Showing headlines posted by dave

[The mail just sent was formatted like an attachment due to a misconception on my side. This mail is only the clearsign version. ]

Updated wordtrans packages are now available for Red Hat Linux 7.3 which fix remote vulnerabilities in wordtrans-web.

Ethereal developers discovered a buffer overflow in the ISIS protocol dissector. It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the "manual" browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable. Update: The 8.1 package had an incorrect dependency on perl. This package has been replaced with a proper package. Please note the differing md5 sums.

A vulnerability was discovered in linuxconf by Dave Aitel and later by iDEFENSE that is locally exploitable to obtain elevated privilege.

A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id.

Spybreak discovered a problem in scrollkeeper, a free electronic cataloging system for documentation. The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user.

Updated scrollkeeper packages are now available for Red Hat Linux 7.3 which fix a tempfile vulnerability.

An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker.

Updated PXE packages are now available for Red Hat Linux which fix a vulnerability that can crash the PXE server using certain DHCP packets.

Numerous vulnerabilities in the HylaFAX product exist in versions prior to 4.1.3. It does not check the TSI string which is received from remote FAX systems before using it in logging and other places.

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the "manual" browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable.

Updated ethereal packages are available which fix various security issues.

Zack Weinberg discovered an insecure use of a temporary file in os._execvpe from os.py. It uses a predictable name which could lead execution of arbitrary code.

Updated mailman packages are now available for Red Hat Secure Web Server 3.2 (U.S.). These updates close a cross-site scripting vulnerability present in mailman versions prior to version

The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code. The 'Manual' browser command passes an untrusted string to the shell without escaping or reliable quoting, permitting an attacker to execute arbitrary commands on the users machine. Unfortunately, Gaim doesn't display the hyperlink before the user clicks on it. Users who use other inbuilt browser commands aren't vulnerable.

A vulnerability was discovered by Solar Designer in xinetd. File descriptors for the signal pipe that were introduced in version 2.3.4 are leaked into services started by xinetd, which can then be used to talk to xinetd, resulting in a crash of xinetd.

Quoting DSA 147-1:

Updated mailman packages are now available for Red Hat Power Tools 7 and 7.1. These updates close a cross-site scripting vulnerability present in mailman versions prior to version

Updated mailman packages are now available for Red Hat Linux 7.2 and 7.3. These updates close a cross-site scripting vulnerability present in mailman versions prior to version