Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 ... 2193 ) Next »
Red Hat alert: Updated KDE packages fix security issue
Updated KDE packages that resolve a vulnerability in KDE's SSL
implementation are now available.
Red Hat alert: Updated kon2 packages fix buffer overflow
A buffer overflow in kon2 allows local users to obtain root privileges.
Red Hat alert: Updated 2.4 kernel fixes vulnerabilities and driver bugs
Updated kernel packages are now available that contain fixes for security
vulnerabilities as well as fixes for bugs in the audigy, cmd640 IDE, and USB
drivers.
Mandrake alert: Updated apache2 packages fix vulnerabilities
Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.
Red Hat alert: Updated 2.4 kernel fixes vulnerability
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now
available. These packages fix a ptrace-related vulnerability that can
lead to elevated (root) privileges.
[Updated 30 March 2003]
Updated kernel packages for Red Hat Linux 7.2 ia64 have been added.
[Updated 28 May 2003]
Replacement kernel packages for Red Hat Linux 7.2 ia64 have been added; the
previous packages did not contain the fix for the ptrace vulnerability.
Mandrake alert: Updated apache2 packages fix vulnerabilities
Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.
Red Hat alert: Updated ghostscript packages fix vulnerability
New ghostscript packages fixing a command execution vulnerability are now
available.
Mandrake alert: Updated cups packages fix Denial of Service vulnerability
A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default).
Slackware alert: CUPS DoS vulnerability fixed (SSA:2003-149-01)
Upgraded CUPS packages are available for Slackware 8.1, 9.0,
and -current to fix a denial of service attack vulnerability.
Debian alert: New gps packages fix multiple vulnerabilities
gPS is a graphical application to watch system processes. In release
1.1.0 of the gps package, several security vulnerabilities were fixed,
as detailed in the changelog:
Red Hat alert: Updated httpd packages fix Apache security vulnerabilities
Updated httpd packages that fix two security issues are now available for
Red Hat Linux 8.0 and 9.
SuSE alert: glibc
Another integer overflow was found in glibc' XDR code. This bug is equal to the one described in advisory SuSE-SA:2002:031. The overflow occurs in the function xdrmem_getbytes() and can be used by external attackers to execute arbitrary code.
Red Hat alert: Updated CUPS packages fix denial of service attack
Updated CUPS packages that fix a denial of service vulnerability are now
available.
Mandrake alert: Updated gnupg packages fix validation bug
A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid.
Slackware alert: REVISED quotacheck security fix in rc.M (SSA:2003-141-06a)
NOTE: The original advisory quotes a section of the Slackware ChangeLog
which had inadvertently reversed the options to quotacheck. The correct
option to use is 'm'. A corrected advisory follows:
Slackware alert: quotacheck security fix in rc.M (SSA:2003-141-06)
An upgraded sysvinit package is available which fixes a problem with
the use of quotacheck in /etc/rc.d/rc.M. The original version of
rc.M calls quotacheck like this:
Slackware alert: mod_ssl RSA blinding fixes (SSA:2003-141-05)
An upgrade for mod_ssl to version 2.8.14_1.3.27 is now available.
This version provides RSA blinding by default which prevents an
extended timing analysis from revealing details of the secret key
to an attacker. Note that this problem was already fixed within
OpenSSL, so this is a "double fix". With this package, mod_ssl
is secured even if OpenSSL is not.
Slackware alert: GnuPG key validation fix (SSA:2003-141-04)
A key validation bug which results in all user IDs on a given key
being treated with the validity of the most-valid user ID on that
key has been fixed with the release of GnuPG 1.2.2.
Slackware alert: glibc XDR overflow fix (SSA:2003-141-03)
An integer overflow in the xdrmem_getbytes() function found in the glibc
library has been fixed. This could allow a remote attacker to execute
arbitrary code by exploiting RPC service that use xdrmem_getbytes(). None of
the default RPC services provided by Slackware appear to use this function,
but third-party applications may make use of it.
Slackware alert: BitchX security fixes (SSA:2003-141-02)
New BitchX packages are available to fix security problems found
by Timo Sirainen. BitchX is an IRC (Internet Relay Chat) client.
Under certain circumstances, a malicious IRC server could cause
BitchX to crash, or possibly to run arbitrary code as the user
running BitchX.
« Previous ( 1 ... 2118 2119 2120 2121 2122 2123 2124 2125 2126 2127 2128 ... 2193 ) Next »