Showing all newswire headlines

Alan Cox discovered that GNU ed (a classed line editor tool) created temporary files unsafely. This has been fixed in version 0.2-18.1.

A remote DoS (denial of service) attack is possible with bind versions prior to 8.

Updated nss_ldap packages are now available for Red Hat Linux 6.1, 6.2, and 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha.

Updated cyrus-sasl packages are now available for Red Hat Linux 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Updated usermode packages are now available for Red Hat Linux 6.x and 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Updated apache, php, mod_perl, and auth_ldap packages are now available for Red Hat Linux 5.2, 6.0, 6.1, 6.2, and 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

(This is a re-release of the previous errata caused by a missing patch). A locally-exploitable security hole was found where a normal user could trick root running GnoRPM into writing to arbitrary files due to a bug in the gnorpm tmp file handling. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Updated openssh packages are now available for Red Hat Linux 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.

Updated pine and imap packages are available for Red Hat Linux 5.2, 6.x and 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

A new modutils-

ghostscript makes use of mktemp instead of mkstemp to create temp files; and also uses improper LD_RUN_PATH values, causing it to search for libraries in the current directory. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

If you are any setuid applications that use ncurses and its cursor movement functionality, local users may gain access to the program's privileges. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Updated bash (1.x) packages for Red Hat Linux 5.x and 6.x, fixing a security problem, are available.

New Netscape packages are available that fix a buffer overflow in parsing HTML. It is recommended that all Netscape users update to the fixed packages. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Maurycy Prodeus found a problem in cons.saver, a screensaver for the console that is included in the mc package. cons.saver does not check if it is started with a valid stdout, which combined with a bug in its check to see if its argument is a tty (it forgot to close the file-descriptor after opening the supposed tty) causes it to write a NUL character to the file given as its parameter.

openssh is an implementation of the secure shell protocol, available under the BSD license, primarily maintained by the OpenBSD Project.

If you are any setuid applications that use ncurses and its cursor movement functionality, local users may gain access to the program's privileges.

ghostscript uses temporary files to do some of its work. Unfortunately the method used to create those files wasn't secure: mktemp was used to create a name for a temporary file, but the file was not opened safely. A second problem is that during build the LD_RUN_PATH environment variable was set to the empty string, which causes the dynamic linker to look in the current directory for shared libraries.

A new modutils-