Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 5801 5802 5803 5804 5805 5806 5807 5808 5809 5810 5811 ... 5863 ) Next »

Debian alert: New lpr packages fix local root exploit (potato)

  • Mailing list (Posted by dave on Apr 15, 2003 5:33 AM EDT)
  • Story Type: Security; Groups: Debian
The correction for CAN-2003-0144 for the old stable distribution (potato) was a little bit too strict apparently and this update corrects this. For completeness here is the advisory text:

Debian alert: New EPIC packages fix DoS and arbitrary code execution

  • Mailing list (Posted by dave on Apr 15, 2003 3:09 AM EDT)
  • Story Type: Security; Groups: Debian
Timo Sirainen discovered several problems in EPIC, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.

Debian alert: New EPIC packages fix DoS and arbitrary code execution

  • Mailing list (Posted by dave on Apr 15, 2003 2:00 AM EDT)
  • Story Type: Security; Groups: Debian
Timo Sirainen discovered several problems in EPIC, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.

Debian alert: New gs-common packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Apr 14, 2003 6:35 AM EDT)
  • Story Type: Security; Groups: Debian
Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsiuses a temporary file in the process of invoking ghostscript. This file was created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi.

Debian alert: New lprng packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Apr 14, 2003 5:19 AM EDT)
  • Story Type: Security; Groups: Debian
Karol Lewandowski discovered that psbanner, a printer filter that creates a PostScript format banner and is part of LPRng, insecurely creates a temporary file for debugging purpose when it is configured as filter. The program does not check whether this file already exists or is linked to another place writes its current environment and called arguments to the file unconditionally with the user id daemon.

Debian alert: New kdegraphics packages fix arbitrary command execution

  • Mailing list (Posted by dave on Apr 12, 2003 12:30 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discoverd a vulnerability in the way KDE uses Ghostscript software for processing of PostScript (PS) and PDF files. An attacker could provide a malicious PostScript or PDF file via mail or websites that could lead to executing arbitrary commands under the privileges of the user viewing the file or when the browser generates a directory listing with thumbnails.

Debian alert: New xfsdump packages fix insecure file creation

  • Mailing list (Posted by dave on Apr 10, 2003 10:16 PM EDT)
  • Story Type: Security; Groups: Debian
Ethan Benson discovered a problem in xfsdump, that contains administrative utilities for the XFS filesystem. When filesystem quotas are enabled xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped. The manner in which this file is created is unsafe.

Red Hat alert: Updated glibc packages fix vulnerabilities in RPC XDR decoder

  • Mailing list (Posted by dave on Apr 10, 2003 3:33 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated glibc packages are available to fix an integer overflow in the XDR decoder.

Mandrake alert: Updated 2.4 kernel packages fix ptrace vulnerability

A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module.

Red Hat alert: Updated httpd packages fix security vulnerabilities.

  • Mailing list (Posted by dave on Apr 9, 2003 8:31 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated httpd packages which fix a number of security issues are now available for Red Hat Linux 8.0 and 9.

Debian alert: New heimdal packages fix authentication failure

  • Mailing list (Posted by dave on Apr 9, 2003 7:56 AM EDT)
  • Story Type: Security; Groups: Debian
Due to overzealous applied patches, the security update DSA 269-1 introduced problems in some installations, causing the hprop service to fail. This is corrected with the update below.

Debian alert: New glibc packages fix arbitrary code execution

  • Mailing list (Posted by dave on Apr 9, 2003 3:20 AM EDT)
  • Story Type: Security; Groups: Debian
eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function which is also present in GNU libc. This function is part of the XDR (external data representation) encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code.

Red Hat alert: Updated 2.4 kernel fixes USB storage

  • Mailing list (Posted by dave on Apr 9, 2003 12:40 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated kernel packages for Red Hat Linux 9 are now available. The kernel package version

Red Hat alert: New samba packages fix security vulnerability

  • Mailing list (Posted by dave on Apr 9, 2003 12:27 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Samba packages that fix a security vulnerability are now available. [Updated 9 April 2003] Fixed Samba packages for Red Hat Linux 7.1 have been added to this erratum.

Debian alert: New xftp packages fix arbitrary code execution

  • Mailing list (Posted by dave on Apr 8, 2003 7:45 AM EDT)
  • Story Type: Security; Groups: Debian
Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp respectively), an Athena X interface to http://FTP. Insufficient bounds checking could lead to execution of arbitrary code, provided by a malicious FTP server. Erik Tews fixed this.

Red Hat alert: Updated mgetty packages available

  • Mailing list (Posted by dave on Apr 8, 2003 4:17 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated mgetty packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. These updates close a possible buffer overflow and a permissions problem present in versions of mgetty prior to version 1.1.29.

Red Hat alert: New samba packages fix security vulnerability

  • Mailing list (Posted by dave on Apr 7, 2003 11:02 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Samba packages that fix a security vulnerability are now available for Red Hat Linux 7.2, 7.3, 8.0, and 9. Packages for Red Hat Linux 7.1 will be added shortly.

Slackware alert: Samba security problem fixed

The samba packages in Slackware 8.1 and 9.0 have been upgraded to Samba 2.2.8a to fix a security problem.

SuSE alert: samba

  • Mailing list (Posted by dave on Apr 7, 2003 12:26 PM EDT)
  • Story Type: Security; Groups: SUSE
Digital Defense Inc. have discovered a buffer overflow in the samba file server, the widely spread implementation of the SMB protocol. The flaw allows a remote attacker to execute arbitrary commands as root on a server that runs a vulnerable version of samba. The vulnerability is known as DDI trans2.c overflow bug and is assigned the CVE ID CAN-2003-0201. Since this vulnerability was found during an analysis of an exploit happening in the wild, it should be assumed that exploits are circulating in the internet.

Debian alert: New samba packages fix remote root exploit

  • Mailing list (Posted by dave on Apr 7, 2003 10:48 AM EDT)
  • Story Type: Security; Groups: Debian
Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use.

« Previous ( 1 ... 5801 5802 5803 5804 5805 5806 5807 5808 5809 5810 5811 ... 5863 ) Next »