Showing headlines posted by dave
« Previous ( 1 ... 566 567 568 569 570 571 572 573 574 575 576 ... 595 ) Next »Red Hat alert: Updated sudo packages are available
Updated sudo packages fixing a security problem are available.
Red Hat alert: New groff packages available to fix security problems
New groff packages have been made available that fix an overflow in groff.
If the printing system running this is a security issue, it is recommended
to update to the new, fixed packages.
Debian alert: New sudo packages fix local root exploit
Sebastian Krahmer from SuSE found a vulnerability in sudo which could
easily lead into a local root exploit.
Debian alert: CIPE DoS attack
Larry McVoy found a bug in the packet handling code for the CIPE
VPN package: it did not check if a received packet was too short
and could crash.
SuSE alert: sudo
The SuSE Security Team discovered a bug in the sudo program which is installed setuid to root. Attackers may trick "sudo" to log failed sudo invocations executing the sendmail program with root-privileges and not completely cleaned environment. Depending on the installed mail-package this may enable attackers to execute code as root. This is the case for at least the postfix mailer. Other mailers may be exploited in a similar way. This bug has been fixed by having "sudo" invoke the sendmail command with user-privileges instead. Please update your sudo package regardless of the mail-packages you are using. As a temporary workaround you may remove the s-bit from sudo with the "chmod -s `which sudo`" command, which will disable the sudo functionality.
Debian alert: glibc buffer overflow
A buffer overflow has been found in the globbing code for glibc.
This code which is used to glob patterns for filenames and is
commonly used in applications like shells and FTP servers.
Slackware alert: Pine update fixes insecure URL-handling
Pine 4.44 packages are now available to fix a problem with insecure URL
handling.
Slackware alert: glibc glob overflow patched
A buffer overflow has been found in the glob(3) function in glibc.
Fixed packages for Slackware 8.0 are now available.
Red Hat alert: New mutt packages available to fix security problem
New mutt packages that fix an overflow in mutt's address parsing code are
available. It is recommended that all mutt users update to the fixed packages.
Red Hat alert: Updated namazu packages are available
Updated namazu packages are available for Red Hat Linux 7.0J. These
packages fix cross-site scripting vulnerabilities. It also fixes a possible
buffer overflow.
Mandrake alert: bind update
There are some insecure permissions on configuration files and executables with the bind 9.x packages shipped with Mandrake Linux 8.0 and 8.1. This update provides stricter permissions by making the /etc/rndc.conf and /etc/rndc.key files read/write by the named user and by making /sbin/rndc-confgen and /sbin/rndc read/write/executable only by root.
Mandrake alert: mutt update
Joost Pol reported a remotely exploitable buffer overflow in the mutt email client. It is recommended that all mutt users upgrade their packages immediately.
Mandrake alert: glibc update
Flavio Veloso found an overflowable buffer problem in earlier versions of the glibc glob(3) implementation. It may be possible to exploit some programs that pass input to the glibc glob() function in a manner that can be modified by the user. Update: The glibc update for 8.0/PPC resulted in ldconfig segfaulting consistently. This update fixes the problems with ldconfig on PPC.
Debian alert: two libgtop security problems
Two different problems where found in libgtop-daemon:
Slackware alert: mutt remote exploit patched
An exploitable overflow has been found in the address handling code of the
mutt mail client version 1.2.5i supplied with Slackware 8.0. A new
mutt-1.2.5.1 has been released which addresses this problem, and packages
are now available for Slackware 8.0 and -current.
SuSE alert: mutt
mutt, a popular mail client for Linux-like systems, is vulnerable to a buffer overflow that is remotely exploitable. We have added patches to the versions of mutt as shipped with the affected distributions to fix the problem. We recommend to install the update package for your product and to restart all running instances of mutt. We thank Joost Pol for reporting the problem to the makers of mutt.
Debian alert: New versions of Exim fix uncontrolled program execution
Patrice Fournier discovered a bug in all versions of Exim older than
Exim 3.34 and Exim 3.952.
Debian alert: mutt buffer overflow, sparc update
The sparc binary for the mutt security fix described in DSA-096-1
is now available.
Debian alert: mutt buffer overflow
Joost Pol found a buffer overflow in the address handling code of
mutt (a popular mail user agent). Even though this is a one byte
overflow this is exploitable.
Red Hat alert: Updated Mailman packages available
Updated Mailman packages are now available for Red Hat Secure Web Server
3.2 (U.S.). These updates fix cross-site scripting bugs which might allow
another server to be used to gain a user's private information from a
server running Mailman.
« Previous ( 1 ... 566 567 568 569 570 571 572 573 574 575 576 ... 595 ) Next »