Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 3950 3951 3952 3953 3954 3955 3956 3957 3958 3959 3960 ... 4029 ) Next »
SuSE alert: sane
The sane (Scanner Access Now Easy) package provides access to scanners either locally or remotely over the network.
Debian alert: New minimalist package fixes remote command execution
A security-related problem has been discovered in minimalist, a
mailing list manager, which allows a remote attacker to execute
arbitrary commands.
Debian alert: New hylafax packages fix remote root exploit
The SuSE Security Team discovered several exploitable formats string
vulnerabilities in hylafax, a flexible client/server fax system, which
could lead to executing arbitrary code as root on the fax server.
Fedora Core 1 Update: glibc-2.3.2-101.1
Herbert Xu reported that various applications can accept spoofed messages
sent on the kernel netlink interface by other users on the local machine.
This could lead to a local denial of service attack. The glibc function
getifaddrs uses netlink and could therefore be vulnerable to this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0859 to this issue.
Red Hat alert: Updated glibc packages provide security and bug fixes
Updated glibc packages that resolve vulnerabilities and address several bugs
are now available.
Red Hat alert: Updated zebra packages fix security vulnerabilities
Updated zebra packages that close a locally-exploitable and a
remotely-exploitable denial of service vulnerability are now available.
Red Hat alert: Updated PostgreSQL packages fix buffer overflow
Updated PostgreSQL packages that correct a buffer overflow in the to_ascii
routines are now available.
Mandrake alert: Updated fileutils and coreutils packages fix vulnerabilities
A memory starvation denial of service vulnerability in the ls program was discovered by Georgi Guninski. It is possible to allocate a huge amount of memory by specifying certain command-line arguments. It is also possible to exploit this remotely via programs that call ls such as wu-ftpd (although wu-ftpd is no longer shipped with Mandrake Linux).
Red Hat alert: Updated glibc packages provide security and bug fixes
Updated glibc packages that resolve vulnerabilities and address several bugs
are now available.
Mozilla Links Newsletter - 6 - November 11, 2003
On our last issue we asked which e-mail application (client) you used
to read this newsletter. A surprising 20% of respondants said they
use another e-mail client besides Mozilla, Microsoft Outlook, Opera
and Eudora and I wonder which could it be. So if you answer or use
another e-mail application, let us know which is it, and we will share
those names with other readers.
Debian alert: New omega-rpg packages fix local games exploit
Steve Kemp discovered a buffer overflow in the commandline and
environment variable handling of omega-rpg, a text-based rogue-style
game of dungeon exploration, which could lead a local attacker to gain
unauthorised access to the group games.
Mandrake alert: Updated hylafax packages fix remote root vulnerability
During a code review of the hfaxd server, part of the hylafax package, the SuSE Security Team discovered a format bug condition that allows remote attackers to execute arbitrary code as the root user. Updated packages have been patched to correct the problem.
Red Hat alert: Updated Ethereal packages fix security issues
Updated Ethereal packages that fix a number of exploitable security issues
are now available.
SuSE alert: hylafax
Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by a protocol similar to http://FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remote attackers to execute arbitrary code as root. However, the bug can not be triggered in hylafax' default configuration.
Debian alert: New epic4 packages fix denial of service
Jeremy Nelson discovered a remotely exploitable buffer overflow in
EPIC4, a popular client for Internet Relay Chat (IRC). A malicious
server could craft a reply which triggers the client to allocate a
negative amount of memory. This could lead to a denial of service if
the client only crashes, but may also lead to executing of arbitrary
code under the user id of the chatting user.
Debian alert: New conquest packages fix local conquest exploit
Steve Kemp discovered a buffer overflow in the environment variable
handling of conquest, a curses based, real-time, multi-player space
warfare game, which could lead a local attacker to gain unauthorised
access to the group conquest.
Debian alert: New PostgreSQL packages fix buffer overflow
Tom Lane discovered a buffer overflow in the to_ascii function in
PostgreSQL. This allows remote attackers to execute arbitrary code on
the host running the database.
Announcing Fedora Core 1
The Fedora Project is a Red Hat-sponsored and community-supported open
source project that promotes rapid development of innovative open
source software through a collaborative, community effort.
Mandrake alert: Updated CUPS packages fix denial of service vulnerability
A bug in versions of CUPS prior to 1.1.19 was reported by Paul Mitcheson in the Internet Printing Protocol (IPP) implementation would result in CUPS going into a busy loop, which could result in a Denial of Service (DoS) condition. To be able to exploit this problem, an attacker would need to be able to make a TCP connection to the IPP port (port 631 by default).
Slackware alert: apache security update (SSA:2003-308-01)
Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1,
and -current. These fix local vulnerabilities that could allow users
who can create or edit Apache config files to gain additional
privileges. Sites running Apache should upgrade to the new packages.
« Previous ( 1 ... 3950 3951 3952 3953 3954 3955 3956 3957 3958 3959 3960 ... 4029 ) Next »