Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 ... 2062 ) Next »
SuSE alert: nkitb
The standard ftp server does directly pass untrusted data from a DNS server to the setproctitle() function in a unsecure manner.
Debian alert: New Debian nfs-common packages released
The version of nfs-common distributed in Debian GNU/Linux 2.2 (a.k.a
potato), as well as in the unstable (woody) distribution, is vulnerable to a
remote root compromise. No exploit is known to exist in the wild, but the
vulnerability has been verified.
This has been fixed in version 0.1.9.1-1 of the nfs-common package. We
recommend that you update nfs-common immediately.
Debian alert: New version of cvsweb released
The versions of cvsweb distributed in Debian GNU/Linux 2.1 (aka slink) as
well as in the frozen (potato) and unstable (woody) distributions, are
vulnerable to a remote shell exploit. An attacker with write access to the
cvs repository can execute arbitrary code on the server, as the www-data
user.
SuSE alert: dhclient
The client side program of the ISC DHCP package, dhclient, does not do quoting of server messages before passing them to /sbin/dhclient-script. This script is executed with root privileges.
SuSE alert: tnef
Tnef extracts eMails compressed with MS-Outlook. The compressed file includes the path name to which the decompressed data should be written.
SuSE alert: makewhatis bug
a few days ago a /tmp race condition bug in the makewhatis program was
posted on bugtraq.
We are NOT vulnerable by this bug, because we use different code, which
doesn't touch /tmp in a unsecure way.
Red Hat alert: man package's 'makewhatis' uses insecure handling of files in /tmp
The makewhatis portion of the man package used files in /tmp
in an insecure fashion. It was possible for local users to
exploit this vulnerability to modify files that they normally
could not and gain elevated privilege.
Debian alert: New version of canna released.
The canna package as distributed in Debian GNU/Linux 2.1 can be
remotely exploited to gain access. This could be done by overflowing
a buffer by sending a SR_INIT command with a very long usernamd or
groupname.
Debian alert: New verion of dhcp released
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2
(potato) are vulnerable to a root exploit. The OpenBSD team reports that the
client inappropriately executes commands embedded in replies sent from a dhcp
server. This means that a malicious dhcp server can execute commands on the
client with root privilages.
SuSE alert: Problems after Kernel Update
alot of customers report problems after updateing the kernel.
Please, execute 'mk_initrd' and 'lilo' after upgrading the kernel.
Slackware alert: wu-ftpd remote exploit patched
A remote exploit has been found in the FTP daemon, wu-ftpd. This can
allow an attacker full access to your machine.
SuSE alert: kernel-2.2.x
The implementation of the capability feature of the kernel
SuSE alert: wuftpd-2.6
The wu-ftp FTP server does not do proper bounds checking while processing the SITE EXEC command.
Red Hat alert: remote root exploit (SITE EXEC) fixed
A security bug in wu-ftpd can permit remote users, even without
an account, to gain root access.
The new version closes the hole.
Debian alert: New Debian wu-ftpd packages released
The version of wu-ftpd distributed in Debian GNU/Linux 2.1 (a.k.a. slink),
as well as in the frozen (potato) and unstable (woody) distributions, is
vulnerable to a remote root compromise. The default configuration in all
current Debian packages prevents the currently available exploits in the
case of anonymous access, although local users could still possibly
compromise the server.
Red Hat alert: Zope update
Remote vulnerabilities exist with all Zope-
Red Hat alert: New Linux kernel fixes security bug
This new kernel release fixes a security hole that could
affect any setuid program on the system. In addition,
several accumulated fixes are included.
Red Hat alert: New Linux kernel fixes security bug
This new kernel release fixes a security hole that could
affect any setuid program on the system. In addition,
several accumulated fixes are included.
Red Hat alert: Updated Kerberos 5 packages are now available for Red Hat Linux.
Security vulnerabilities have been found in the Kerberos 5 implementation
shipped with Red Hat Linux 6.
Red Hat alert: Updated Kerberos 5 packages are now available for Red Hat Linux.
Security vulnerabilities have been found in the Kerberos 5 implementation
shipped with Red Hat Linux 6.
« Previous ( 1 ... 2048 2049 2050 2051 2052 2053 2054 2055 2056 2057 2058 ... 2062 ) Next »