Showing headlines posted by dave
« Previous ( 1 ... 520 521 522 523 524 525 526 527 528 529 530 ... 595 ) Next »Debian alert: OpenSSH buffer management fix
This advisory is an addition to the earlier DSA-382-1 advisory: two more
buffer handling problems have been found in addition to the one
described in DSA-382-1. It is not known if these bugs are exploitable,
but as a precaution an upgrade is advised.
Mandrake alert: Updated kdebase packages fix vulnerabilities in KDM
A vulnerability was discovered in all versions of KDE 2.2.0 up to and including 3.1.3. KDM does not check for successful completion of the pam_setcred() call and in the case of error conditions in the installed PAM modules, KDM may grant local root access to any user with valid login credentials. It has been reported to the KDE team that a certain configuration of the MIT pam_krb5 module can result in a failing pam_setcred() call which leaves the session alive and would provide root access to any regular user. It is also possible that this vulnerability can likewise be exploited with other PAM modules in a similar manner.
Red Hat alert: Updated KDE packages fix security issues
Updated KDE packages that resolve a local security issue with KDM PAM
support and weak session cookie generation are now available.
SuSE alert: openssh
The openssh package is the most widely used implementation of the secure shell protocol family (ssh). It provides a set of network connectivity tools for remote (shell) login, designed to substitute the traditional BSD-style r-protocols (rsh, rlogin). openssh has various authentification mechanisms and many other features such as TCP connection and X11 display forwarding over the fully encrypted network connection as well as file transfer facilities.
Mandrake alert: Updated openssh packages fix buffer management error
A buffer management error was discovered in all versions of openssh prior to version 3.7. According to the OpenSSH team's advisory: "It is uncertain whether this error is potentially exploitable, however, we prefer to see bugs fixed proactively." There have also been reports of an exploit in the wild.
Mozilla Links Newsletter - 2 - September 16, 2003
Starting today, we are opening a design contest for Mozilla Links.
You have a chance to let your creativity be known and shape the look
of this newsletter. Take your your best shot at either the Mozilla
Links logo or the Mozilla Links newsletter look. You have until
October 15th, 2003 to send us your work. Winners will be announced in
the following issue to be released on October 28th.
Slackware alert: OpenSSH Security Advisory (SSA:2003-259-01)
Upgraded OpenSSH packages are available for Slackware 8.1, 9.0 and
- -current. These fix a buffer management error found in versions of
OpenSSH earlier than 3.7. The possibility exists that this error
could allow a remote exploit, so we recommend all sites running
OpenSSH upgrade to the new OpenSSH package immediately.
Debian alert: OpenSSH buffer management fix
A bug has been found in OpenSSH's buffer handling where a buffer could
be marked as grown when the actual reallocation failed.
Red Hat alert: Updated OpenSSH packages fix potential vulnerability
Updated OpenSSH packages are now available that fix a bug that may be
remotely exploitable.
Havoc Pennington: Linux has its Nails on UNIX's Coffin
Today we feature a very interesting interview with Havoc Pennington. Havoc works for Red Hat, he is heading the desktop team, while he is well known also for his major contributions to GNOME, his GTK+ programming book, plus the freedesktop.org initiative which aims to standardize the X11 desktop environments. In the following interview we discuss about the changes inside Red Hat, Xouvert, freedesktop.org and Gnome's future, and how Linux, in general, is doing in the desktop market.
Debian alert: New mysql packages fix buffer overflow
MySQL, a popular relational database system, contains a buffer
overflow condition which could be exploited by a user who has
permission to execute "ALTER TABLE" commands on the tables in the
"mysql" database. If successfully exploited, this vulnerability
could allow the attacker to execute arbitrary code with the
privileges of the mysqld process (by default, user "mysql"). Since
the "mysql" database is used for MySQL's internal record keeping, by
default the mysql administrator "root" is the only user with
permission to alter its tables.
Debian alert: New xfree86 packages fix multiple vulnerabilities
Four vulnerabilities have been discovered in XFree86.
Mandrake alert: Updated XFree86 packages fix multiple vulnerabilities
Several vulnerabilities were discovered by blexim(at)hush.com in the font libraries of XFree86 version 4.3.0 and earlier. These bugs could potentially lead to execution of arbitrary code or a DoS by a remote user in any way that calls these functions, which are related to the transfer and enumeration of fonts from font servers to clients.
Debian alert: New sane-backends packages fix several vulnerabilities
Alexander Hvostov, Julien Blache and Aurelien Jarno discovered several
security-related problems in the sane-backends package, which contains
an API library for scanners including a scanning daemon (in the
package libsane) that can be remotely exploited. Thes problems allow
a remote attacker to cause a segfault fault and/or consume arbitrary
amounts of memory. The attack is successful, even if the attacker's
computer isn't listed in saned.conf.
SuSE alert: pine
The well known and widely used mail client pine is vulnerable to a buffer overflow. The vulnerability exists in the code processing 'message/external-body' type messages. It allows remote attackers to execute arbitrary commands as the user running pine. Additionally an integer overflow in the MIME header parsing code has been fixed.
Red Hat alert: Updated pine packages fix vulnerabilities
Updated Pine packages that resolve remotely exploitable security issues are
now available.
Slackware alert: security issues in pine (SSA:2003-253-01)
Upgraded pine packages are available for Slackware 8.1, 9.0 and
- -current. These fix two security problems found by iDEFENSE Labs
which could lead to arbitrary code execution when a specially
crafted email is processed by Pine.
Interview with YellowTAB's Bernd Korz
Tonight we had a quick chat with YellowTAB's Bernd Korz over the Zeta OS. The German engineer, manager and spokesperson of YellowTAB is speaking of the release date, the changing goals of Zeta and more. Read more for the interesting transcript.
Red Hat alert: Updated gtkhtml packages fix vulnerability
Updated gtkhtml packages that fix a null pointer dereference are now available.
Slackware alert: inetd DoS patched (SSA:2003-251-01)
Upgraded inetd packages are available for Slackware 8.1, 9.0 and - -current. These fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes. An attacker could use a quick burst of connections every ten minutes to effectively disable a service.
« Previous ( 1 ... 520 521 522 523 524 525 526 527 528 529 530 ... 595 ) Next »