Showing headlines posted by dave
« Previous ( 1 ... 534 535 536 537 538 539 540 541 542 543 544 ... 595 ) Next »Debian alert: New xftp packages fix arbitrary code execution
Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp
respectively), an Athena X interface to http://FTP. Insufficient bounds
checking could lead to execution of arbitrary code, provided by a
malicious FTP server. Erik Tews fixed this.
Red Hat alert: Updated mgetty packages available
Updated mgetty packages are now available for Red Hat Linux 7.1,
7.2, 7.3, and 8.0. These updates close a possible buffer overflow and a
permissions problem present in versions of mgetty prior to version 1.1.29.
Red Hat alert: New samba packages fix security vulnerability
Updated Samba packages that fix a security vulnerability are now available
for Red Hat Linux 7.2, 7.3, 8.0, and 9. Packages for Red Hat Linux 7.1
will be added shortly.
Slackware alert: Samba security problem fixed
The samba packages in Slackware 8.1 and 9.0 have been upgraded to
Samba 2.2.8a to fix a security problem.
SuSE alert: samba
Digital Defense Inc. have discovered a buffer overflow in the samba file server, the widely spread implementation of the SMB protocol. The flaw allows a remote attacker to execute arbitrary commands as root on a server that runs a vulnerable version of samba. The vulnerability is known as DDI trans2.c overflow bug and is assigned the CVE ID CAN-2003-0201. Since this vulnerability was found during an analysis of an exploit happening in the wild, it should be assumed that exploits are circulating in the internet.
Debian alert: New samba packages fix remote root exploit
Digital Defense, Inc. has alerted the Samba Team to a serious
vulnerability in, a LanManager-like file and printer server for Unix.
This vulnerability can lead to an anonymous user gaining root access
on a Samba serving system. An exploit for this problem is already
circulating and in use.
Mandrake alert: Updated samba packages fix remote root vulnerability
An exploitable buffer overflow was discovered in the Samba server that can lead to an anonymous remote root compromise. The Samba Team also discovered some potential overflows during an internal code audit which was done in response to the previously noted buffer overflow problem.
Announcing Red Hat Linux 9
Red Hat, Inc. (Nasdaq:RHAT), the world's
premier open source and Linux provider, today announced the availability
of Red Hat Linux 9. Drawing from the work of the open source community,
Red Hat Linux 9 allows users to take advantage of the newest open source
technology first. With an improved graphical installation, new usability
enhancements and end-user applications, Red Hat Linux 9 is designed for
students, home computing and technology enthusiasts.
Debian alert: New metrics packages fix insecure temporary file creation
Paul Szabo and Matt Zimmerman discoverd two similar problems in
metrics, a tools for software metrics. Two scripts in this package,
"halstead" and "gather_stats", open temporary files without taking
appropriate security precautions. "halstead" is installed as a user
program, while "gather_stats" is only used in an auxiliary script
included in the source code. These vulnerabilities could allow a
local attacker to overwrite files owned by the user running the
scripts, including root.
Debian alert: New mutt packages fix arbitrary code execution in potato
Byrial Jensen discovered a couple of off-by-one buffer overflow in the
IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME,
GPG, PGP and threading. This problem could potentially allow a remote
malicious IMAP server to cause a denial of service (crash) and
possibly execute arbitrary code via a specially crafted mail folder.
Debian alert: New sendmail packages fix DoS and arbitrary code execution
This is a major brown paperbag update. The old packages for the
stable distribution (woody) did not work as expected and you should
only update to the neww packages mentioned in this advisory. The
packages in the old stable distribution (potato) are working
properly. I'm awfully sorry for the inconvenience.
Debian alert: New sendmail packages fix denial of service
Michal Zalewski discovered a buffer overflow, triggered by a char to
int conversion, in the address parsing code in sendmail, a widely used
powerful, efficient, and scalable mail transport agent. This problem
is potentially remotely exploitable.
SuSE alert: openssl
Researchers from the University of Stanford have discovered certain weaknesses in OpenSSL's RSA decryption algorithm. It allows remote attackers to compute the private RSA key of a server by observing its timing behavior. This bug has been fixed by enabling "RSA blinding", by default. Additionally an extension of the "Bleichenbacher attack" has been developed by Czech researchers against OpenSSL. This weakness has also been fixed.
Red Hat alert: Updated balsa and mutt packages fix vulnerabilities
New Balsa, Mutt, and libesmtp packages that fix potential buffer overflow
vulnerabilities are now available.
Debian alert: New apcupsd packages fix remote root exploit
The controlling and management daemon apcupsd for APC's Unbreakable
Power Supplies is vulnerable to several buffer overflows and format
string attacks. These bugs can be exploited remotely by an attacker to gain root
access to the machine apcupsd is running on.
Debian alert: New Linux kernel packages (s390) fix local root exploit
The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw
in ptrace. This hole allows local users to obtain root privileges by
using ptrace to attach to a child process that is spawned by the
kernel. Remote exploitation of this hole is not possible.
Red Hat alert: Updated NetPBM packages fix multiple vulnerabilities
Updated NetPBM packages are available that fix a number of vulnerabilities
in the netpbm libraries.
Red Hat alert: Updated Eye of GNOME packages fix vulnerability
Updated eog packages that fix a security vulnerability are now available.
End of Life: Red Hat Linux 6.2, 7
In accordance with our errata support policy the Red Hat Linux 6.2 and Red
Hat Linux 7 distributions have now reached their end-of-life for errata
maintenance. This means that we will no longer be producing security,
bugfix, or enhancement updates for these products.
Debian alert: New lpr-ppd packages fix local root exploit
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line
printer spooling system. This problem can be exploited by a local
user to gain root privileges, even if the printer system is set up
properly.
« Previous ( 1 ... 534 535 536 537 538 539 540 541 542 543 544 ... 595 ) Next »