Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 ... 4594 ) Next »

Mandrake alert: Updated apache2 packages fix vulnerabilities

Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.

Red Hat alert: Updated ghostscript packages fix vulnerability

  • Mailing list (Posted by dave on May 30, 2003 12:36 AM EDT)
  • Story Type: Security; Groups: Red Hat
New ghostscript packages fixing a command execution vulnerability are now available.

Mandrake alert: Updated cups packages fix Denial of Service vulnerability

A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default).

Slackware alert: CUPS DoS vulnerability fixed (SSA:2003-149-01)

Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current to fix a denial of service attack vulnerability.

Debian alert: New gps packages fix multiple vulnerabilities

  • Mailing list (Posted by dave on May 28, 2003 6:01 PM EDT)
  • Story Type: Security; Groups: Debian
gPS is a graphical application to watch system processes. In release 1.1.0 of the gps package, several security vulnerabilities were fixed, as detailed in the changelog:

Red Hat alert: Updated httpd packages fix Apache security vulnerabilities

  • Mailing list (Posted by dave on May 28, 2003 8:30 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated httpd packages that fix two security issues are now available for Red Hat Linux 8.0 and 9.

SuSE alert: glibc

  • Mailing list (Posted by dave on May 27, 2003 6:20 AM EDT)
  • Story Type: Security; Groups: SUSE
Another integer overflow was found in glibc' XDR code. This bug is equal to the one described in advisory SuSE-SA:2002:031. The overflow occurs in the function xdrmem_getbytes() and can be used by external attackers to execute arbitrary code.

Red Hat alert: Updated CUPS packages fix denial of service attack

  • Mailing list (Posted by dave on May 27, 2003 1:42 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated CUPS packages that fix a denial of service vulnerability are now available.

Mandrake alert: Updated gnupg packages fix validation bug

A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid.

Slackware alert: REVISED quotacheck security fix in rc.M (SSA:2003-141-06a)

NOTE: The original advisory quotes a section of the Slackware ChangeLog which had inadvertently reversed the options to quotacheck. The correct option to use is 'm'. A corrected advisory follows:

Slackware alert: quotacheck security fix in rc.M (SSA:2003-141-06)

An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in /etc/rc.d/rc.M. The original version of rc.M calls quotacheck like this:

Slackware alert: mod_ssl RSA blinding fixes (SSA:2003-141-05)

An upgrade for mod_ssl to version 2.8.14_1.3.27 is now available. This version provides RSA blinding by default which prevents an extended timing analysis from revealing details of the secret key to an attacker. Note that this problem was already fixed within OpenSSL, so this is a "double fix". With this package, mod_ssl is secured even if OpenSSL is not.

Slackware alert: GnuPG key validation fix (SSA:2003-141-04)

A key validation bug which results in all user IDs on a given key being treated with the validity of the most-valid user ID on that key has been fixed with the release of GnuPG 1.2.2.

Slackware alert: glibc XDR overflow fix (SSA:2003-141-03)

An integer overflow in the xdrmem_getbytes() function found in the glibc library has been fixed. This could allow a remote attacker to execute arbitrary code by exploiting RPC service that use xdrmem_getbytes(). None of the default RPC services provided by Slackware appear to use this function, but third-party applications may make use of it.

Slackware alert: BitchX security fixes (SSA:2003-141-02)

New BitchX packages are available to fix security problems found by Timo Sirainen. BitchX is an IRC (Internet Relay Chat) client. Under certain circumstances, a malicious IRC server could cause BitchX to crash, or possibly to run arbitrary code as the user running BitchX.

Slackware alert: EPIC4 security fixes (SSA:2003-141-01)

New EPIC4 packages are available to fix security problems found by Timo Sirainen. EPIC4 is an IRC (Internet Relay Chat) client. Under certain circumstances, a malicious IRC server could cause EPIC4 to crash, or possibly to run arbitrary code as the user running EPIC4.

Mandrake alert: Updated LPRng packages fix insecure temporary file vulnerability

Karol Lewandowski discovered a problem with psbanner, a printer filter that creates a PostScript format banner. psbanner creates a temporary file for debugging purposes when it is configured as a filter, and does not check whether or not this file already exists or is a symlink. The filter will overwrite this file, or the file it is pointing to (if it is a symlink) with its current environment and called arguments with the user id that LPRng is running as.

Mandrake alert: Updated lpr packages fix local root vulnerability

A buffer overflow was discovered in the lpr printer spooling system that can be exploited by a local user to gain root privileges. This can be done even if the printer is configured properly.

Mandrake alert: Updated cdrecord packages fix local root compromise

A vulnerability in cdrecord was discovered that can be used to obtain root access because Mandrake Linux ships with the cdrecord binary suid root and sgid cdwriter.

Red Hat alert: Updated gnupg packages fix validation bug

  • Mailing list (Posted by dave on May 20, 2003 7:46 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated gnupg packages correcting a bug in the GnuPG key validation functions are now available.

« Previous ( 1 ... 4528 4529 4530 4531 4532 4533 4534 4535 4536 4537 4538 ... 4594 ) Next »