Showing headlines posted by dave
« Previous ( 1 ... 541 542 543 544 545 546 547 548 549 550 551 ... 595 ) Next »Red Hat alert: Updated kerberos packages fix vulnerability in ftp client
Updated packages fix a vulnerability found in the Kerberos ftp client
distributed with the Red Hat Linux krb5 packages.
Debian alert: New courier packages fix SQL injection
The developers of courier, an integrated user side mail server,
discovered a problem in the PostgreSQL auth module. Not all
potentially malicious characters were sanitized before the username
was passed to the PostgreSQL engine. An attacker could inject
arbitrary SQL commands and queries exploiting this vulnerability. The
MySQL auth module is not affected.
Debian alert: New tomcat packages fix information exposure and cross site scripting
The developers of tomcat discovered several problems in tomcat version
3.x. The Common Vulnerabilities and Exposures project identifies the
following problems:
Debian alert: New dhcp3 packages fix potential network flood
Florian Lohoff discovered a bug in the dhcrelay causing it to send a
continuing packet storm towards the configured DHCP server(s) in case
of a malicious BOOTP packet, such as sent from buggy Cisco switches.
Mandrake alert: Updated fetchmail packages fix remote exploit vulnerability
A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail.
Debian alert: New noffle packages fix buffer overflows
Dan Jacobson noticed a problem in noffle, an offline news server, that
leads to a segmentation fault. It is not yet clear whether this
problem is exploitable. However, if it is, a remote attacker could
trigger arbitrary code execution under the user that calls noffle,
probably news.
Debian alert: New kdemultimedia packages fix several vulnerabilities
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.
Debian alert: New kdebase packages fix several vulnerabilities
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.
Debian alert: New kdeutils packages fix several vulnerabilities
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.
Debian alert: New kdegames packages fix several vulnerabilities
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.
Debian alert: New kdesdk packages fix several vulnerabilities
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.
Debian alert: New kdepim packages fix several vulnerabilities
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.
Debian alert: New kdenetwork packages fix several vulnerabilities
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.
SuSE alert: cvs
CVS (Concurrent Versions System) is a version control system which helps to manage concurrent editing of files by various authors. Stefan Esser of e-matters reported a "double free" bug in CVS server code for handling directory requests. This free() call allows an attacker with CVS read access to compromise a CVS server. Additionally two features ('Update-prog' and 'Checkin-prog') were disabled to stop clients with write access to execute arbitrary code on the server. These features may be configurable at run-time in future releases of CVS server.
Debian alert: New kdelibs packages fix several vulnerabilities
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.
Debian alert: New kdegraphics packages fix several vulnerabilities
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.
Debian alert: New kdeadmin packages fix several vulnerabilities
The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.
Mandrake alert: Updated printer-drivers packages fix local vulnerabilities
Karol Wiesek and iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem.
Slackware alert: New CVS packages available
New cvs packages are available to fix a security vulnerability.
Red Hat alert: Updated python packages fix predictable temporary file
An insecure use of a temporary file has been found in Python. This erratum
provides updated Python packages.
« Previous ( 1 ... 541 542 543 544 545 546 547 548 549 550 551 ... 595 ) Next »