Showing headlines posted by dave

« Previous ( 1 ... 541 542 543 544 545 546 547 548 549 550 551 ... 595 ) Next »

Red Hat alert: Updated kerberos packages fix vulnerability in ftp client

  • Mailing list (Posted by dave on Jan 30, 2003 11:43 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages fix a vulnerability found in the Kerberos ftp client distributed with the Red Hat Linux krb5 packages.

Debian alert: New courier packages fix SQL injection

  • Mailing list (Posted by dave on Jan 30, 2003 5:46 AM EDT)
  • Story Type: Security; Groups: Debian
The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiting this vulnerability. The MySQL auth module is not affected.

Debian alert: New tomcat packages fix information exposure and cross site scripting

  • Mailing list (Posted by dave on Jan 29, 2003 6:36 AM EDT)
  • Story Type: Security; Groups: Debian
The developers of tomcat discovered several problems in tomcat version 3.x. The Common Vulnerabilities and Exposures project identifies the following problems:

Debian alert: New dhcp3 packages fix potential network flood

  • Mailing list (Posted by dave on Jan 28, 2003 5:19 AM EDT)
  • Story Type: Security; Groups: Debian
Florian Lohoff discovered a bug in the dhcrelay causing it to send a continuing packet storm towards the configured DHCP server(s) in case of a malicious BOOTP packet, such as sent from buggy Cisco switches.

Mandrake alert: Updated fetchmail packages fix remote exploit vulnerability

A vulnerability was discovered in all versions of fetchmail prior to 6.2.0 that allows a remote attacker to crash fetchmail and potentially execute arbitrary code by sending carefully crafted email wihch is then parsed by fetchmail. The vulnerability has been fixed in these patched packages of fetchmail.

Debian alert: New noffle packages fix buffer overflows

  • Mailing list (Posted by dave on Jan 27, 2003 6:26 AM EDT)
  • Story Type: Security; Groups: Debian
Dan Jacobson noticed a problem in noffle, an offline news server, that leads to a segmentation fault. It is not yet clear whether this problem is exploitable. However, if it is, a remote attacker could trigger arbitrary code execution under the user that calls noffle, probably news.

Debian alert: New kdemultimedia packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 24, 2003 7:03 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdebase packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 24, 2003 6:08 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdeutils packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 24, 2003 4:38 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdegames packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 9:51 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdesdk packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 6:56 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdepim packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 5:12 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdenetwork packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 23, 2003 4:57 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

SuSE alert: cvs

  • Mailing list (Posted by dave on Jan 22, 2003 7:38 AM EDT)
  • Story Type: Security; Groups: SUSE
CVS (Concurrent Versions System) is a version control system which helps to manage concurrent editing of files by various authors. Stefan Esser of e-matters reported a "double free" bug in CVS server code for handling directory requests. This free() call allows an attacker with CVS read access to compromise a CVS server. Additionally two features ('Update-prog' and 'Checkin-prog') were disabled to stop clients with write access to execute arbitrary code on the server. These features may be configurable at run-time in future releases of CVS server.

Debian alert: New kdelibs packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 22, 2003 5:36 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdegraphics packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 22, 2003 5:26 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Debian alert: New kdeadmin packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 22, 2003 5:17 AM EDT)
  • Story Type: Security; Groups: Debian
The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.

Mandrake alert: Updated printer-drivers packages fix local vulnerabilities

Karol Wiesek and iDefense disovered three vulnerabilities in the printer-drivers package and tools it installs. These vulnerabilities allow a local attacker to empty or create any file on the filesystem.

Slackware alert: New CVS packages available

New cvs packages are available to fix a security vulnerability.

Red Hat alert: Updated python packages fix predictable temporary file

  • Mailing list (Posted by dave on Jan 21, 2003 11:00 AM EDT)
  • Story Type: Security; Groups: Red Hat
An insecure use of a temporary file has been found in Python. This erratum provides updated Python packages.

« Previous ( 1 ... 541 542 543 544 545 546 547 548 549 550 551 ... 595 ) Next »