Showing headlines posted by dave
« Previous ( 1 ... 524 525 526 527 528 529 530 531 532 533 534 ... 595 ) Next »SuSE alert: wuftpd
Janusz Niewiadomski and Wojciech Purczynski of iSEC Security Research have found a single byte buffer overflow in the Washington University ftp daemon (wuftpd), a widely used ftp server for Linux-like systems. It is yet unclear if this bug is (remotely) exploitable. Positive exploitability may result in a remote root compromise of a system running the wuftpd ftp daemon.
Red Hat alert: Updated wu-ftpd packages fix remote vulnerability.
Updated wu-ftpd packages are now available that fix a remotely exploitable
security issue.
Debian alert: New xtokkaetama packages fix buffer overflows
Steve Kemp discovered two buffer overflows in xtokkaetama, a puzzle
game, when processing the -display command line option and the
XTOKKAETAMADIR environment variable. These vulnerabilities could be
exploited by a local attacker to gain gid 'games'.
Debian alert: New gallery packages fix cross-site scripting
Larry Nguyen discovered a cross site scripting vulnerability in gallery,
a web-based photo album written in php. This security flaw can allow a
malicious user to craft a URL that executes Javascript code on your
website.
Debian alert: New xconq packages fix buffer overflows
Steve Kemp discovered a buffer overflow in xconq, in processing the
USER environment variable. In the process of fixing this bug, a
similar problem was discovered with the DISPLAY environment
variable. This vulnerability could be exploited by a local attacker
to gain gid 'games'.
Red Hat alert: Updated openssh packages available
Updated OpenSSH packages are now available. These updates close an
information leak caused by sshd's interaction with the PAM system.
Debian alert: New sup packages fix insecure temporary file creation
sup, a package used to maintain collections of files in identical
versions across machines, fails to take appropriate security
precautions when creating temporary files. A local attacker could
exploit this vulnerability to overwrite arbitrary files with the
privileges of the user running sup.
Red Hat alert: Updated stunnel packages fix signal vulnerability
Updated stunnel packages are now available for Red Hat Linux 7.1, 7.2, 7.3,
and 8.0. These updates correct a potential vulnerability in stunnel's
signal handling.
Mandrake alert: Updated kernel packages fix multiple vulnerabilities
Multiple vulnerabilities were discovered and fixed in the Linux kernel.
Red Hat alert: Updated semi packages fix vulnerability
Updated semi packages that fix vulnerabilities in semi's temporary file
handling are now available for Red Hat Linux 7.1, 7.2, and 7.3.
Debian alert: New fdclone packages fix insecure temporary directory usage
fdclone creates a temporary directory in /tmp as a workspace.
However, if this directory already exists, the existing directory is
used instead, regardless of its ownership or permissions. This would
allow an attacker to gain access to fdclone's temporary files and
their contents, or replace them with other files under the attacker's
control.
Mandrake alert: Updated mpg123 packages fix vulnerability
A vulnerability in the mpg123 mp3 player could allow local and/or remote attackers to cause a DoS and possibly execute arbitrary code via an mp3 file with a zero bitrate, which causes a negative frame size.
Mandrake alert: Updated xpdf packages fix arbitrary code execution vulnerability
Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document. Update: New packages are available as the previous patches that had been applied did not correct all possible ways of exploiting this issue.
Mandrake alert: MDKSA-2003:077 correction
The advisory announced this morning (MDKSA-2003:077 for phpgroupware)
contains an incorrect CVE name which referenced a mpg123 vulnerability.
Mandrake alert: Updated phpgroupware packages fix multiple vulnerabilities
Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is being actively exploited.
Red Hat alert: Updated Mozilla packages fix security vulnerability.
Updated Mozilla packages fixing various bugs and security issues are now
available.
[Updated 18 July 2003]
Our Mozilla packages were found to be incompatible with Galeon. Updated
versions of Galeon are now included for Red Hat Linux 7.2, 7.3, and 8.0.
In addition new builds of Mozilla for Red Hat Linux 8.0 are included as the
previous packages were built with the wrong compiler.
Red Hat alert: Updated 2.4 kernel fixes vulnerabilities
Updated kernel packages are now available fixing several security
vulnerabilities.
Mandrake alert: Updated nfs-utils packages fix buffer overflow
An off-by-one buffer overflow was found in the logging code in nfs-utils when adding a newline to the string being logged. This could allow an attacker to execute arbitrary code or cause a DoS (Denial of Service) on the server by sending certain RPC requests.
Mandrake alert: Updated apache2 packages fix multiple vulnerabilities
Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes:
Mandrake alert: Updated kernel packages fix multiple vulnerabilities
Multiple vulnerabilities were discovered and fixed in the Linux kernel.
« Previous ( 1 ... 524 525 526 527 528 529 530 531 532 533 534 ... 595 ) Next »