Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 5850 5851 5852 5853 5854 5855 5856 5857 ... 5858 ) Next »

Red Hat alert: glibc vulnerabilities in ld.so, locale and gettext

  • Mailing list (Posted by dave on Sep 7, 2000 12:37 PM EDT)
  • Story Type: Security; Groups: Red Hat
Several bugs were discovered in glibc which could allow local users to gain root privileges.

SuSE alert: apache

  • Mailing list (Posted by dave on Sep 7, 2000 10:02 AM EDT)
  • Story Type: Security; Groups: SUSE
The default package selection in SuSE distributions includes apache. The configuration file that comes with the package contains two security relevant errors:

SuSE alert: screen

  • Mailing list (Posted by dave on Sep 6, 2000 9:37 AM EDT)
  • Story Type: Security; Groups: SUSE
screen, a tty multiplexer, is installed suid root by default on SuSE Linux distributions. By supplying a thoughtfully designed string as the visual bell message, local users can obtain root privilege. Exploit information has been published on security forums.

SuSE alert: shlibs (glibc)

  • Mailing list (Posted by dave on Sep 6, 2000 2:30 AM EDT)
  • Story Type: Security; Groups: SUSE
The glibc implementations in all SuSE distributions starting with SuSE-6.0 have multiple security problems where at least one of them allows any local user to gain root access to the system.

Slackware alert: glibc 2.1.3 vulnerabilities patched

Three locale-related vulnerabilities with glibc 2.1.3 were recently reported on BugTraq. These vulnerabilities could allow local users to gain root access.

Debian alert: glibc update for Debian GNU/Linux 2.1 (update)

  • Mailing list (Posted by dave on Sep 5, 2000 6:58 AM EDT)
  • Story Type: Security; Groups: Debian
Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.

Debian alert: glibc update for Debian GNU/Linux 2.1

  • Mailing list (Posted by dave on Sep 4, 2000 3:59 PM EDT)
  • Story Type: Security; Groups: Debian
Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.

Debian alert: new version of screen released

  • Mailing list (Posted by dave on Sep 4, 2000 3:56 AM EDT)
  • Story Type: Security; Groups: Debian
A format string bug was recently discovered in screen which can be used to gain elevated privilages if screen is setuid. Debian 2.1 (slink) did ship screen setuid and the exploit can be used to gain root privilages. In Debian 2.2 (potato) screen is not setuid, and is not vulnerable to a root exploit. screen is, however, setgid utmp in Debian 2.2 (potato) and we recommend upgrading.

Slackware alert: Perl root exploit in Slackware 7.1 & -current

A root exploit was found in the /usr/bin/suidperl5.6.0 program that shipped with the Slackware 7.1 perl.tgz package.

Debian alert: New version of glibc released

  • Mailing list (Posted by dave on Sep 2, 2000 8:17 AM EDT)
  • Story Type: Security; Groups: Debian
Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code.

Debian alert: New version of Netscape Communicator/Navigator released

  • Mailing list (Posted by dave on Sep 1, 2000 5:08 PM EDT)
  • Story Type: Security; Groups: Debian
Existing Netscape Communicator/Navigator packages contain the following vulnerabilities:

Red Hat alert: glibc vulnerabilities in ld.so, locale and gettext

  • Mailing list (Posted by dave on Sep 1, 2000 11:37 AM EDT)
  • Story Type: Security; Groups: Red Hat
Several bugs were discovered in glibc which could allow local users to gain root privileges.

Debian alert: New version of xchat released (update)

  • Mailing list (Posted by dave on Aug 30, 2000 6:36 AM EDT)
  • Story Type: Security; Groups: Debian
The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands.

Debian alert: New version of xchat released

  • Mailing list (Posted by dave on Aug 30, 2000 6:22 AM EDT)
  • Story Type: Security; Groups: Debian
The version of X-Chat that was distributed with Debian GNU/Linux 2.2 has a vulnerability in the URL handling code: when a user clicks on a URL X-Chat will start netscape to view its target. However it did not check the URL for shell metacharacters, and this could be abused to trick xchat into executing arbitraty commands.

Debian alert: New version of ntop released

  • Mailing list (Posted by dave on Aug 29, 2000 2:36 PM EDT)
  • Story Type: Security; Groups: Debian
The updated version of ntop (1.2a7-10) that was released on August 5 was found to still be insecure: it was still exploitable using buffer overflows. Using this technique it was possible to run arbitrary code as the user who ran ntop in web mode.

Red Hat alert: Updated usermode packages.

  • Mailing list (Posted by dave on Aug 29, 2000 7:32 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated usermode packages are now available for Red Hat Linux 6.0, 6.1, and 6.

SuSE alert: Netscape

  • Mailing list (Posted by dave on Aug 24, 2000 5:06 AM EDT)
  • Story Type: Security; Groups: SUSE
Due to US-American export restrictions for cryptographical software, we are unable to provide update packages on our US ftp server http://ftp.suse.com. Instead, the packages can be found on http://ftp.suse.de. For

The legal issues have been resolved: Here are the links to download the SuSE Netscape update packages from our US-American ftp server:

Red Hat alert: XChat can pass URLs from IRC to a shell

  • Mailing list (Posted by dave on Aug 23, 2000 8:38 AM EDT)
  • Story Type: Security; Groups: Red Hat
A new XChat package is available that fixes a possible security hole.

SuSE alert: Netscape

  • Mailing list (Posted by dave on Aug 22, 2000 5:54 PM EDT)
  • Story Type: Security; Groups: SUSE
Two security problems exist in the netscape package as shipped with SuSE Linux distributions. a) Improper verification in Netscape's jpeg processing code can lead to a buffer overflow where data read from the network can overwrite memory. As a result, arbitrary code from a remote origin could be executed. The attack is particularly dangerous since it can penetrate firewall setups. Netscape version 4.74 fixes (fixed) this vulnerability. b) Due to an error in the java implementation in Netscape, it is possible for an attacker to view files and directories with the priviledges of the user running Netscape if the user visits a malisciously crafted webpage. This issue is known as "Brown Orifice" and requires the user to have Java enabled in her browser configuration. Again, this attack can penetrate firewall setups. See http://www.brumleve.com/BrownOrifice for details.

Debian alert: new version of zope released (updated)

  • Mailing list (Posted by dave on Aug 21, 2000 4:32 AM EDT)
  • Story Type: Security; Groups: Debian
On versions of Zope prior to 2.2.1 it was possible for a user with the ability to edit DTML to gain unauthorized access to extra roles during a request. A fix was previously announced in the Debian zope package 2.1.6-5.1, but that package did not fully address the issue and has been superseded by this announcement. More information is available at http://www.zope.org/Products/Zope/Hotfix_2000-08-17/security_alert

« Previous ( 1 ... 5850 5851 5852 5853 5854 5855 5856 5857 ... 5858 ) Next »