Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 6466 6467 6468 6469 6470 6471 6472 6473 6474 6475 6476 ... 6533 ) Next »

Debian alert: New eterm packages fix buffer overflow

  • Mailing list (Posted by dave on Jun 6, 2003 5:11 PM EST)
  • Story Type: Security; Groups: Debian
"bazarr" discovered that eterm is vulnerable to a buffer overflow of the ETERMPATH environment variable. This bug can be exploited to gain the privileges of the group "utmp" on a system where eterm is installed.

Debian alert: New gzip packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Jun 6, 2003 4:51 PM EST)
  • Story Type: Security; Groups: Debian
Paul Szabo discovered that znew, a script included in the gzip package, creates its temporary files without taking precautions to avoid a symlink attack (CAN-2003-0367).

SuSE alert: pptpd

  • Mailing list (Posted by dave on Jun 6, 2003 6:00 AM EST)
  • Story Type: Security; Groups: SUSE
The PPTP daemon contains a remotely exploitable buffer overflow which was introduced due to a integer overflow in the third argument passed to the read() library call. This bug has been fixed. Since there is no workaround other than shutting down the PPTP daemon an update is strongly recommended if you need a PPTP server running.

SuSE alert: cups

  • Mailing list (Posted by dave on Jun 6, 2003 5:52 AM EST)
  • Story Type: Security; Groups: SUSE
The well known Common Unix Printing System (CUPS) was found vulnerable to a remote Denial of Service attack. The CUPS daemon will stop serving clients if the second carriage return in a request is not sent to complete the header. Since the vulnerability occurs before any authorization or address verification there is no other workaround than shutting down the CUPS server.

Red Hat alert: Updated hanterm packages provide security fixes

  • Mailing list (Posted by dave on Jun 5, 2003 10:46 PM EST)
  • Story Type: Security; Groups: Red Hat
Updated hanterm packages fix two security issues.

Mandrake alert: Updated kon2 packages fix buffer overflow vulnerability

A vulnerability was discovered in kon2, a Kanji emulator for the console. A buffer overflow in the command line parsing can be exploited, leading to local users being able to gain root privileges.

Red Hat alert: Updated KDE packages fix security issue

  • Mailing list (Posted by dave on Jun 5, 2003 12:03 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated KDE packages that resolve a vulnerability in KDE's SSL implementation are now available.

Red Hat alert: Updated kon2 packages fix buffer overflow

  • Mailing list (Posted by dave on Jun 3, 2003 4:18 AM EST)
  • Story Type: Security; Groups: Red Hat
A buffer overflow in kon2 allows local users to obtain root privileges.

Red Hat alert: Updated 2.4 kernel fixes vulnerabilities and driver bugs

  • Mailing list (Posted by dave on Jun 3, 2003 3:32 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated kernel packages are now available that contain fixes for security vulnerabilities as well as fixes for bugs in the audigy, cmd640 IDE, and USB drivers.

Mandrake alert: Updated apache2 packages fix vulnerabilities

Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.

Red Hat alert: Updated 2.4 kernel fixes vulnerability

  • Mailing list (Posted by dave on Jun 2, 2003 8:16 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now available. These packages fix a ptrace-related vulnerability that can lead to elevated (root) privileges. [Updated 30 March 2003] Updated kernel packages for Red Hat Linux 7.2 ia64 have been added. [Updated 28 May 2003] Replacement kernel packages for Red Hat Linux 7.2 ia64 have been added; the previous packages did not contain the fix for the ptrace vulnerability.

Mandrake alert: Updated apache2 packages fix vulnerabilities

Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.

Red Hat alert: Updated ghostscript packages fix vulnerability

  • Mailing list (Posted by dave on May 29, 2003 11:36 PM EST)
  • Story Type: Security; Groups: Red Hat
New ghostscript packages fixing a command execution vulnerability are now available.

Mandrake alert: Updated cups packages fix Denial of Service vulnerability

A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default).

Slackware alert: CUPS DoS vulnerability fixed (SSA:2003-149-01)

Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current to fix a denial of service attack vulnerability.

Debian alert: New gps packages fix multiple vulnerabilities

  • Mailing list (Posted by dave on May 28, 2003 5:01 PM EST)
  • Story Type: Security; Groups: Debian
gPS is a graphical application to watch system processes. In release 1.1.0 of the gps package, several security vulnerabilities were fixed, as detailed in the changelog:

Red Hat alert: Updated httpd packages fix Apache security vulnerabilities

  • Mailing list (Posted by dave on May 28, 2003 7:30 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated httpd packages that fix two security issues are now available for Red Hat Linux 8.0 and 9.

SuSE alert: glibc

  • Mailing list (Posted by dave on May 27, 2003 5:20 AM EST)
  • Story Type: Security; Groups: SUSE
Another integer overflow was found in glibc' XDR code. This bug is equal to the one described in advisory SuSE-SA:2002:031. The overflow occurs in the function xdrmem_getbytes() and can be used by external attackers to execute arbitrary code.

Red Hat alert: Updated CUPS packages fix denial of service attack

  • Mailing list (Posted by dave on May 27, 2003 12:42 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated CUPS packages that fix a denial of service vulnerability are now available.

Mandrake alert: Updated gnupg packages fix validation bug

A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid.

« Previous ( 1 ... 6466 6467 6468 6469 6470 6471 6472 6473 6474 6475 6476 ... 6533 ) Next »