Since the "mysql" database is used for MySQL's internal record keeping, by default the mysql administrator "root" is the only user with permission to alter its tables.

Debian alert: New xfree86 packages fix multiple vulnerabilities

  • Mailing list (Posted by dave on Sep 12, 2003 10:55 AM EDT)
  • Story Type: Security; Groups: Debian
Four vulnerabilities have been discovered in XFree86.

Mandrake alert: Updated XFree86 packages fix multiple vulnerabilities

Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and enumeration of fonts from font servers to clients.

Debian alert: New sane-backends packages fix several vulnerabilities

  • Mailing list (Posted by dave on Sep 11, 2003 12:50 AM EDT)
  • Story Type: Security; Groups: Debian
Alexander Hvostov, Julien Blache and Aurelien Jarno discovered several security-related problems in the sane-backends package, which contains an API library for scanners including a scanning daemon (in the package libsane) that can be remotely exploited. Thes problems allow a remote attacker to cause a segfault fault and/or consume arbitrary amounts of memory. The attack is successful, even if the attacker's computer isn't listed in saned.conf.

SuSE alert: pine

  • Mailing list (Posted by dave on Sep 10, 2003 11:39 PM EDT)
  • Story Type: Security; Groups: SUSE
The well known and widely used mail client pine is vulnerable to a buffer overflow. The vulnerability exists in the code processing 'message/external-body' type messages. It allows remote attackers to execute arbitrary commands as the user running pine. Additionally an integer overflow in the MIME header parsing code has been fixed.

Red Hat alert: Updated pine packages fix vulnerabilities

  • Mailing list (Posted by dave on Sep 10, 2003 10:51 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Pine packages that resolve remotely exploitable security issues are now available.

Slackware alert: security issues in pine (SSA:2003-253-01)

Upgraded pine packages are available for Slackware 8.1, 9.0 and - -current. These fix two security problems found by iDEFENSE Labs which could lead to arbitrary code execution when a specially crafted email is processed by Pine.

Interview with YellowTAB's Bernd Korz

  • OSnews (Posted by dave on Sep 9, 2003 8:00 PM EDT)
Tonight we had a quick chat with YellowTAB's Bernd Korz over the Zeta OS. The German engineer, manager and spokesperson of YellowTAB is speaking of the release date, the changing goals of Zeta and more. Read more for the interesting transcript.

Red Hat alert: Updated gtkhtml packages fix vulnerability

  • Mailing list (Posted by dave on Sep 9, 2003 5:06 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated gtkhtml packages that fix a null pointer dereference are now available.

Slackware alert: inetd DoS patched (SSA:2003-251-01)



Upgraded inetd packages are available for Slackware 8.1, 9.0 and - -current. These fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes. An attacker could use a quick burst of connections every ten minutes to effectively disable a service.

Debian alert: New mah-jong packages fix buffer overflows, denial of service

  • Mailing list (Posted by dave on Sep 7, 2003 2:48 PM EDT)
  • Story Type: Security; Groups: Debian
Nicolas Boullis discovered two vulnerabilities in mah-jong, a network-enabled game.

Debian alert: New exim packages fix incorrect permissions on documentation

  • Mailing list (Posted by dave on Sep 7, 2003 7:54 AM EDT)
  • Story Type: Security; Groups: Debian
A buffer overflow exists in exim, which is the standard mail transport agent in Debian. By supplying a specially crafted HELO or EHLO command, an attacker could cause a constant string to be written past the end of a buffer allocated on the heap. This vulnerability is not believed at this time to be exploitable to execute arbitrary code.

Debian alert: New wu-ftpd packages fix insecure program execution

  • Mailing list (Posted by dave on Sep 4, 2003 5:03 PM EDT)
  • Story Type: Security; Groups: Debian
wu-ftpd, an FTP server, implements a feature whereby multiple files can be fetched in the form of a dynamically constructed archive file, such as a tar archive. The names of the files to be included are passed as command line arguments to tar, without protection against them being interpreted as command-line options. GNU tar supports several command line options which can be abused, by means of this vulnerability, to execute arbitrary programs with the privileges of the wu-ftpd process.

Debian alert: New exim, exim-tls packages fix buffer overflow

  • Mailing list (Posted by dave on Sep 4, 2003 3:34 PM EDT)
  • Story Type: Security; Groups: Debian
A buffer overflow exists in exim, which is the standard mail transport agent in Debian. By supplying a specially crafted HELO or EHLO command, an attacker could cause a constant string to be written past the end of a buffer allocated on the heap. This vulnerability is not believed at this time to be exploitable to execute arbitrary code.

Red Hat alert: Updated httpd packages fix Apache security vulnerabilities

  • Mailing list (Posted by dave on Sep 3, 2003 11:41 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated httpd packages that fix several minor security issues are now available for Red Hat Linux 8.0 and 9.

SuSE alert: pam_smb

  • Mailing list (Posted by dave on Sep 3, 2003 7:47 AM EDT)
  • Story Type: Security; Groups: SUSE
The PAM module (and server) pam_smb allows users of Linux systems to be authenticated by querying an NT server. Dave Airlie <airlied@samba.org> informed us about a bug in the authentication code of pam_smb that allows a remote attacker to gain access to a system using pam_smb by issuing a too long password string.

« Previous ( 1 ... 5592 5593 5594 5595 5596 5597 5598 5599 5600 5601 5602 ... 5667 ) Next »