Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 ... 4583 ) Next »

Mandrake alert: Updated slocate packages fix buffer overflow

A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7.

Mandrake alert: Updated kernel packages fix a number of bugs

An updated kernel for 9.0 is available with a number of bug fixes. Supermount has been completely overhauled and should be solid on all systems. Other fixes include XFS with high memory, a netfilter fix, a fix for Sony VAIO DMI, i845 should now work with UDMA, and new support for VIA C3 is included. Prism24 has been updated so it now works properly on HP laptops and a new ACPI is included, although it is disabled by default for broader compatibility.

Red Hat alert: Updated PHP packages available

  • Mailing list (Posted by dave on Feb 4, 2003 11:42 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated PHP packages are available that fix a vulnerability in the wordwrap() function and a number of compatibility bugs.

Red Hat alert: Updated 2.4 kernel fixes various vulnerabilities

  • Mailing list (Posted by dave on Feb 4, 2003 9:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now available that fix an information leak from several ethernet drivers, and a file system issue.

Mandrake alert: Updated MySQL packages fix DoS vulnerability

Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account.

Mandrake alert: Updated vim packages fix arbitrary command execution vulnerability

A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages.

Debian alert: New hypermail packages fix arbitrary code execution

  • Mailing list (Posted by dave on Jan 31, 2003 5:24 AM EDT)
  • Story Type: Security; Groups: Debian
Ulf Harnhammar discovered two problems in hypermail, a program to create HTML archives of mailing lists.

Red Hat alert: Updated kerberos packages fix vulnerability in ftp client

  • Mailing list (Posted by dave on Jan 30, 2003 11:43 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages fix a vulnerability found in the Kerberos ftp client distributed with the Red Hat Linux krb5 packages.

Debian alert: New courier packages fix SQL injection

  • Mailing list (Posted by dave on Jan 30, 2003 5:46 AM EDT)
  • Story Type: Security; Groups: Debian
The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiting this vulnerability. The MySQL auth module is not affected.

Debian alert: New tomcat packages fix information exposure and cross site scripting

  • Mailing list (Posted by dave on Jan 29, 2003 6:36 AM EDT)
  • Story Type: Security; Groups: Debian
The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems:

Debian alert: New dhcp3 packages fix potential network flood

  • Mailing list (Posted by dave on Jan 28, 2003 5:19 AM EDT)
  • Story Type: Security; Groups: Debian
Florian Lohoff discovered a bug in the dhcrelay causing it to send a continuing packet storm towards the configured DHCP server(s) in case of a malicious BOOTP packet, such as sent from buggy Cisco switches.

Mandrake alert: Updated fetchmail packages fix remote exploit vulnerability

A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail.

Debian alert: New noffle packages fix buffer overflows

  • Mailing list (Posted by dave on Jan 27, 2003 6:26 AM EDT)
  • Story Type: Security; Groups: Debian
Dan Jacobson noticed a problem in noffle, an offline news server, that leads to a segmentation fault. It is not yet clear whether this problem is exploitable. However, if it is, a remote attacker could trigger arbitrary code execution under the user that calls noffle, probably news.

Debian alert: New kdemultimedia packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 24, 2003 7:03 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdebase packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 24, 2003 6:08 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdeutils packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 24, 2003 4:38 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdegames packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 9:51 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdesdk packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 6:56 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdepim packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 5:12 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdenetwork packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 4:57 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

« Previous ( 1 ... 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 ... 4583 ) Next »