Showing all newswire headlinesView by date, instead?
« Previous ( 1 ...
) Next »
This week, advisories were released for phpgroupware, kernel, jitterbug, ethereal, kdepim, cvs, kdepim, and tcpdump. The distributors include Debian, Gentoo, Mandrake, Red Hat, Slackware, SuSE, and Trustix.
By Michael S. Mimoso, Senior News Editor. Red Hat Inc. on Wednesday issued four security alerts that include fixes for problems in
Tcpdump is a well known tool for administrators to analyze network
There is a bug in the tcpdump code responsible for handling ISAKMP
messages. This bug allows remote attackers to destroy a current
tcpdump session by tricking the tcpdump program with evil ISAKMP
messages to enter an endless loop.
The do_mremap() function of the Linux Kernel is used to manage
(move, resize) Virtual Memory Areas (VMAs). By exploiting an incorrect
bounds check in do_mremap() during the remapping of memory it is
possible to create a VMA with the size of 0.
In normal operation do_mremap() leaves a memory hole of one page and
creates an additional VMA of two pages. In case of exploitation no
hole is created but the new VMA has a 0 bytes length.
The Linux Kernel's memory management is corrupted from this point
and can be abused by local users to gain root privileges.
Additionally Andi Kleen of SUSE LINUX found and fixed another bug
in the 32bit emulation of ptrace() which allows to modify CPU registers
from user-space to get full access to system ressources.
Fools recall that for the past few months, SCO (the software maker formerly known as Caldera) has been shaking down Linux providers, even taking a $3 billion
OTCBB:ANTS), a developer of high-performance SQL database management systems, announced today that it has successfully ported the ANTs Data Server to the Linux
COMMENTARY--One of my dirty little secrets is that I have never successfully installed Linux on anything. I've tried many times Server to the Linux
Updated Net-SNMP packages are available to correct a security vulnerability
and other bugs.
There are several templating systems available; some are native to PHP while others have been ported to PHP from other programming languages.
libnss_wins was not being built. It is now.
Minor cleanup of the kernel source package. No other kernel package
A problem in tcpdump was discovered, where it was possible to crash the
program by sending carefully crafted packets on the network.
SCO announced it has begun making the SCO Intellectual Property License available to companies and organizations worldwide including small-to-medium size businesses and large corporations.
Two easily-identified Microsoft trolls were also in the main auditorium audience, asking the same questions Microsoft hirelings ask at open source conferences
In the wake of the ongoing SCO lawsuit, open source developers must take steps to ensure they don't become the victims of further legal action.
This vulnerability allows for a
carefully crafted .VCF file to potentially enable a local attacker to
compromise the privacy of a victim's data or execute arbitrary commands
with the victim's privileges. This can also be used by remote
attackers if the victim enables previews for remote files; however this
is disabled by default.
The krozat screensaver in Mandrake Linux 9.1 and 9.2 had a memory
leak. The updated packages correct the problem.
The kwin4 application would crash on startup. The updated packages
fix this problem.
A problem with qt3 would cause improper behaviour of using accelerator
keys in KDE applications such as Konqueror, KMail, and others. Using
these keys would either crash the program or simply not work. The
updated packages fix this problem.
Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in
ISAKMP and RADIUS parsing.
« Previous ( 1 ...
) Next »