Showing headlines posted by dave
« Previous ( 1 ... 527 528 529 530 531 532 533 534 535 536 537 ... 595 ) Next »Red Hat alert: Updated XFree86 packages provide security and bug fixes
XFree86 is an implementation of the X Window System providing the
core graphical user interface and video drivers.
Updated XFree86 packages for Red Hat Linux 7.3 are now available which
include several security fixes, bug fixes, enhancements, and driver updates.
Red Hat alert: Updated XFree86 packages provide security and bug fixes
Updated XFree86 packages for Red Hat Linux 8.0 are now available which
include several security fixes, bug fixes, enhancements, and driver
updates.
Red Hat alert: Updated ypserv packages fix a denial of service vulnerability
Updated ypserv packages fixing a denial of service vulnerability are now
available.
Debian alert: New tcptraceroute packages fix failure to drop root privileges
tcptraceroute is a setuid-root program which drops root privileges
after obtaining a file descriptor used for raw packet capture.
However, it did not fully relinquish all privileges, and in the event
of an exploitable vulnerability, root privileges could be regained.
Mandrake alert: Updated ethereal packages fix multiple vulnerabilities
A number of string handling bugs were found in the packet dissectors in ethereal that can be exploited using specially crafted packets to cause ethereal to consume excessive amounts of memory, crash, or even execute arbitray code.
Red Hat alert: Updated Netscape packages are now available
Updated Netscape 4.8 packages fixing various bugs and vulnerabilities are
now available.
Debian alert: New osh packages fix buffer overflows
Steve Kemp discovered that osh, a shell intended to restrict the
actions of the user, contains two buffer overflows, in processing
environment variables and file redirections. These vulnerabilities
could be used to execute arbitrary code, overriding any restrictions
placed on the shell.
Debian alert: New webfs packages fix buffer overflow
webfs, a lightweight HTTP server for static content, contains a buffer
overflow whereby a long Request-URI in an HTTP request could cause
arbitrary code to be executed.
Debian alert: New xbl packages fix buffer overflows
Steve Kemp discovered several buffer overflows in xbl, a game, which
can be triggered by long command line arguments. This vulnerability
could be exploited by a local attacker to gain gid 'games'.
Debian alert: New orville-write packages fix buffer overflows
Orville Write, a replacement for the standard write(1) command,
contains a number of buffer overflows. These could be exploited to
gain either gid tty or root privileges, depending on the configuration
selected when the package is installed.
Debian alert: New eldav packages fix insecure temporary file creation
eldav, a WebDAV client for Emacs, creates temporary files without
taking appropriate security precautions. This vulnerability could be
exploited by a local user to create or overwrite files with the
privileges of the user running emacs and eldav.
Red Hat alert: Updated Xpdf packages fix security vulnerability
Updated Xpdf packages are available that fix a vulnerability where a
malicious PDF document could run arbitrary code.
Slackware alert: 2.4.21 kernels available (SSA:2003-168-01)
Precompiled Linux 2.4.21 kernels and source packages are now available for
Slackware 9.0 and -current. These provide an improved version of the
ptrace fix that had been applied to 2.4.20 in Slackware 9.0 (for example,
command line options now appear correctly when root does 'ps ax'), and
fix a potential denial of service problem with netfilter.
Debian alert: New ethereal packages fix multiple vulnerabilities
Several of the packet dissectors in ethereal contain string handling
bugs which could be exploited using a maliciously crafted packet to
cause ethereal to consume excessive amounts of memory, crash, or
execute arbitrary code.
Debian alert: New jnethack packages fix buffer overflow, incorrect permissions
The jnethack package is vulnerable to a buffer overflow exploited via a
long '-s' command line option. This vulnerability could be used by an
attacker to gain gid 'games' on a system where jnethack is installed.
Mandrake alert: Updated BitchX packages fix DoS vulnerability
A Denial Of Service (DoS) vulnerability was discovered in BitchX that would allow a remote attacker to crash BitchX by changing certain channel modes. This vulnerability has been fixed in CVS and patched in the released updates.
Debian alert: New noweb packages fix insecure temporary file creation
Jakob Lell discovered a bug in the 'noroff' script included in noweb
whereby a temporary file was created insecurely. During a review,
several other instances of this problem were found and fixed. Any of
these bugs could be exploited by a local user to overwrite arbitrary
files owned by the user invoking the script.
Debian alert: New typespeed packages fix buffer overflow
typespeed is a game which challenges the player to type words
correctly and quickly. It contains a network play mode which allows
players on different systems to play competitively. The network code
contains a buffer overflow which could allow a remote attacker to
execute arbitrary code under the privileges of the user invoking
typespeed, in addition to gid games.
Mandrake alert: Updated gzip packages fix insecure temporary file creation
A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for gzexe which had been applied previously was incomplete. It has been fixed to make full use of mktemp everywhere a temporary file is created.
Mandrake alert: Updated ethereal packages fix multiple vulnerabilities
Several vulnerabilities in ethereal were discovered by Timo Sirainen. Integer overflows were found in the Mount and PPP dissectors, as well as one-byte buffer overflows in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors. These vulnerabilties were corrected in ethereal 0.9.12.
« Previous ( 1 ... 527 528 529 530 531 532 533 534 535 536 537 ... 595 ) Next »