Showing headlines posted by dave

« Previous ( 1 ... 543 544 545 546 547 548 549 550 551 552 553 ... 595 ) Next »

Mandrake alert: Updated libpng packages fix potential remote compromise

A buffer overflow vulnerability was discovered in libpng due to a wrong calculation of some loop offset values. This buffer overflow can lead to Denial of Service or even remote compromise.

Red Hat alert: Updated CVS packages available

  • Mailing list (Posted by dave on Jan 20, 2003 12:25 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated cvs packages are now available for Red Hat Linux 6.2, 7, 7.1, 7.2, 7.3, and 8.0. These updates close a vulnerability which would permit arbitrary command execution on servers configured to allow anonymous read-only access.

LinuxWorld NYC 2004 Preview

  • Linux Journal (Posted by dave on Jan 20, 2003 8:00 AM EDT)
  • Story Type: News Story
Get your hands on some great new Linux products this week in New York City.

I Can See Clearly Now, the Fonts Are Smooth

  • Linux Journal (Posted by dave on Jan 20, 2003 8:00 AM EDT)
  • Story Type: News Story
How to get and install Xft for smoother, eye-friendly fonts.

EFF Staff Technologist Seth Schoen to Teach Trusted Computing Class

  • Linux Journal (Posted by dave on Jan 20, 2003 8:00 AM EDT)
  • Story Type: News Story
Pre-register for all-day class on what's actually involved in trusted computing technologies.

Hacking Reality

  • Linux Journal (Posted by dave on Jan 20, 2003 8:00 AM EDT)
  • Story Type: News Story
"Reality is merely an illusion, albeit a very persistent one." --Albert Einstein

The Tk Text Widget

  • Linux Journal (Posted by dave on Jan 20, 2003 8:00 AM EDT)
  • Story Type: News Story
The powerful text widget in the Tk toolkit offers many facilities to writers of Tcl, Perl and Python scripts.

Automating Perl Database Applications

  • Linux Journal (Posted by dave on Jan 20, 2003 8:00 AM EDT)
  • Story Type: News Story
Using Perl and CGIScripter to generate multi-platform Perl CGI code.

Linux in Academic Labs Revisited

  • Linux Journal (Posted by dave on Jan 20, 2003 8:00 AM EDT)
  • Story Type: News Story
Using an X-based client server model to maintain network consistency.

The Return of Mini Book Reviews

  • Linux Journal (Posted by dave on Jan 20, 2003 8:00 AM EDT)
  • Story Type: News Story
Perl for work and for fun, an introduction to CVS and developing for Linux are covered in this round of mini book reviews.

SuSE alert: dhcp

  • Mailing list (Posted by dave on Jan 20, 2003 7:46 AM EDT)
  • Story Type: Security; Groups: SUSE
The ISC (Internet Software Consortium) dhcp package is an imple- mentation of the "Dynamic Host Configuration Protocol" (DHCP). An internal source code audit done by ISC revealed several buffer overflows in the code which is responsible to handle dynamic DNS requests. These bugs allow an attacker to gain remote access to the dhcp server if the dynamic DNS feature is enabled. Dynamic DNS is not enabled by default on SuSE Linux.

Debian alert: New CUPS packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jan 20, 2003 6:48 AM EDT)
  • Story Type: Security; Groups: Debian
Multiple vulnerabilities were discovered in the Common Unix Printing System (CUPS). Several of these issues represent the potential for a remote compromise or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems:

SuSE alert: susehelp

  • Mailing list (Posted by dave on Jan 20, 2003 4:39 AM EDT)
  • Story Type: Security; Groups: SUSE
During a code review of the susehelp package the SuSE Security Team recognized that the security checks done by the susehelp CGI scripts are insufficient. Remote attackers can insert certain characters in CGI queries to the susehelp system tricking it into executing arbitrary code as the "wwwrun" user. Please note that this is only a vulnerability if you have a web server running and configured to allow access to the susehelp system by remote sites. We nevertheless recommend an update of this package. As a temporary workaround you may un-install the susehelp package by issuing the following command as root:

Slackware alert: New DHCP packages available

New DHCP packages are available for Slackware 8.1 and -current to fix buffer overflow security problems.

Mandrake alert: Updated KDE packages fix multiple vulnerabilities

Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources.

Mandrake alert: Updated dhcp packages fix remote code execution vulnerability

Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable.

Debian alert: New dhcp3 packages fix arbitrary code execution

  • Mailing list (Posted by dave on Jan 17, 2003 4:45 AM EDT)
  • Story Type: Security; Groups: Debian
The Internet Software Consortium discoverd several vulnerabilities during an audit of the ISC DHCP Daemon. The vulnerabilities exist in error handling routines within the minires library and may be exploitable as stack overflows. This could allow a remote attacker to execute arbitrary code under the user id the dhcpd runs under, usually root. Other DHCP servers than dhcp3 doesn't seem to be affected.

Debian alert: New bugzilla packages fix unauthorized data modification

  • Mailing list (Posted by dave on Jan 16, 2003 6:51 AM EDT)
  • Story Type: Security; Groups: Debian
Two vulnerabilities have been discovered in Bugzilla, a web-based bug tracking system, by its authors. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities:

Red Hat alert: Updated vim packages fix modeline vulnerability

  • Mailing list (Posted by dave on Jan 16, 2003 5:32 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated vim packages are now available for Red Hat Linux. These updates resolve a security issue when opening a specially crafted text file.

Red Hat alert: Updated dhcp packages fix security vulnerabilities

  • Mailing list (Posted by dave on Jan 15, 2003 11:41 PM EDT)
  • Story Type: Security; Groups: Red Hat
Several potential stack overflow vulnerabilities affect the ISC DHCPD server. This advisory provides fixed packages for Red Hat Linux 8.0.

« Previous ( 1 ... 543 544 545 546 547 548 549 550 551 552 553 ... 595 ) Next »