Showing headlines posted by dave

« Previous ( 1 ... 535 536 537 538 539 540 541 542 543 544 545 ... 595 ) Next »

Red Hat alert: Updated kerberos packages fix various vulnerabilities

  • Mailing list (Posted by dave on Apr 2, 2003 12:57 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Kerberos packages for Red Hat Linux 9 fix a number of vulnerabilities found in MIT Kerberos.

Mandrake alert: Updated krb5 packages fix multiple vulnerabilities

Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows.

Mandrake alert: Updated sendmail packages fix local and remote vulnerability

Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users.

Mandrake alert: Updated mutt packages fix exploitable buffer overflow

A vulnerability was discovered in the mutt text-mode email client in the IMAP code. This vulnerability can be exploited by a malicious IMAP server to crash mutt or even execute arbitrary code with the privilege of the user running mutt.

Mandrake alert: Updated Eterm packages fix escape sequence insecurities

Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including Eterm. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise.

SuSE alert: sendmail

  • Mailing list (Posted by dave on Apr 1, 2003 7:46 AM EDT)
  • Story Type: Security; Groups: SUSE
sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SuSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SuSE products up to and including SuSE Linux 8.0 and the SuSE Linux Enterprise Server 7.

Red Hat alert: Updated vsftpd packages re-enable tcp_wrappers support

  • Mailing list (Posted by dave on Apr 1, 2003 6:59 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated vsftpd packages that re-enable tcp_wrappers support are available for Red Hat Linux 9.

Red Hat alert: New samba packages fix security vulnerabilities

  • Mailing list (Posted by dave on Apr 1, 2003 6:56 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Samba packages are now available to fix security vulnerabilities found during a code audit. [Updated 24 March 2003] Updated Samba packages for Red Hat Linux 6.2, 7, and 7.1 are now included. These packages contain Samba version

Red Hat alert: Updated OpenSSL packages fix vulnerabilities

  • Mailing list (Posted by dave on Apr 1, 2003 6:50 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated OpenSSL packages are available that fix a potential timing-based attack and a modified Bleichenbacher attack.

Red Hat alert: Updated dhcp packages fix possible packet storm

  • Mailing list (Posted by dave on Mar 31, 2003 8:21 AM EDT)
  • Story Type: Security; Groups: Red Hat
A potential remote denial of service attack affects version 3 of the ISC DHCPD server. This advisory provides fixed packages for Red Hat Linux 8.0.

Red Hat alert: Updated sendmail packages fix vulnerability

  • Mailing list (Posted by dave on Mar 31, 2003 8:14 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Sendmail packages are available to fix a vulnerability that allows local and possibly remote attackers to gain root privileges.

Red Hat alert: Updated Evolution packages fix multiple vulnerabilities

  • Mailing list (Posted by dave on Mar 31, 2003 7:13 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Evolution packages are available which fix several vulnerabilities. [Updated 22 March 2003] New packages are included for Red Hat Linux 7.3 as the previous erratum packages lost support for SSL. [Updated 31 March 2003] New packages included for Red Hat Linux 9.

Slackware alert: Mutt buffer overflow in IMAP support

The mutt mail client packages in Slackware 8.1 and 9.0 have been upgraded to mutt-1.4.1i to fix a security problem discovered by Core Security Technologies. This issue may allow a remote attacker controlling a malicious IMAP server to execute code on your machine as the user running mutt if you connect to the IMAP server using mutt.

Slackware alert: Sendmail buffer overflow fixed (NEW)

The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched to fix a security problem. Note that this vulnerablity is NOT the same one that was announced on March 3rd and requires a new fix.

Debian alert: New mutt packages fix arbitrary code execution

  • Mailing list (Posted by dave on Mar 28, 2003 7:15 AM EDT)
  • Story Type: Security; Groups: Debian
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.

Debian alert: New krb4 packages fix authentication failure

  • Mailing list (Posted by dave on Mar 28, 2003 3:12 AM EDT)
  • Story Type: Security; Groups: Debian
A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure.

Debian alert: New dietlibc packages fix arbitrary code execution

  • Mailing list (Posted by dave on Mar 27, 2003 9:41 PM EDT)
  • Story Type: Security; Groups: Debian
eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function of glibc, that is also present in dietlibc, a small libc useful especially for small and embedded systems. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code.

Mandrake alert: Updated kernel22 packages fix multiple vulnerabilities

A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release.

Mandrake alert: Updated 2,4 kernel packages fix ptrace vulnerability

A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module.

Debian alert: New ecartis and listar packages fix password change vulnerability

  • Mailing list (Posted by dave on Mar 27, 2003 2:56 AM EDT)
  • Story Type: Security; Groups: Debian
A problem has been discovered in ecartis, a mailing list manager, formerly known as listar. This vulnerability enables an attacker to reset the password of any user defined on the list server, including the list admins.

« Previous ( 1 ... 535 536 537 538 539 540 541 542 543 544 545 ... 595 ) Next »