Showing headlines posted by dave
« Previous ( 1 ... 551 552 553 554 555 556 557 558 559 560 561 ... 595 ) Next »Red Hat alert: Updated analog packages are available
Updated packages for analog are available which fix a cross-site
scripting problem and a denial of service problem.
Mandrake alert: kdelibs update
A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, javascript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. This is fixed in KDE 3.0.3a, and the KDE team provided a patch for KDE 2.2.2. This patch has been applied to the following packages. After upgrading kdelibs, you must restart KDE in order for the fix to work.
Debian alert: New bugzilla packages fix privilege escalation
The developers of Bugzilla, a web-based bug tracking system,
discovered a problem in the handling of more than 47 groups. When a
new product is added to an installation with 47 groups or more and
"usebuggroups" is enabled, the new group will be assigned a groupset
bit using Perl math that is not exact beyond 2^48. This results in
the new group being defined with a "bit" that has several bits set.
As users are given access to the new group, those users will also gain
access to spurious lower group privileges. Also, group bits were not
always reused when groups were deleted.
Debian alert: New fetchmail packages fix buffer overflows
Package : fetchmail, fetchmail-ssl
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
Debian alert: New ht://Check packages fix cross site scripting problem
Package : htcheck
Vulnerability : cross site scripting
Problem-Type : remote
Debian-specific: no
Debian alert: New tkmail packages fix insecure temporary file creation
It has been discovered that tkmail creates temporary files insecurely.
Exploiting this an attacker with local access can easily create and
overwrite files as another user.
Red Hat alert: Updated fetchmail packages fix vulnerabilities
Updated fetchmail packages are available for Red Hat Linux 6.2, 7, 7.1,
7.2, 7.3, and 8.0 which close a remotely-exploitable vulnerability in
unpatched versions of fetchmail prior to 6.1.0.
SuSE alert: mod_php4
PHP is a well known and widely used web programming language. If a PHP script runs in "safe mode" several restrictions are applied to it including limits on execution of external programs.
SuSE alert: hylafax
HylaFAX is a client-server architecture for receiving and sending facsimiles.
Debian alert: New tomcat packages fix unintended source code disclosure
A security vulnerability has been found in all Tomcat 4.x releases.
This problem allows an attacker to use a specially crafted URL to
return the unprocessed source code of a JSP page, or, under special
circumstances, a static resource which would otherwise have been
protected by security constraints, without the need for being properly
authenticated.
Red Hat alert: Updated packages fix PostScript and PDF security issue
Updated packages for ggv fix a local buffer overflow
when reading malformed PDF or PostScript files.
Red Hat alert: Updated tcpdump packages fix buffer overflow
Updated tcpdump, libpcap, and arpwatch packages are available for Red
Hat Linux 6.2 and 7.x. These updates close a buffer overflow when handling
NFS packets.
[Update 3 October 2002]
Replacement packages have been added for Red Hat Linux 6.2 as the previous
packages could not be installed with the version of RPM that shipped with
Red Hat Linux 6.
Red Hat alert: Updated nss_ldap packages fix buffer overflow
Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7, 7.1,
7.2, and 7.3. These updates fix a potential buffer overflow which can occur
when nss_ldap is set to configure itself using information stored in DNS,
a format string bug in logging functions used in pam_ldap, and to properly
handle truncated DNS responses.
Red Hat alert: Updated glibc packages fix vulnerabilities in resolver
Updated glibc packages are available to fix a buffer overflow in the
resolver.
Mandrake alert: fetchmail update
Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done with the same privilege as the user running fetchmail.
Mandrake alert: postgresql update
Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS.
SuSE alert: heimdal
The Heimdal package is a free Kerberos implementation offering flexible authentication mechanisms based on the Kerberos 5 and Kerberos 4 scheme. The SuSE Security Team has reviewed critical parts of the Heimdal package such as the kadmind and kdc server. While doing so several possible buffer overflows and other bugs have been uncovered and fixed. Remote attackers can probably gain remote root access on unpatched systems. Since these services run usually on authentication servers we consider these bugs to be very serious. An update is strongly recommended if you are using the Heimdal package.
Red Hat releases Red Hat Linux 8.0
RALEIGH, NC-September 30, 2002-Red Hat, Inc. (Nasdaq:RHAT) today
released Red Hat Linux 8.0, a highly versatile operating system
designed for personal and small business computing. Red Hat Linux 8.0
combines leading-edge Linux technologies with a new graphical look and
feel that offers users a polished, easy-to-use operating environment.
Red Hat alert: Updated unzip and tar packages fix vulnerabilities
The unzip and tar utilities contain vulnerabilities which can allow
arbitrary files to be overwritten during archive extraction.
Debian alert: New glibc packages fix
Wolfram Gloger discovered that the bugfix from DSA 149-1 unintentially
replaced potential integer overflows in connection with malloc() with
more likely divisions by zero. This called for an update. For
completeness the original security advisory said:
« Previous ( 1 ... 551 552 553 554 555 556 557 558 559 560 561 ... 595 ) Next »