Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7246 7247 7248 7249 7250 7251 7252 7253 7254 7255 7256 ... 7265 ) Next »
SuSE alert: nedit
The Nirvana Editor, NEdit, is a GUI-style text editor based on popular Macintosh and MS Windows editors. When printing a whole text or selected parts of a text, nedit(1) creates a temporary file in an insecure manner. This behavior could be exploited to gain access to other users privileges, even root.
SuSE alert: sudo
The setuid application sudo(8) allows a user to execute commands under the privileges of another user (including root). sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow in it's logging code, which could lead to local root compromise.
Debian alert: exuberant-ctags for sparc was incorrectly built
The updated exuberant-ctags that was mentioned in DSA-046-1 was
unfortunately compiled incorrectly: the stable chroot we used
turned out to be running unstable instead.
Debian alert: samba for sparc was incorrectly built
The updated samba packages that were mentioned in DSA-048-1 were
unfortunately compiled incorrectly: the stable chroot we used
turned out to be running unstable instead.
Debian alert: remote cfingerd exploit
Megyer Laszlo report on Bugtraq that the cfingerd Debian as distributed
with Debian GNU/Linux 2.2 was not careful in its logging code. By
combining this with an off-by-one error in the code that copied the
username from an ident response cfingerd could exploited by a remote
user. Since cfingerd does not drop its root privileges until after
it has determined which user to finger an attacker can gain
root privileges.
Debian alert: samba symlink attacks
Marcus Meissner discovered that samba was not creating temporary
files safely in two places:
Announcing availability of Red Hat Linux 7.1 (Seawolf)
2001-- Red Hat, Inc. (Nasdaq:RHAT - news), the leader in
developing, deploying and managing open source solutions, announced
today the availability of Red Hat Linux 7.1, the latest version of the
world's most popular open source server operating environment. Red Hat
Linux 7.1 includes the new 2.4 kernel with improved SMP support for
superior performance on Intel multi-processor platforms. Red Hat Linux
7.1 also delivers new configuration tools that enable users to
effortlessly set up and administer DNS, Web and print servers. This
release features Red Hat Network connectivity, including software
manager.
Red Hat alert: Linux kernel 2.2.19 now available, provides security fixes, enhancements
A local denial of service attack and root compromise of the kernel have
been corrected, drivers have been updated, and NFS version 3 has been
integrated.
Red Hat alert: New netscape packages available (Red Hat Linux 7.1 added)
New netscape packages are availabe to fix a problem with the handling of
JavaScript in certain situations. By exploiting this flaw, a remote site
could gain access to the browser history, and possibly other data.
It is recommended that all users upgrade to the fixed packages.
2001-04-16: netscape-4.77-1 packages are now available for Red Hat Linux
7.1 for Intel.
Debian alert: multiple kernel problems
The kernels used in Debian GNU/Linux 2.2 have been found to have
multiple security problems. This is a list of problems based
on the 2.2.19 release notes as found on http://www.linux.org.uk/ :
Debian alert: exuberant-ctags uses insecure temporary files
Colin Phipps discovered that the exuberant-ctags packages as distributed
with Debian GNU/Linux 2.2 creates temporary files insecurely. This has
been fixed in version 1:3.2.4-0.1 of the Debian package, and upstream
version 3.5.
Red Hat alert: New netscape packages available
New netscape packages are availabe to fix a problem with the handling of
JavaScript in certain situations. By exploiting this flaw, a remote site
could gain access to the browser history, and possibly other data.
It is recommended that all users upgrade to the fixed packages.
Red Hat alert: Updated pine packages available
Updated pine packages are now available for Red Hat Linux 7.0, 6.2,
and 5.
SuSE alert: vim/gvim
The text editor vim, Vi IMproved, was found vulnerable to two security bugs. 1.) a tmp race condition 2.) vim commands in regular files will be executed if the status line of vim is enabled in vimrc Both vulnerabilities could be used to gain unauthorized access to more privileges.
SuSE alert: mc
The Midnight Commander, mc(1), is a ncurses-based file manager. A local attacker could trick mc(1) into executing commands with the privileges of the user running mc(1) by creating malicious directory names. This attack leads to local privilege escalation.
Debian alert: New version of ntp released
Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp
daemons such as that released with Debian GNU/Linux are vulnerable to a
buffer overflow that can lead to a remote root exploit. A previous
advisory (DSA-045-1) partially addressed this issue, but introduced a
potential denial of service attack. This has been corrected for Debian
2.2 (potato) in ntp version 4.0.99g-2potato2.
SuSE alert: xntp
xntp is the network time protocol package widely used with many unix and linux systems for system time synchronization over a network. An exploit published by Przemyslaw Frasunek demonstrates a buffer overflow in the control request parsing code. The exploit allows a remote attacker to execute arbitrary commands as root. All versions as shipped with SuSE Linux are affected by the buffer overflow problem.
Slackware alert: buffer overflow fix for NTP
The version of xntp3 that shipped with Slackware 7.1 as well as the
version that was in Slackware -current contains a buffer overflow bug that
could lead to a root compromise. Slackware 7.1 and Slackware -current
users are urged to upgrade to the new packages available for their
release.
Red Hat alert: Network Time Daemon (ntpd) has potential remote root exploit
The Network Time Daemon (ntpd) supplied with all releases of Red Hat
Linux is vulnerable to a buffer overflow, allowing a remote attacker to
potentially gain root level access to a machine. All users of ntpd are
strongly encouraged to upgrade.
Debian alert: ntp remote root exploit fixed
Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp
daemons such as that released with Debian GNU/Linux are vulnerable to a
buffer overflow that can lead to a remote root exploit. This has been
corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato1.
« Previous ( 1 ... 7246 7247 7248 7249 7250 7251 7252 7253 7254 7255 7256 ... 7265 ) Next »