Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 ... 4587 ) Next »

SuSE alert: ethereal

  • Mailing list (Posted by dave on Mar 21, 2003 3:51 AM EDT)
  • Story Type: Security; Groups: SUSE
Ethereal is a GUI for analyzing and displaying network traffic. Ethereal is vulnerable to a format string bug in it's SOCKS code and to a heap buffer overflow in it's NTLMSSP code. These bugs can be abused to crash ethereal or maybe to execute arbitrary code on the machine running ethereal.

SuSE alert: qpopper

  • Mailing list (Posted by dave on Mar 21, 2003 3:44 AM EDT)
  • Story Type: Security; Groups: SUSE
The Post-Office-Protocol- (POP-) Server qpopper (version 4) was vulnerable to a buffer overflow. The buffer overflow occurs after authentication has taken place. Therefore pop-users with a valid account can execute arbitrary code on the system running qpopper. Depending on the setup, the malicious code is run with higher privileges.

SuSE alert: file

  • Mailing list (Posted by dave on Mar 21, 2003 3:39 AM EDT)
  • Story Type: Security; Groups: SUSE
The file command can be used to determine the type of files. iDEFENSE published a security report about a buffer overflow in the handling-routines for the ELF file-format. In conjunction with other mechanisms like print-filters, cron-jobs, eMail-scanners (like AMaViS) and alike this vulnerability can be used to gain higher privileges or to compromise the system remotely.

Red Hat alert: Updated Evolution packages fix multiple vulnerabilities

  • Mailing list (Posted by dave on Mar 20, 2003 11:35 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Evolution packages are available which fix several vulnerabilities.

Red Hat alert: New kernel 2.2 packages fix vulnerabilities

  • Mailing list (Posted by dave on Mar 19, 2003 11:59 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated kernel packages for Red Hat Linux 6.2 and 7.0 are now available that fix several security vulnerabilities.

Red Hat alert: Updated glibc packages fix vulnerabilities in RPC XDR decoder

  • Mailing list (Posted by dave on Mar 19, 2003 1:10 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated glibc packages are available to fix an integer overflow in the XDR decoder.

Debian alert: New lxr packages fix information disclosure

  • Mailing list (Posted by dave on Mar 19, 2003 5:10 AM EDT)
  • Story Type: Security; Groups: Debian
Upstream developers of lxr, a general hypertext cross-referencing tool, have been alerted of a vulnerability that allows a remote attacker to read arbitrary files on the host system as user www-data. This could disclose local files that were not meant to be shared with the public.

SuSE alert: samba

  • Mailing list (Posted by dave on Mar 19, 2003 3:03 AM EDT)
  • Story Type: Security; Groups: SUSE
Sebastian Krahmer, SuSE Security Team, reviewed security-critical parts of the Samba server within the scope of security audits that the SuSE Security Team conducts on a regular basis for security-critical Open Source Software. Buffer overflows and a chown race condition have been discovered and fixed during the security audit. The buffer overflow vulnerabilitiy allows a remote attacker to execute arbitrary commands as root on the system running samba. In addition to the flaws fixed in the samba server, some overflow conditions in the samba-client package have been fixed with the available update packages. It is strongly recommended to install the update packages on a system where the samba package is used.

SuSE alert: samba

  • Mailing list (Posted by dave on Mar 19, 2003 2:27 AM EDT)
  • Story Type: Security; Groups: SUSE
Sebastian Krahmer, SuSE Security Team, reviewed security-critical parts of the Samba server within the scope of security audits that the SuSE Security Team conducts on a regular basis for security-critical Open Source Software. Buffer overflows and a chown race condition have been discovered and fixed during the security audit. The buffer overflow vulnerabilitiy allows a remote attacker to execute arbitrary commands as root on the system running samba. In addition to the flaws fixed in the samba server, some overflow conditions in the samba-client package have been fixed with the available update packages. It is strongly recommended to install the update packages on a system where the samba package is used.

Mandrake alert: Updated zlib packages fix buffer overrun vulnerability

Richard Kettlewell discovered a buffer overflow vulnerability in the zlib library's gzprintf() function. This can be used by attackers to cause a denial of service or possibly even the execution of arbitrary code. Our thanks to the OpenPKG team for providing a patch which adds the necessary configure script checks to always use the secure vsnprintf(3) and snprintf(3) functions, and which additionally adjusts the code to correctly take into account the return value of vsnprintf(3) and snprintf(3).

Red Hat alert: New samba packages fix security vulnerabilities

  • Mailing list (Posted by dave on Mar 17, 2003 3:57 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Samba packages are now available to fix security vulnerabilities found during a code audit.

Red Hat alert: Updated 2.4 kernel fixes vulnerability

  • Mailing list (Posted by dave on Mar 17, 2003 7:15 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now available. These packages fix a ptrace-related vulnerability that can lead to elevated (root) privileges.

Debian alert: New tcpdump packages fix denial of service vulnerability

  • Mailing list (Posted by dave on Mar 17, 2003 5:58 AM EDT)
  • Story Type: Security; Groups: Debian
Al Viro and Alan Cox discovered several maths overflow errors in NetPBM, a set of graphics conversion tools. These programs are not installed setuid root but are often installed to prepare data for processing. These vulnerabilities may allow remote attackers to cause a denial of service or execute arbitrary code.

Red Hat alert: Updated rxvt packages fix various vulnerabilites

  • Mailing list (Posted by dave on Mar 17, 2003 4:44 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated rxvt packages are available which fix a number of vulnerabilities in the handling of escape sequences.

Red Hat alert: Updated Gnome-lokkit packages fix vulnerability

  • Mailing list (Posted by dave on Mar 17, 2003 3:36 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Gnome-lokkit packages fix missing FORWARD ruleset in Red Hat Linux 8.0

Mandrake alert: Updated samba packages fix remote root vulnerability

The SuSE security team, during an audit of the Samba source code, found a flaw in the main smbd code which could allow an external attacker to remotely and anonymously gain root privilege on a system running the Samba server. This flaw exists in all version of Samba 2.x up to and including 2.2.7a. The Samba team announced 2.2.8 today, however these updated packages include a patch that corrects this problem.

Slackware alert: Samba buffer overflow fixed

The samba packages in Slackware 8.1 and -current have been patched to fix a security problem. All sites running samba should upgrade.

Debian alert: samba security fix

  • Mailing list (Posted by dave on Mar 15, 2003 7:42 AM EDT)
  • Story Type: Security; Groups: Debian
Sebastian Krahmer of the SuSE security audit team found two problems in samba, a popular SMB/CIFS implementation. The problems are:

Mandrake alert: Updated usermode packages remove insecure shutdown command

The /usr/bin/shutdown command that comes with the usermode package can be executed by local users to shutdown all running processes and drop into a root shell. This command is not really needed to shutdown a system, so it has been removed and all users are encouraged to upgrade. Please note that the user must have local console access in order to obtain a root shell in this fashion. Update: The previous updated packages did not properly fix the problem. The pam files that allow a (physically) local user to shutdown were not removed. This has been corrected.

Debian alert: New tcpdump packages fix denial of service vulnerability

  • Mailing list (Posted by dave on Mar 14, 2003 5:10 AM EDT)
  • Story Type: Security; Groups: Debian
A problem has been discovered in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted RADIUS network packet which causes tcpdump to enter an infinite loop.

« Previous ( 1 ... 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 ... 4587 ) Next »