Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 5732 5733 5734 5735 5736 5737 5738 5739 5740 5741 5742 ... 5787 ) Next »

Mandrake alert: Updated MySQL packages fix DoS vulnerability

Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account.

Mandrake alert: Updated vim packages fix arbitrary command execution vulnerability

A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages.

Debian alert: New hypermail packages fix arbitrary code execution

  • Mailing list (Posted by dave on Jan 31, 2003 5:24 AM EDT)
  • Story Type: Security; Groups: Debian
Ulf Harnhammar discovered two problems in hypermail, a program to create HTML archives of mailing lists.

Red Hat alert: Updated kerberos packages fix vulnerability in ftp client

  • Mailing list (Posted by dave on Jan 30, 2003 11:43 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages fix a vulnerability found in the Kerberos ftp client distributed with the Red Hat Linux krb5 packages.

Debian alert: New courier packages fix SQL injection

  • Mailing list (Posted by dave on Jan 30, 2003 5:46 AM EDT)
  • Story Type: Security; Groups: Debian
The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiting this vulnerability. The MySQL auth module is not affected.

Debian alert: New tomcat packages fix information exposure and cross site scripting

  • Mailing list (Posted by dave on Jan 29, 2003 6:36 AM EDT)
  • Story Type: Security; Groups: Debian
The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems:

Debian alert: New dhcp3 packages fix potential network flood

  • Mailing list (Posted by dave on Jan 28, 2003 5:19 AM EDT)
  • Story Type: Security; Groups: Debian
Florian Lohoff discovered a bug in the dhcrelay causing it to send a continuing packet storm towards the configured DHCP server(s) in case of a malicious BOOTP packet, such as sent from buggy Cisco switches.

Mandrake alert: Updated fetchmail packages fix remote exploit vulnerability

A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail.

Debian alert: New noffle packages fix buffer overflows

  • Mailing list (Posted by dave on Jan 27, 2003 6:26 AM EDT)
  • Story Type: Security; Groups: Debian
Dan Jacobson noticed a problem in noffle, an offline news server, that leads to a segmentation fault. It is not yet clear whether this problem is exploitable. However, if it is, a remote attacker could trigger arbitrary code execution under the user that calls noffle, probably news.

Debian alert: New kdemultimedia packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 24, 2003 7:03 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdebase packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 24, 2003 6:08 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdeutils packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 24, 2003 4:38 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdegames packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 9:51 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdesdk packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 6:56 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdepim packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 5:12 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdenetwork packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 4:57 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

SuSE alert: cvs

  • Mailing list (Posted by dave on Jan 22, 2003 7:38 AM EDT)
  • Story Type: Security; Groups: SUSE
CVS (Concurrent Versions System) is a version control system which helps to manage concurrent editing of files by various authors. Stefan Esser of e-matters reported a "double free" bug in CVS server code for handling directory requests. This free() call allows an attacker with CVS read access to compromise a CVS server. Additionally two features ('Update-prog' and 'Checkin-prog') were disabled to stop clients with write access to execute arbitrary code on the server. These features may be configurable at run-time in future releases of CVS server.

Debian alert: New kdelibs packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 22, 2003 5:36 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdegraphics packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 22, 2003 5:26 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdeadmin packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 22, 2003 5:17 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

« Previous ( 1 ... 5732 5733 5734 5735 5736 5737 5738 5739 5740 5741 5742 ... 5787 ) Next »