Showing headlines posted by dave
« Previous ( 1 ... 543 544 545 546 547 548 549 550 551 552 553 ... 595 ) Next »Mandrake alert: Updated libpng packages fix potential remote compromise
A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise.
Red Hat alert: Updated CVS packages available
Updated cvs packages are now available for Red Hat Linux 6.2, 7, 7.1, 7.2,
7.3, and 8.0. These updates close a vulnerability which would permit
arbitrary command execution on servers configured to allow anonymous
read-only access.
LinuxWorld NYC 2004 Preview
Get your hands on some great new Linux products this week in New York City.
I Can See Clearly Now, the Fonts Are Smooth
How to get and install Xft for smoother, eye-friendly fonts.
EFF Staff Technologist Seth Schoen to Teach Trusted Computing Class
Pre-register for all-day class on what's actually involved in trusted computing technologies.
Hacking Reality
"Reality is merely an illusion, albeit a very persistent one." --Albert Einstein
The Tk Text Widget
The powerful text widget in the Tk toolkit offers many facilities to writers of Tcl, Perl and Python scripts.
Automating Perl Database Applications
Using Perl and CGIScripter to generate multi-platform Perl CGI code.
Linux in Academic Labs Revisited
Using an X-based client server model to maintain network consistency.
The Return of Mini Book Reviews
Perl for work and for fun, an introduction to CVS and developing for Linux are covered in this round of mini book reviews.
SuSE alert: dhcp
The ISC (Internet Software Consortium) dhcp package is an imple- mentation of the "Dynamic Host Configuration Protocol" (DHCP). An internal source code audit done by ISC revealed several buffer overflows in the code which is responsible to handle dynamic DNS requests. These bugs allow an attacker to gain remote access to the dhcp server if the dynamic DNS feature is enabled. Dynamic DNS is not enabled by default on SuSE Linux.
Debian alert: New CUPS packages fix several vulnerabilities
Multiple vulnerabilities were discovered in the Common Unix Printing
System (CUPS). Several of these issues represent the potential for a
remote compromise or denial of service. The Common Vulnerabilities
and Exposures project identifies the following problems:
SuSE alert: susehelp
During a code review of the susehelp package the SuSE Security Team recognized that the security checks done by the susehelp CGI scripts are insufficient. Remote attackers can insert certain characters in CGI queries to the susehelp system tricking it into executing arbitrary code as the "wwwrun" user. Please note that this is only a vulnerability if you have a web server running and configured to allow access to the susehelp system by remote sites. We nevertheless recommend an update of this package. As a temporary workaround you may un-install the susehelp package by issuing the following command as root:
Slackware alert: New DHCP packages available
New DHCP packages are available for Slackware 8.1 and -current
to fix buffer overflow security problems.
Mandrake alert: Updated KDE packages fix multiple vulnerabilities
Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources.
Mandrake alert: Updated dhcp packages fix remote code execution vulnerability
Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable.
Debian alert: New dhcp3 packages fix arbitrary code execution
The Internet Software Consortium discoverd several vulnerabilities
during an audit of the ISC DHCP Daemon. The vulnerabilities exist in
error handling routines within the minires library and may be
exploitable as stack overflows. This could allow a remote attacker to
execute arbitrary code under the user id the dhcpd runs under, usually
root. Other DHCP servers than dhcp3 doesn't seem to be affected.
Debian alert: New bugzilla packages fix unauthorized data modification
Two vulnerabilities have been discovered in Bugzilla, a web-based bug
tracking system, by its authors. The Common Vulnerabilities and
Exposures Project identifies the following vulnerabilities:
Red Hat alert: Updated vim packages fix modeline vulnerability
Updated vim packages are now available for Red Hat Linux. These
updates resolve a security issue when opening a specially crafted text
file.
Red Hat alert: Updated dhcp packages fix security vulnerabilities
Several potential stack overflow vulnerabilities affect the ISC DHCPD
server. This advisory provides fixed packages for Red Hat Linux 8.0.
« Previous ( 1 ... 543 544 545 546 547 548 549 550 551 552 553 ... 595 ) Next »