Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 ... 4400 ) Next »

Red Hat alert: Updated PostgreSQL packages fix buffer overflow

  • Mailing list (Posted by dave on Nov 12, 2003 11:35 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated PostgreSQL packages that correct a buffer overflow in the to_ascii routines are now available.

Mandrake alert: Updated fileutils and coreutils packages fix vulnerabilities

A memory starvation denial of service vulnerability in the ls program was discovered by Georgi Guninski. It is possible to allocate a huge amount of memory by specifying certain command-line arguments. It is also possible to exploit this remotely via programs that call ls such as wu-ftpd (although wu-ftpd is no longer shipped with Mandrake Linux).

Red Hat alert: Updated glibc packages provide security and bug fixes

  • Mailing list (Posted by dave on Nov 12, 2003 7:30 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated glibc packages that resolve vulnerabilities and address several bugs are now available.

Mozilla Links Newsletter - 6 - November 11, 2003

On our last issue we asked which e-mail application (client) you used to read this newsletter. A surprising 20% of respondants said they use another e-mail client besides Mozilla, Microsoft Outlook, Opera and Eudora and I wonder which could it be. So if you answer or use another e-mail application, let us know which is it, and we will share those names with other readers.

Debian alert: New omega-rpg packages fix local games exploit

  • Mailing list (Posted by dave on Nov 11, 2003 2:03 AM EDT)
  • Story Type: Security; Groups: Debian
Steve Kemp discovered a buffer overflow in the commandline and environment variable handling of omega-rpg, a text-based rogue-style game of dungeon exploration, which could lead a local attacker to gain unauthorised access to the group games.

Mandrake alert: Updated hylafax packages fix remote root vulnerability

During a code review of the hfaxd server, part of the hylafax package, the SuSE Security Team discovered a format bug condition that allows remote attackers to execute arbitrary code as the root user. Updated packages have been patched to correct the problem.

Red Hat alert: Updated Ethereal packages fix security issues

  • Mailing list (Posted by dave on Nov 10, 2003 8:55 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Ethereal packages that fix a number of exploitable security issues are now available.

SuSE alert: hylafax

  • Mailing list (Posted by dave on Nov 10, 2003 5:44 AM EDT)
  • Story Type: Security; Groups: SUSE
Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by a protocol similar to http://FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remote attackers to execute arbitrary code as root. However, the bug can not be triggered in hylafax' default configuration.

Debian alert: New epic4 packages fix denial of service

  • Mailing list (Posted by dave on Nov 10, 2003 5:10 AM EDT)
  • Story Type: Security; Groups: Debian
Jeremy Nelson discovered a remotely exploitable buffer overflow in EPIC4, a popular client for Internet Relay Chat (IRC). A malicious server could craft a reply which triggers the client to allocate a negative amount of memory. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.

Debian alert: New conquest packages fix local conquest exploit

  • Mailing list (Posted by dave on Nov 10, 2003 12:27 AM EDT)
  • Story Type: Security; Groups: Debian
Steve Kemp discovered a buffer overflow in the environment variable handling of conquest, a curses based, real-time, multi-player space warfare game, which could lead a local attacker to gain unauthorised access to the group conquest.

Debian alert: New PostgreSQL packages fix buffer overflow

  • Mailing list (Posted by dave on Nov 6, 2003 10:52 PM EDT)
  • Story Type: Security; Groups: Debian
Tom Lane discovered a buffer overflow in the to_ascii function in PostgreSQL. This allows remote attackers to execute arbitrary code on the host running the database.

Announcing Fedora Core 1

The Fedora Project is a Red Hat-sponsored and community-supported open source project that promotes rapid development of innovative open source software through a collaborative, community effort.

Mandrake alert: Updated CUPS packages fix denial of service vulnerability

A bug in versions of CUPS prior to 1.1.19 was reported by Paul Mitcheson in the Internet Printing Protocol (IPP) implementation would result in CUPS going into a busy loop, which could result in a Denial of Service (DoS) condition. To be able to exploit this problem, an attacker would need to be able to make a TCP connection to the IPP port (port 631 by default).

Slackware alert: apache security update (SSA:2003-308-01)

Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to gain additional privileges. Sites running Apache should upgrade to the new packages.

Mandrake alert: Updated apache packages fix vulnerabilities

A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems.

Mandrake alert: Updated postgresql packages fix buffer overflow vulnerability

Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitrary instructions on the PostgreSQL server.

Red Hat alert: Updated CUPS packages fix denial of service

  • Mailing list (Posted by dave on Nov 3, 2003 6:30 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated CUPS packages that fix a problem where CUPS can hang are now available.

Red Hat alert: Updated fileutils/coreutils package fix ls vulnerabilities

  • Mailing list (Posted by dave on Nov 3, 2003 6:28 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated fileutils and coreutils packages that close a potential denial of service vulnerability are now available.

Red Hat alert: Updated CUPS packages fix denial of service

  • Mailing list (Posted by dave on Nov 3, 2003 12:26 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated CUPS packages that fix a problem where CUPS can hang are now available.

SuSE alert: thttpd

  • Mailing list (Posted by dave on Oct 31, 2003 3:36 AM EDT)
  • Story Type: Security; Groups: SUSE
Two vulnerabilities were found in the "tiny" web-server thttpd. The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. Due to memory-alignment of the stack done by gcc 3.x this bug can not be exploited. All thttpd versions mentioned in this advisory are compiled with gcc 3.x and are therefore not exploitable. The other bug occurs in the virtual-hosting code of thttpd. A remote attacker can bypass the virtual-hosting mechanism to read arbitrary files.

« Previous ( 1 ... 4321 4322 4323 4324 4325 4326 4327 4328 4329 4330 4331 ... 4400 ) Next »