Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 6525 6526 6527 6528 6529 6530 6531 6532 6533 6534 6535 ... 6568 ) Next »

Mandrake alert: gaim update

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the "manual" browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable. Update: The 8.1 package had an incorrect dependency on perl. This package has been replaced with a proper package. Please note the differing md5 sums.

Mandrake alert: linuxconf notice

A vulnerability was discovered in linuxconf by Dave Aitel and later by iDEFENSE that is locally exploitable to obtain elevated privilege.

Debian alert: New Mantis package fixes privilege escalation

  • Mailing list (Posted by dave on Sep 4, 2002 5:48 AM EST)
  • Story Type: Security; Groups: Debian
A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id.

Debian alert: New scrollkeeper packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Sep 3, 2002 4:14 AM EST)
  • Story Type: Security; Groups: Debian
Spybreak discovered a problem in scrollkeeper, a free electronic cataloging system for documentation. The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user.

Red Hat alert: Updated scrollkeeper packages fix tempfile vulnerability

  • Mailing list (Posted by dave on Sep 2, 2002 7:43 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated scrollkeeper packages are now available for Red Hat Linux 7.3 which fix a tempfile vulnerability.

SuSE alert: glibc

  • Mailing list (Posted by dave on Aug 30, 2002 8:04 AM EST)
  • Story Type: Security; Groups: SUSE
An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker.

Red Hat alert: PXE server crashes from certain DHCP packets

  • Mailing list (Posted by dave on Aug 30, 2002 4:17 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated PXE packages are now available for Red Hat Linux which fix a vulnerability that can crash the PXE server using certain DHCP packets.

Mandrake alert: hylafax update

Numerous vulnerabilities in the HylaFAX product exist in versions prior to 4.1.3. It does not check the TSI string which is received from remote FAX systems before using it in logging and other places.

Mandrake alert: gaim update

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the "manual" browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable.

Red Hat alert: Updated ethereal packages are available

  • Mailing list (Posted by dave on Aug 29, 2002 5:43 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated ethereal packages are available which fix various security issues.

Debian alert: New Python packages fix insecure temporary file use

  • Mailing list (Posted by dave on Aug 28, 2002 2:32 AM EST)
  • Story Type: Security; Groups: Debian
Zack Weinberg discovered an insecure use of a temporary file in os._execvpe from os.py. It uses a predictable name which could lead execution of arbitrary code.

Red Hat alert: Updated mailman packages close cross-site scripting vulnerability

  • Mailing list (Posted by dave on Aug 27, 2002 4:59 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated mailman packages are now available for Red Hat Secure Web Server 3.2 (U.S.). These updates close a cross-site scripting vulnerability present in mailman versions prior to version

Debian alert: New gaim packages fix arbitrary program execution

  • Mailing list (Posted by dave on Aug 27, 2002 4:01 AM EST)
  • Story Type: Security; Groups: Debian
The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code. The 'Manual' browser command passes an untrusted string to the shell without escaping or reliable quoting, permitting an attacker to execute arbitrary commands on the users machine. Unfortunately, Gaim doesn't display the hyperlink before the user clicks on it. Users who use other inbuilt browser commands aren't vulnerable.

Mandrake alert: xinetd update

A vulnerability was discovered by Solar Designer in xinetd. File descriptors for the signal pipe that were introduced in version 2.3.4 are leaked into services started by xinetd, which can then be used to talk to xinetd, resulting in a crash of xinetd.

Debian alert: New mailman packages fix cross-site scripting problem

  • Mailing list (Posted by dave on Aug 26, 2002 8:03 AM EST)
  • Story Type: Security; Groups: Debian
Quoting DSA 147-1:

Red Hat alert: Updated mailman packages close cross-site scripting vulnerability

  • Mailing list (Posted by dave on Aug 23, 2002 8:08 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated mailman packages are now available for Red Hat Power Tools 7 and 7.1. These updates close a cross-site scripting vulnerability present in mailman versions prior to version

Red Hat alert: Updated mailman packages close cross-site scripting vulnerability

  • Mailing list (Posted by dave on Aug 23, 2002 8:07 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated mailman packages are now available for Red Hat Linux 7.2 and 7.3. These updates close a cross-site scripting vulnerability present in mailman versions prior to version

Debian alert: New irssi-text packages fix denial of service

  • Mailing list (Posted by dave on Aug 23, 2002 5:03 AM EST)
  • Story Type: Security; Groups: Debian
The IRC client irssi is vulnerable to a denial of service condition. The problem occurs when a user attempts to join a channel that has an overly long topic description. When a certain string is appended to the topic, irssi will crash.

Debian alert: New Light package fixes arbitrary script execution

  • Mailing list (Posted by dave on Aug 22, 2002 11:34 AM EST)
  • Story Type: Security; Groups: Debian
All versions of the EPIC script Light prior to 2.7.30p5 (on the 2.7 branch) and prior to 2.8pre10 (on the 2.8 branch) running on any platform are vulnerable to a remotely-exploitable bug, which can lead to nearly arbitrary code execution.

Red Hat alert: New kernel update available, fixes i810 video oops, several security issues

  • Mailing list (Posted by dave on Aug 21, 2002 9:13 AM EST)
  • Story Type: Security; Groups: Red Hat
Updated kernel packages are now available which fix an oops in the i810 3D kernel code. This kernel update also fixes a difficult to trigger race in the dcache (filesystem cache) code, as well as some potential security holes, although we are not currently aware of any exploits.

« Previous ( 1 ... 6525 6526 6527 6528 6529 6530 6531 6532 6533 6534 6535 ... 6568 ) Next »