Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 5641 5642 5643 5644 5645 5646 5647 5648 5649 5650 5651 ... 5666 ) Next »

Debian alert: New nvi packages fix format string vulnerability

  • Mailing list (Posted by dave on Oct 21, 2001 5:56 AM EDT)
  • Story Type: Security; Groups: Debian
Takeshi Uno found a very stupid format string vulnerability in all versions of nvi (in both, the plain and the multilingualized version). When a filename is saved, it ought to get displayed on the screen. The routine handling this didn't escape format strings.

Red Hat alert: Updated diffutils packages available

  • Mailing list (Posted by dave on Oct 18, 2001 11:54 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated diffutils packages are now available, fixing a temporary file handling vulnerability in the sdiff program.

Red Hat alert: New kernel 2.2 packages are available

  • Mailing list (Posted by dave on Oct 18, 2001 2:43 PM EDT)
  • Story Type: Security; Groups: Red Hat
A vulnerability has been found in the ptrace code of the kernel (ptrace is the part that allows program debuggers to run) that could be abused by local users to gain root privileges.

Red Hat alert: New kernel 2.4 packages are available

  • Mailing list (Posted by dave on Oct 18, 2001 2:42 PM EDT)
  • Story Type: Security; Groups: Red Hat
A vulnerability has been found in the ptrace code of the kernel (ptrace is the part that allows program debuggers to run) that could be abused by local users to gain root privileges.

Red Hat alert: New kernel 2.4 packages are available

  • Mailing list (Posted by dave on Oct 18, 2001 2:42 PM EDT)
  • Story Type: Security; Groups: Red Hat
A vulnerability has been found in the ptrace code of the kernel (ptrace is the part that allows program debuggers to run) that could be abused by local users to gain root privileges.

Red Hat alert: New kernel 2.4 packages are available

  • Mailing list (Posted by dave on Oct 18, 2001 2:42 PM EDT)
  • Story Type: Security; Groups: Red Hat
A vulnerability has been found in the ptrace code of the kernel (ptrace is the part that allows program debuggers to run) that could be abused by local users to gain root privileges.

Debian alert: New gftp packages won't display the password

  • Mailing list (Posted by dave on Oct 18, 2001 12:33 PM EDT)
  • Story Type: Security; Groups: Debian
Stephane Gaudreault told us that version 2.0.6a of gftp displays the password in plain text on the screen within the log window when it is logging into an ftp server. A malicious collegue who is watching the screen could gain access to the users shell on the remote machine.

Debian alert: No w3m packages for powerpc available

  • Mailing list (Posted by dave on Oct 18, 2001 6:16 AM EDT)
  • Story Type: Security; Groups: Debian
In SNS Advisory No. 32 a buffer overflow vulnerability has been reported in the routine which parses MIME headers that are returned from web servers. A malicious web server administrator could exploit this and let the client web browser execute arbitrary code.

Debian alert: New procmail packages fix insecure signal handling

  • Mailing list (Posted by dave on Oct 18, 2001 5:26 AM EDT)
  • Story Type: Security; Groups: Debian
Using older versions of procmail it was possible to make procmail crash by sending it signals. On systems where procmail is installed setuid this could be exploited to obtain unauthorized privileges.

Debian alert: News Xvt packages fix buffer overflow

  • Mailing list (Posted by dave on Oct 18, 2001 5:24 AM EDT)
  • Story Type: Security; Groups: Debian
Christophe Bailleux reported on bugtraq that Xvt is vulnerable to a buffer overflow in its argument handling. Since Xvt is installed setuid root, it was possible for a normal user to pass carefully-crafted arguments to xvt so that xvt executed a root shell.

Debian alert: New w3m packages fix buffer overflow

  • Mailing list (Posted by dave on Oct 18, 2001 5:23 AM EDT)
  • Story Type: Security; Groups: Debian
In SNS Advisory No. 32 a buffer overflow vulnerability has been reported in the routine which parses MIME headers that are returned from web servers. A malicious web server administrator could exploit this and let the client web browser execute arbitrary code.

Debian alert: New ht://Dig packages fix vulnerability

  • Mailing list (Posted by dave on Oct 16, 2001 10:13 PM EDT)
  • Story Type: Security; Groups: Debian
Nergal reported a vulnerability in the htsearch program which is distributed as part of the ht://Dig package, a indexing and searching system for small domains or intranets. Using former versions it was able to pass the parameter `-c' to the cgi program in order to use a different configuration file.

Red Hat alert: New util-linux packages available to fix /bin/login pam problem

  • Mailing list (Posted by dave on Oct 16, 2001 11:15 AM EDT)
  • Story Type: Security; Groups: Red Hat
New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages.

Red Hat alert: New util-linux packages available to fix /bin/login pam problem

  • Mailing list (Posted by dave on Oct 16, 2001 11:15 AM EDT)
  • Story Type: Security; Groups: Red Hat
New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages.

Red Hat alert: Updated openssh packages available

  • Mailing list (Posted by dave on Oct 16, 2001 8:30 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated openssh packages are now available for Red Hat Linux 7 and 7.1. These packages fix a vulnerability which may allow unauthorized users to log in from hosts that have been denied access.

Red Hat alert: New Zope packages are available

  • Mailing list (Posted by dave on Oct 10, 2001 2:44 PM EDT)
  • Story Type: Security; Groups: Red Hat
New Zope packages are available which fix a security flaw with DTML scripting.

SuSE alert: lprold

  • Mailing list (Posted by dave on Oct 10, 2001 7:05 AM EDT)
  • Story Type: Security; Groups: SUSE
ISS X-Force reported an overflow in BSD's lineprinter daemon shipped with the lprold package in SuSE Linux.

Red Hat alert: New Samba packages available for Red Hat Linux 5.2, 6.2, 7 and 7.1

  • Mailing list (Posted by dave on Oct 8, 2001 6:51 AM EDT)
  • Story Type: Security; Groups: Red Hat
New Samba packages are available for Red Hat Linux 5.2, 6.2, 7, and 7.1. These packages fix a security problem with remote clients giving special NetBIOS names to the server. It is recommended that all Samba users upgrade to the fixed packages. Please note that the packages for Red Hat Linux 6.2 require an updated logrotate package. UPDATE: The packages for Red Hat Linux 5.2 have been updated. The original packages detected the availability of syscalls present in kernels newer than

Red Hat alert: New squid packages available to fix FTP-based DoS

  • Mailing list (Posted by dave on Oct 4, 2001 1:41 PM EDT)
  • Story Type: Security; Groups: Red Hat
New squid packages are available that fix a potential DoS in Squid's FTP handling code. It is recommened that squid users update to the fixed packages. The packages for Red Hat Linux 6.2 also fix the problem described in RHSA-2001:097-04; it was later discovered that Red Hat Linux 6.2 is vulnerable to the same problem in accelerator-only mode.

Red Hat alert: Insecure setserial initscript

  • Mailing list (Posted by dave on Sep 26, 2001 7:30 AM EDT)
  • Story Type: Security; Groups: Red Hat
The initscript distributed with the setserial package (which is not installed or enabled by default) uses predictable temporary file names, and should not be used. setserial-

« Previous ( 1 ... 5641 5642 5643 5644 5645 5646 5647 5648 5649 5650 5651 ... 5666 ) Next »