Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 5609 5610 5611 5612 5613 5614 5615 5616 5617 5618 5619 ... 5645 ) Next »

Red Hat alert: Updated Mozilla packages fix a security issue

  • Mailing list (Posted by dave on May 15, 2002 11:15 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages are available which fix a security issue in Mozilla.

Red Hat alert: Updated sharutils package fixes uudecode issue

  • Mailing list (Posted by dave on May 14, 2002 6:44 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages for sharutils are available which fix potential privilege escalation using the uudecode utility.

Red Hat alert: perl-Digest-MD5 UTF8 bug results in incorrect MD5 sums

  • Mailing list (Posted by dave on May 10, 2002 9:33 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated perl-Digest-MD5 packages are available which work around a bug in the utf8 interaction between perl-Digest-MD5 and Perl.

Mandrake alert: temporary fix for netfilter information leak

A problem was discovered with Netfilter Network Address Translation (NAT) capabilities. It was found that iptables can leak information about how port forwarding is accomplished in unfiltered ICMP packets.

Red Hat alert: Netfilter information leak

  • Mailing list (Posted by dave on May 9, 2002 5:46 AM EDT)
  • Story Type: Security; Groups: Red Hat
Netfilter ("iptables") can leak information about how port forwarding is done in unfiltered ICMP packets. The older "ipchains" code is not affected. This bug only affects users using the Network Address Translation features of firewalls built with netfilter ("iptables"). Red Hat Linux's firewall configuration tools use "ipchains," and those configurations are not vulnerable to this bug.

Red Hat alert: Updated mod_python packages available

  • Mailing list (Posted by dave on May 8, 2002 10:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated mod_python packages have been made available for Red Hat Linux 7.2 and 7.3. These updates close a security issue in mod_python which allows the publisher handler to use modules which have only been indirectly imported. This re-issue adds packages for Red Hat Linux 7.3.

SuSE alert: sysconfig

  • Mailing list (Posted by dave on May 8, 2002 2:25 AM EDT)
  • Story Type: Security; Groups: SUSE
The ifup-dhcp script which is part of the sysconfig package is responsible for setting up network-devices using configuration data obtained from a DHCP server by the dhcpcd DHCP client. It is possible for remote attackers to feed this script with evil data via spoofed DHCP replies for example. This way ifup-dhcp could be tricked into executing arbitrary commands as root. The ifup-dhcp shellscript has been fixed to not source the file containing the possible evil data anymore. Even though the sysconfig package is installed by default, this problem only affects systems with certain dhcp network-setups so only users using DHCP should update their sysconfig package.

SuSE alert: imlib

  • Mailing list (Posted by dave on May 7, 2002 4:04 AM EDT)
  • Story Type: Security; Groups: SUSE
The imlib library can be used by X11 applications to handle various kinds of image data.

Red Hat Unveils Red Hat Linux 7.3

RALEIGH, NC--May 6, 2002--Red Hat, Inc. (Nasdaq:RHAT) today released Red Hat Linux version 7.3, a highly configurable operating system (OS) designed for deployments ranging from games and personal productivity to file, print and web serving. Red Hat Linux 7.3 adds new productivity tools, personal firewall configuration at installation, and video conferencing software to deliver everything individual users, educational institutions and small businesses need for flexible Internet-based computing.

Red Hat alert: Updated Nautilus for symlink vulnerability writing metadata files

  • Mailing list (Posted by dave on May 2, 2002 10:58 AM EDT)
  • Story Type: Security; Groups: Red Hat
The Nautilus file manager in Red Hat Linux 7.2 has a symlink vulnerability.

Red Hat alert: Updated mod_python packages available

  • Mailing list (Posted by dave on May 2, 2002 12:59 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated mod_python packages have been made available for Red Hat Linux 7.

Red Hat alert: Insecure DocBook stylesheet option

  • Mailing list (Posted by dave on May 1, 2002 4:17 AM EDT)
  • Story Type: Security; Groups: Red Hat
DocBook is a document markup language that can be transformed into other formats using a stylesheet. The default stylesheet provided with Red Hat Linux has an insecure option enabled.

SuSE alert: sudo

  • Mailing list (Posted by dave on Apr 30, 2002 6:52 AM EDT)
  • Story Type: Security; Groups: SUSE
The sudo program allows local users to execute certain configured commands with root priviledges. Sudo contains a heap overflow in its prompt assembling function. The input used to create the password prompt is user controlled and not properly length-checked before copied to certain heap locations. This allows local attackers to overflow the heap of sudo, thus executing arbitrary commands as root. We would like to thank GlobalInterSec for finding and researching this vulnerability. As a temporary workaround you may remove the setuid bit from sudo by issuing the following command as root: "chmod -s /usr/bin/sudo".

SuSE alert: radiusd-cistron

  • Mailing list (Posted by dave on Apr 29, 2002 4:25 AM EDT)
  • Story Type: Security; Groups: SUSE
The radius daemon as shipped with the radiusd-cistron package is responsible for the RADIUS authentication service in networks and therefore considered a security critical application. ZARAZA reported security releated bugs in various radius server and client software. The list of vulnerable servers includes the cistron radius package. Within the cistron package, a buffer overflow in the digest calculation function and miscalculations of attribute lengths have been fixed which could allow remote attackers to execute arbitrary commands on the system running the radius server. Beside the cistron radius package the following radius packages have been vulnerable to the same attacks and have been fixed: freeradius, radiusclient and livingston-radius. The only workaround for this bug is to disable the radius-server until the new packages have been installed.

Debian alert: sudo buffer overflow

  • Mailing list (Posted by dave on Apr 25, 2002 3:13 PM EDT)
  • Story Type: Security; Groups: Debian
fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access.

Mandrake alert: imlib update

Previous versions of imlib, prior to 1.9.13, would fall back to the NetPBM library which is not suitable for loading untrusted images due to various problem in it's code. The new imlib also fixes some problems with arguments passed to malloc(). These problems could allow attackers to construct images that could cause crashes or, potentially, the execution of arbitrary code when said images are loaded by a viewer that uses imlib. Thanks to Alan Cox and Al Viro for discovering the problems.

Mandrake alert: sudo update

A problem was discovered by fc, with further research by Global InterSec, in the sudo program with the password prompt parameter (-p). Sudo can be tricked into allocating less memory than it should for the prompt and in certain conditions it is possible to exploit this flaw to corrupt the heap in such a way that could be used to execute arbitary commands. Because sudo is generally suid root, this can lead to an elevation of privilege for local users.

Red Hat alert: Updated icecast packages are available

  • Mailing list (Posted by dave on Apr 25, 2002 2:08 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated icecast packages are available which fix a number of security issues.

Red Hat alert: Updated sudo packages are available

  • Mailing list (Posted by dave on Apr 25, 2002 1:22 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated sudo packages are available which fix a local root exploit.

Red Hat alert: Updated sudo packages are available

  • Mailing list (Posted by dave on Apr 25, 2002 1:19 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated sudo packages are available which fix a local root exploit.

« Previous ( 1 ... 5609 5610 5611 5612 5613 5614 5615 5616 5617 5618 5619 ... 5645 ) Next »