Showing headlines posted by dave
« Previous ( 1 ... 540 541 542 543 544 545 546 547 548 549 550 ... 595 ) Next »Mandrake alert: Updated util-linux packages provide stronger randomness in mcookie
The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the mcookie being more predictable than it would otherwise be. This patch has been removed in these updates, giving mcookie a better source of entropy and making the generated cookies less predictable. Thanks to Dirk Mueller for pointing this out.
Debian alert: New w3mmee-ssl packages fix cookie information leak
Hironori Sakamoto, one of the w3m developers, found two security
vulnerabilities in w3m and associated programs. The w3m browser does
not properly escape HTML tags in frame contents and img alt
attributes. A malicious HTML frame or img alt attribute may deceive a
user to send his local cookies which are used for configuration. The
information is not leaked automatically, though.
Red Hat alert: Updated fileutils package fixes race condition in recursive operations
New fileutils packages for Red Hat Linux 6.2, 7.0, 7.1, 7.2 and 7.3 fix a
race condition in recursive remove and move commands.
Red Hat alert: Updated PAM packages fix bug in pam_xauth module
Updated PAM packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and
8.0. These packages correct a bug in pam_xauth's handling of authorization
data for the root user.
Red Hat alert: Updated lynx packages fix CRLF injection vulnerability
Updated lynx packages are available that fix an error in the way lynx
parses its command line arguments, which can lead to faked headers being
sent to a web server.
Red Hat alert: Updated python packages fix predictable temporary file
An insecure use of a temporary file has been found in Python. This erratum
provides updated Python packages.
[updated Feb 12 2003]
Updated packages for Red Hat Linux 7.3 are available that fix a binary
incompatibility change in the original erratum packages that affected
redhat-config-users, and to add back the missing python-tools package.
Mandrake alert: Updated postgresql packages fix various buffer overflows
Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone.
Debian alert: New w3mmee packages fix cookie information leak
Hironori Sakamoto, one of w3m developers, found two security
vulnerabilities in w3m and associated programs. The w3m browser does
not properly escape HTML tags in frame contents and img alt
attributes. A malicious HTML frame or img alt attribute may deceive a
user to send his local cookies which are used for configuration. The
information is not leaked automatically, though.
Red Hat alert: Updated kernel-utils packages fix setuid vulnerability
An updated kernel-utils package is available that removes the setuid bits
incorrectly assigned to the uml_net binary.
Red Hat alert: Updated w3m packages fix cross-site scripting issues
New w3m packages are available that fix two cross-site scripting issues.
Red Hat alert: Updated Xpdf packages fix security vulnerability
Updated Xpdf packages are now available that fix a vulnerability in which a
maliciously-crafted pdf document could run arbitrary code.
Red Hat alert: Updated WindowMaker packages fix vulnerability in theme-loading
Updated packages are available to fix a vulnerability in WindowMaker.
Red Hat alert: Updated openldap packages available
Updated openldap packages are available which fix a number of local and
remote buffer overflows in libldap and the slapd and slurpd servers, and
potential issues stemming from using user-specified LDAP configuration files.
Mandrake alert: Updated slocate packages fix buffer overflow
A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7.
Mandrake alert: Updated kernel packages fix a number of bugs
An updated kernel for 9.0 is available with a number of bug fixes. Supermount has been completely overhauled and should be solid on all systems. Other fixes include XFS with high memory, a netfilter fix, a fix for Sony VAIO DMI, i845 should now work with UDMA, and new support for VIA C3 is included. Prism24 has been updated so it now works properly on HP laptops and a new ACPI is included, although it is disabled by default for broader compatibility.
Red Hat alert: Updated PHP packages available
Updated PHP packages are available that fix a vulnerability in the
wordwrap() function and a number of compatibility bugs.
Red Hat alert: Updated 2.4 kernel fixes various vulnerabilities
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now
available that fix an information leak from several ethernet drivers, and
a file system issue.
Mandrake alert: Updated MySQL packages fix DoS vulnerability
Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account.
Mandrake alert: Updated vim packages fix arbitrary command execution vulnerability
A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages.
Debian alert: New hypermail packages fix arbitrary code execution
Ulf Harnhammar discovered two problems in hypermail, a program to
create HTML archives of mailing lists.
« Previous ( 1 ... 540 541 542 543 544 545 546 547 548 549 550 ... 595 ) Next »