Showing headlines posted by dave
« Previous ( 1 ... 533 534 535 536 537 538 539 540 541 542 543 ... 595 ) Next »Debian alert: New rinetd packages fix denial of service
Sam Hocevar discovered a security problem in rinetd, an IP connection
redirection server. When the connection list is full, rinetd resizes
the list in order to store the new incoming connection. However, this
is done improperly, resulting in a denial of service and potentially
execution of arbitrary code.
Debian alert: New OpenSSL packages fix decipher vulnerability
Researchers discovered two flaws in OpenSSL, a Secure Socket Layer
(SSL) library and related cryptographic tools. Applications that are
linked against this library are generally vulnerable to attacks that
could leak the server's private key or make the encrypted session
decryptable otherwise. The Common Vulnerabilities and Exposures (CVE)
project identified the following vulnerabilities:
Mandrake alert: Updated eog packages fix arbitrary command execution
A vulnerability was discovered in the Eye of GNOME (EOG) program, version 2.2.0 and earlier, that is used for displaying graphics. A carefully crafted filename passed to eog could lead to the execution of arbitrary code as the user executing eog.
Mandrake alert: Updated xfsdump packages fix insecure file creation
A vulnerability was discovered in xfsdump by Ethan Benson related to filesystem quotas on the XFS filesystem. When xfsdump runs xfsdq to save the quota information into a file at the root of the filesystem being dumped, the file is created in an unsafe manner.
Mandrake alert: Updated gtkhtml packages fix vulnerability
A vulnerability in GtkHTML was discovered by Alan Cox with the Evolution email client. GtkHTML is used to handle HTML messages in Evolution and certain malformed messages could cause Evolution to crash due to this bug.
Mandrake alert: Updated evolution packages fix multiple vulnerabilities
Several vulnerabilities were discovered in the Evolution email client. These problems make it possible for a carefully constructed email message to crash the program, causing general system instability by starving resources.
Debian alert: New lpr packages fix local root exploit (potato)
The correction for CAN-2003-0144 for the old stable distribution
(potato) was a little bit too strict apparently and this update
corrects this. For completeness here is the advisory text:
Debian alert: New EPIC packages fix DoS and arbitrary code execution
Timo Sirainen discovered several problems in EPIC, a popular client
for Internet Relay Chat (IRC). A malicious server could craft special
reply strings, triggering the client to write beyond buffer
boundaries. This could lead to a denial of service if the client only
crashes, but may also lead to executing of arbitrary code under the
user id of the chatting user.
Debian alert: New EPIC packages fix DoS and arbitrary code execution
Timo Sirainen discovered several problems in EPIC, a popular client
for Internet Relay Chat (IRC). A malicious server could craft special
reply strings, triggering the client to write beyond buffer
boundaries. This could lead to a denial of service if the client only
crashes, but may also lead to executing of arbitrary code under the
user id of the chatting user.
Debian alert: New gs-common packages fix insecure temporary file creation
Paul Szabo discovered insecure creation of a temporary file in
ps2epsi, a script that is distributed as part of gs-common which
contains common files for different Ghostscript releases. ps2epsiuses
a temporary file in the process of invoking ghostscript. This file
was created in an insecure fashion, which could allow a local attacker
to overwrite files owned by a user who invokes ps2epsi.
Debian alert: New lprng packages fix insecure temporary file creation
Karol Lewandowski discovered that psbanner, a printer filter that
creates a PostScript format banner and is part of LPRng, insecurely
creates a temporary file for debugging purpose when it is configured
as filter. The program does not check whether this file already
exists or is linked to another place writes its current environment
and called arguments to the file unconditionally with the user id
daemon.
Debian alert: New kdegraphics packages fix arbitrary command execution
The KDE team discoverd a vulnerability in the way KDE uses Ghostscript
software for processing of PostScript (PS) and PDF files. An attacker
could provide a malicious PostScript or PDF file via mail or websites
that could lead to executing arbitrary commands under the privileges
of the user viewing the file or when the browser generates a directory
listing with thumbnails.
Debian alert: New xfsdump packages fix insecure file creation
Ethan Benson discovered a problem in xfsdump, that contains
administrative utilities for the XFS filesystem. When filesystem
quotas are enabled xfsdump runs xfsdq to save the quota information
into a file at the root of the filesystem being dumped. The manner in
which this file is created is unsafe.
Red Hat alert: Updated glibc packages fix vulnerabilities in RPC XDR decoder
Updated glibc packages are available to fix an integer overflow in the XDR
decoder.
Mandrake alert: Updated 2.4 kernel packages fix ptrace vulnerability
A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module.
Red Hat alert: Updated httpd packages fix security vulnerabilities.
Updated httpd packages which fix a number of security issues are
now available for Red Hat Linux 8.0 and 9.
Debian alert: New heimdal packages fix authentication failure
Due to overzealous applied patches, the security update DSA 269-1
introduced problems in some installations, causing the hprop service
to fail. This is corrected with the update below.
Debian alert: New glibc packages fix arbitrary code execution
eEye Digital Security discovered an integer overflow in the
xdrmem_getbytes() function which is also present in GNU libc. This
function is part of the XDR (external data representation)
encoder/decoder derived from Sun's RPC implementation. Depending upon
the application, this vulnerability can cause buffer overflows and
could possibly be exploited to execute arbitray code.
Red Hat alert: Updated 2.4 kernel fixes USB storage
Updated kernel packages for Red Hat Linux 9 are now available.
The kernel package version
Red Hat alert: New samba packages fix security vulnerability
Updated Samba packages that fix a security vulnerability are now available.
[Updated 9 April 2003]
Fixed Samba packages for Red Hat Linux 7.1 have been added to this erratum.
« Previous ( 1 ... 533 534 535 536 537 538 539 540 541 542 543 ... 595 ) Next »