Showing headlines posted by dave

« Previous ( 1 ... 524 525 526 527 528 529 530 531 532 533 534 ... 595 ) Next »

SuSE alert: wuftpd

  • Mailing list (Posted by dave on Jul 31, 2003 9:24 AM EDT)
  • Story Type: Security; Groups: SUSE
Janusz Niewiadomski and Wojciech Purczynski of iSEC Security Research have found a single byte buffer overflow in the Washington University ftp daemon (wuftpd), a widely used ftp server for Linux-like systems. It is yet unclear if this bug is (remotely) exploitable. Positive exploitability may result in a remote root compromise of a system running the wuftpd ftp daemon.

Red Hat alert: Updated wu-ftpd packages fix remote vulnerability.

  • Mailing list (Posted by dave on Jul 31, 2003 8:18 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated wu-ftpd packages are now available that fix a remotely exploitable security issue.

Debian alert: New xtokkaetama packages fix buffer overflows

  • Mailing list (Posted by dave on Jul 30, 2003 7:04 PM EDT)
  • Story Type: Security; Groups: Debian
Steve Kemp discovered two buffer overflows in xtokkaetama, a puzzle game, when processing the -display command line option and the XTOKKAETAMADIR environment variable. These vulnerabilities could be exploited by a local attacker to gain gid 'games'.

Debian alert: New gallery packages fix cross-site scripting

  • Mailing list (Posted by dave on Jul 30, 2003 3:24 PM EDT)
  • Story Type: Security; Groups: Debian
Larry Nguyen discovered a cross site scripting vulnerability in gallery, a web-based photo album written in php. This security flaw can allow a malicious user to craft a URL that executes Javascript code on your website.

Debian alert: New xconq packages fix buffer overflows

  • Mailing list (Posted by dave on Jul 29, 2003 3:33 PM EDT)
  • Story Type: Security; Groups: Debian
Steve Kemp discovered a buffer overflow in xconq, in processing the USER environment variable. In the process of fixing this bug, a similar problem was discovered with the DISPLAY environment variable. This vulnerability could be exploited by a local attacker to gain gid 'games'.

Red Hat alert: Updated openssh packages available

  • Mailing list (Posted by dave on Jul 29, 2003 9:14 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated OpenSSH packages are now available. These updates close an information leak caused by sshd's interaction with the PAM system.

Debian alert: New sup packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Jul 29, 2003 4:40 AM EDT)
  • Story Type: Security; Groups: Debian
sup, a package used to maintain collections of files in identical versions across machines, fails to take appropriate security precautions when creating temporary files. A local attacker could exploit this vulnerability to overwrite arbitrary files with the privileges of the user running sup.

Red Hat alert: Updated stunnel packages fix signal vulnerability

  • Mailing list (Posted by dave on Jul 25, 2003 5:15 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated stunnel packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. These updates correct a potential vulnerability in stunnel's signal handling.

Mandrake alert: Updated kernel packages fix multiple vulnerabilities

Multiple vulnerabilities were discovered and fixed in the Linux kernel.

Red Hat alert: Updated semi packages fix vulnerability

  • Mailing list (Posted by dave on Jul 23, 2003 8:34 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated semi packages that fix vulnerabilities in semi's temporary file handling are now available for Red Hat Linux 7.1, 7.2, and 7.3.

Debian alert: New fdclone packages fix insecure temporary directory usage

  • Mailing list (Posted by dave on Jul 22, 2003 3:49 PM EDT)
  • Story Type: Security; Groups: Debian
fdclone creates a temporary directory in /tmp as a workspace. However, if this directory already exists, the existing directory is used instead, regardless of its ownership or permissions. This would allow an attacker to gain access to fdclone's temporary files and their contents, or replace them with other files under the attacker's control.

Mandrake alert: Updated mpg123 packages fix vulnerability

A vulnerability in the mpg123 mp3 player could allow local and/or remote attackers to cause a DoS and possibly execute arbitrary code via an mp3 file with a zero bitrate, which causes a negative frame size.

Mandrake alert: Updated xpdf packages fix arbitrary code execution vulnerability

Martyn Gilmore discovered flaws in various PDF viewers, including xpdf. An attacker could place malicious external hyperlinks in a document that, if followed, could execute arbitary shell commands with the privileges of the person viewing the PDF document. Update: New packages are available as the previous patches that had been applied did not correct all possible ways of exploiting this issue.

Mandrake alert: MDKSA-2003:077 correction

The advisory announced this morning (MDKSA-2003:077 for phpgroupware) contains an incorrect CVE name which referenced a mpg123 vulnerability.

Mandrake alert: Updated phpgroupware packages fix multiple vulnerabilities

Several vulnerabilities were discovered in all versions of phpgroupware prior to 0.9.14.006. This latest version fixes an exploitable condition in all versions that can be exploited remotely without authentication and can lead to arbitrary code execution on the web server. This vulnerability is being actively exploited.

Red Hat alert: Updated Mozilla packages fix security vulnerability.

  • Mailing list (Posted by dave on Jul 21, 2003 7:46 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Mozilla packages fixing various bugs and security issues are now available. [Updated 18 July 2003] Our Mozilla packages were found to be incompatible with Galeon. Updated versions of Galeon are now included for Red Hat Linux 7.2, 7.3, and 8.0. In addition new builds of Mozilla for Red Hat Linux 8.0 are included as the previous packages were built with the wrong compiler.

Red Hat alert: Updated 2.4 kernel fixes vulnerabilities

  • Mailing list (Posted by dave on Jul 21, 2003 7:39 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated kernel packages are now available fixing several security vulnerabilities.

Mandrake alert: Updated nfs-utils packages fix buffer overflow

An off-by-one buffer overflow was found in the logging code in nfs-utils when adding a newline to the string being logged. This could allow an attacker to execute arbitrary code or cause a DoS (Denial of Service) on the server by sending certain RPC requests.

Mandrake alert: Updated apache2 packages fix multiple vulnerabilities

Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes:

Mandrake alert: Updated kernel packages fix multiple vulnerabilities

Multiple vulnerabilities were discovered and fixed in the Linux kernel.

« Previous ( 1 ... 524 525 526 527 528 529 530 531 532 533 534 ... 595 ) Next »