Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 5778 5779 5780 5781 5782 5783 5784 ... 5785 ) Next »

Debian alert: New version of xchat released

  • Mailing list (Posted by dave on Aug 30, 2000 6:22 AM EDT)
  • Story Type: Security; Groups: Debian
The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands.

Debian alert: New version of ntop released

  • Mailing list (Posted by dave on Aug 29, 2000 2:36 PM EDT)
  • Story Type: Security; Groups: Debian
The updated version of ntop (1.2a7-10) that was released on August 5 was found to still be insecure: it was still exploitable using buffer overflows. Using this technique it was possible to run arbitrary code as the user who ran ntop in web mode.

Red Hat alert: Updated usermode packages.

  • Mailing list (Posted by dave on Aug 29, 2000 7:32 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated usermode packages are now available for Red Hat Linux 6.0, 6.1, and 6.

SuSE alert: Netscape

  • Mailing list (Posted by dave on Aug 24, 2000 5:06 AM EDT)
  • Story Type: Security; Groups: SUSE
Due to US-American export restrictions for cryptographical software, we are unable to provide update packages on our US ftp server http://ftp.suse.com. Instead, the packages can be found on http://ftp.suse.de. For

The legal issues have been resolved: Here are the links to download the SuSE Netscape update packages from our US-American ftp server:

Red Hat alert: XChat can pass URLs from IRC to a shell

  • Mailing list (Posted by dave on Aug 23, 2000 8:38 AM EDT)
  • Story Type: Security; Groups: Red Hat
A new XChat package is available that fixes a possible security hole.

SuSE alert: Netscape

  • Mailing list (Posted by dave on Aug 22, 2000 5:54 PM EDT)
  • Story Type: Security; Groups: SUSE
Two security problems exist in the netscape package as shipped with SuSE Linux distributions. a) Improper verification in Netscape's jpeg processing code can lead to a buffer overflow where data read from the network can overwrite memory. As a result, arbitrary code from a remote origin could be executed. The attack is particularly dangerous since it can penetrate firewall setups. Netscape version 4.74 fixes (fixed) this vulnerability. b) Due to an error in the java implementation in Netscape, it is possible for an attacker to view files and directories with the priviledges of the user running Netscape if the user visits a malisciously crafted webpage. This issue is known as "Brown Orifice" and requires the user to have Java enabled in her browser configuration. Again, this attack can penetrate firewall setups. See http://www.brumleve.com/BrownOrifice for details.

Debian alert: new version of zope released (updated)

  • Mailing list (Posted by dave on Aug 21, 2000 4:32 AM EDT)
  • Story Type: Security; Groups: Debian
On versions of Zope prior to 2.2.1 it was possible for a user with the ability to edit DTML to gain unauthorized access to extra roles during a request. A fix was previously announced in the Debian zope package 2.1.6-5.1, but that package did not fully address the issue and has been superseded by this announcement. More information is available at http://www.zope.org/Products/Zope/Hotfix_2000-08-17/security_alert

Red Hat alert: New Netscape packages fix Java security hole

  • Mailing list (Posted by dave on Aug 18, 2000 3:11 PM EDT)
  • Story Type: Security; Groups: Red Hat
New Netscape packages are available to fix a serious security problem with Java. It is recommended that all netscape users update to the new packages. Users of Red Hat Linux 6.0 and 6.1 should use the packages for Red Hat Linux 6.

Red Hat alert: Updated mailx and perl packages are now available.

  • Mailing list (Posted by dave on Aug 18, 2000 3:11 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated perl and mailx package are now available which fix a potential exploit made possible by incorrect assumptions made in suidperl. This advisory contains additional instructions for installing the necessary updates.

Red Hat alert: Zope update

  • Mailing list (Posted by dave on Aug 18, 2000 12:07 PM EDT)
  • Story Type: Security; Groups: Red Hat
Vulnerabilities exist with all Zope-

Debian alert: New version of xlockmore/xlockmore-gl released

  • Mailing list (Posted by dave on Aug 16, 2000 8:31 PM EDT)
  • Story Type: Security; Groups: Debian
There is a format string bug in all versions of xlockmore/xlockmore-gl. Debian 2.1 (slink) installs xlock setgid by default, and this exploit can be used to gain read access to the shadow file. We recommend upgrading immediately.

Debian alert: new version of zope released

  • Mailing list (Posted by dave on Aug 11, 2000 4:30 PM EDT)
  • Story Type: Security; Groups: Debian
On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request.

Red Hat alert: Updated usermode packages.

  • Mailing list (Posted by dave on Aug 11, 2000 12:23 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated usermode packages are now available for Red Hat Linux 6.0, 6.1, and 6.

Red Hat alert: Zope update

  • Mailing list (Posted by dave on Aug 11, 2000 11:39 AM EDT)
  • Story Type: Security; Groups: Red Hat
Vulnerabilities exist with all Zope-

SuSE alert: suidperl (perl)

  • Mailing list (Posted by dave on Aug 10, 2000 2:36 AM EDT)
  • Story Type: Security; Groups: SUSE
suidperl is the perl interpreter for suid perl scripts, a part of the perl package. A maliciously implemented feature causes the interpreter to spawn the /bin/mail program to inform the superuser of its usage, thereby passing on untrusted environment that causes /bin/mail to execute arbitrary commands as user root.

SuSE alert: rpc.kstatd (knfsd)

  • Mailing list (Posted by dave on Aug 10, 2000 2:33 AM EDT)
  • Story Type: Security; Groups: SUSE
Due to incorrect string parsing in the code, a remote attacker could gain root priviledges on the machine running the vulnerable rpc.kstatd.

Red Hat alert: Updated mailx and perl packages are now available.

  • Mailing list (Posted by dave on Aug 9, 2000 1:46 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated perl and mailx package are now available which fix a potential exploit made possible by incorrect assumptions made in suidperl. This advisory contains additional instructions for installing the necessary updates.

Debian alert: New version of mailx released

  • Mailing list (Posted by dave on Aug 8, 2000 10:10 PM EDT)
  • Story Type: Security; Groups: Debian
mailx is a often used by other programs to send email. Unfortunately mailx as distributed in Debian GNU/Linux 2.1 has some features that made it possible to execute system commands if a user can trick a privileged program to send email using /usr/bin/mail.

Red Hat alert: mopd-linux buffer overflow

  • Mailing list (Posted by dave on Aug 8, 2000 9:39 AM EDT)
  • Story Type: Security; Groups: Red Hat
A buffer overflow has been discovered in all releases of mopd-linux included in the 6.0, 6.1, and 6.2 releases of Powertools.

Red Hat alert: Remote file access vulnerability in ntop

  • Mailing list (Posted by dave on Aug 8, 2000 7:00 AM EDT)
  • Story Type: Security; Groups: Red Hat
The version of ntop which was included in Red Hat Powertools 6.2 has a remote exploit in which arbitrary files can be read on the host machine.

« Previous ( 1 ... 5778 5779 5780 5781 5782 5783 5784 ... 5785 ) Next »