Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 ... 2119 ) Next »
Debian alert: New dhcp3 packages fix arbitrary code execution
The Internet Software Consortium discoverd several vulnerabilities
during an audit of the ISC DHCP Daemon. The vulnerabilities exist in
error handling routines within the minires library and may be
exploitable as stack overflows. This could allow a remote attacker to
execute arbitrary code under the user id the dhcpd runs under, usually
root. Other DHCP servers than dhcp3 doesn't seem to be affected.
Debian alert: New bugzilla packages fix unauthorized data modification
Two vulnerabilities have been discovered in Bugzilla, a web-based bug
tracking system, by its authors. The Common Vulnerabilities and
Exposures Project identifies the following vulnerabilities:
Red Hat alert: Updated vim packages fix modeline vulnerability
Updated vim packages are now available for Red Hat Linux. These
updates resolve a security issue when opening a specially crafted text
file.
Red Hat alert: Updated dhcp packages fix security vulnerabilities
Several potential stack overflow vulnerabilities affect the ISC DHCPD
server. This advisory provides fixed packages for Red Hat Linux 8.0.
Red Hat alert: Updated MySQL packages fix various security issues
Updated MySQL packages are available for Red Hat Linux 7, 7.1, 7.2, 7.3,
and 8.0 which fix security vulnerabilities found in the MySQL server.
Debian alert: New IMP packages fix SQL injection and typo
The advisory DSA 229-1 contained a typo in one file which could cause
certain installations to fail suddenly.
Debian alert: New IMP packages fix SQL injection
Jouko Pynnonen discovered a probem with IMP, a web based IMAP mail
program. Using carefully crafted URLs a remote attacker is able to
inject SQL code into SQL queries without proper user authentication.
Even though results of SQL queries aren't directly readable from the
screen, an attacker might. update his mail signature to contain wanted
query results and then view it on the preferences page of IMP.
Mandrake alert: Updated OpenLDAP packages fix multiple vulnerabilities
A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well.
Mandrake alert: Updated leafnode packages fix remote DoS vulnerability
A vulnerability was discovered by Jan Knutar in leafnode that Mark Brown pointed out could be used in a Denial of Service attack. This vulnerability causes leafnode to go into an infinite loop with 100% CPU use when an article that has been crossposed to several groups, one of which is the prefix of another, is requested by it's Message-ID.
Red Hat alert: Updated PostgreSQL packages fix security issues and bugs
Updated PostgreSQL packages are available for Red Hat Linux 7.3 and 8.0.
These packages correct several security and other bugs. A separate
advisory deals with updated PostgreSQL packages for Red Hat Linux 6.2, 7,
7.1, and 7.
Red Hat alert: Updated PostgreSQL packages fix buffer overrun vulnerabilities
Updated PostgreSQL packages are available for Red Hat Linux 6.2, 7, 7.1,
and 7.2 where we have backported a number of security fixes. A separate
advisory deals with updated PostgreSQL packages for Red Hat Linux 7.3 and 8.0.
Debian alert: New libmcrypt packages fix buffer overflows and memory leak
Ilia Alshanetsky discovered several buffer overflows in libmcrypt, a
decryption and encryption library, that originates in from improper or
lacking input validation. By passing input which is longer then
expected to a number of functions (multiple functions are affected)
the user can successful make libmcrypt crash and may be able to insert
arbitrary, malicious, code which will be executed under the user
libmcrypt runs as, e.g. inside a web server.
SuSE alert: libpng
The library libpng provides several functions to encode, decode and manipulate Portable Network Graphics (PNG) image files. Due to wrong calculation of some loop offset values a buffer overflow can occur. The buffer overflow can lead to Denial-of-Service or even to remote compromise.
Mandrake alert: Updated KDE packages fix multiple vulnerabilities
Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources.
Mandrake alert: Updated krb5 packages fix incorrect initscripts
A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected.
Red Hat alert: Updated CUPS packages fix various vulnerabilities
Updated CUPS packages are available for Red Hat Linux 7.3 and 8.0 which fix
various security issues.
Red Hat alert: Updated libpng packages fix buffer overflow
Updated libpng packages are available that fix a buffer overflow vulnerability.
Debian alert: New openldap packages fix buffer overflows and remote exploit
The SuSE Security Team reviewed critical parts of openldap2, an
implementation of the Lightweight Directory Access Protocol (LDAP)
version 2 and 3, and found several buffer overflows and other bugs
remote attackers could exploit to gain access on systems running
vulnerable LDAP servers. In addition to these bugs, various local
exploitable bugs within the OpenLDAP2 libraries have been fixed.
Debian alert: New xpdf-i packages fix arbitrary command execution
iDEFENSE discovered an integer overflow in the pdftops filter from the
xpdf and xpdf-i packages that can be exploited to gain the privileges
of the target user. This can lead to gaining privileged access to the
'lp' user if thee pdftops program is part of the print filter.
Mandrake alert: Updated dhcpcd packages fix character expansion vulnerability
A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-<interface>.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-<interface>.info which contains shell variables and DHCP assignment information. The way quotes are handled inside these assignments is flawed, and a malicious DHCP server can execute arbitrary shell commands on the vulnerable DHCP client system. This can also be exploited by an attacker able to spoof DHCP responses.
« Previous ( 1 ... 2059 2060 2061 2062 2063 2064 2065 2066 2067 2068 2069 ... 2119 ) Next »