Showing headlines posted by dave
« Previous ( 1 ... 567 568 569 570 571 572 573 574 575 576 577 ... 595 ) Next »Debian alert: gpm (gpm-root) format string vulnerabilities
The package 'gpm' contains the 'gpm-root' program, which can be used to
create mouse-activated menus on the console.
Among other problems, the gpm-root program contains a format string
vulnerability, which allows an attacker to gain root privileges.
Red Hat alert: Updated namazu packages are available
Updated namazu packages are available for Red Hat Linux 7.0J. These
packages fix cross-site scripting vulnerability.
SuSE alert: glibc/shlibs, in.ftpd
This security announcement obsoletes SuSE-SA:2001:001 about glibc (shlibs).
Red Hat alert: Updated Mailman packages available
Updated Mailman packages are now available for Red Hat PowerTools 7 and
7.1. These updates fix cross-site scripting bugs which might allow another
server to be used to gain a user's private information from a server
running Mailman.
Red Hat alert: Updated Mailman packages available
Updated Mailman packages are now available for Red Hat Linux 7.
Mandrake alert: glibc update
Flavio Veloso found an overflowable buffer problem in earlier versions of the glibc glob(3) implementation. It may be possible to exploit some programs that pass input to the glibc glob() function in a manner that can be modified by the user.
Mandrake alert: libgtop update
A remote format string vulnerability was found in the libgtop daemon by Laboratory intexxia. By sending a specially crafted format string to the server, a remote attacker could potentially execute arbitrary code on the remote system with the daemon's permissions. By default libgtop runs as the user nobody, but the flaw could be used to compromise local system security by allowing the attacker to exploit other local vulnerabilities. A buffer overflow was also found by Flavio Veloso which could allow the client to execute code on the server. Both vulnerabilities are patched in this update and will be fixed upstream in version 1.0.14. libgtop_daemon is not invoked by default anywhere in Mandrake Linux.
Mandrake alert: kerberos update
A buffer overflow exists in the telnet portion of Kerberos that could provide root access to local users. MDKSA-2001:068 provided a similar fix to the normal telnet packages, but the Kerberized equivalent was not updated previously.
Debian alert: mailman cross-site scripting problem
Barry A. Warsaw reported several cross-site scripting security holes
in Mailman, due to non-existent escaping of CGI variables.
Red Hat alert: Updated glibc packages are available
Updated glibc packages are available to fix an overflowable buffer
and for 7.x to fix a couple of non-security related bugs.
Mandrake alert: openssh update
The new OpenSSH 3.0.2 fixes a vulnerability in the UseLogin option. By default, Mandrake Linux does not enable UseLogin, but if the administrator enables it, local users are able to pass environment variables to the login process. This update also fixes a security hole in the KerberosV support that is present in versions 2.9.9 and 3.0.0.
Mandrake alert: passwd update
The default pam files for the passwd program did not include support for md5 passwords, thus any password changes or post-install added users would not have md5 passwords.
Debian alert: postfix memory exhaustion
Wietse Venema reported he found a denial of service vulnerability in
postfix. The SMTP session log that postfix keeps for debugging purposes
could grow to an unreasonable size.
Red Hat alert: Updated secureweb packages available
Updated packages are now available for Red Hat Secure Web Server 3.2 (U.S.).
These updates close a potential security hole which would present clients
with a listing of the contents of a directory instead of the contents of an
index file or the proper error message.
The previous revision of this errata advisory included incorrect URLs. This
revision lists the correct location of the updated packages.
Red Hat alert: Updated secureweb packages available
Updated packages are now available for Red Hat Secure Web Server 3.2 (U.S.).
These updates close a potential security hole which would present clients
with a listing of the contents of a directory instead of the contents of an
index file or the proper error message.
SuSE alert: openssh
This is a re-release of the SuSE Security Announcement SuSE-SA:2001:044,
adding another bugfix for the openssh package as well as more detailed
information about the vulnerabilities to prevent misunderstandings.
Debian alert: local root in wmtv
Nicolas Boullis found a nasty security problem in the wmtv (a
dockable video4linux tv player for windowmaker) package as
distributed in Debian GNU/Linux 2.2.
Debian alert: OpenSSH UseLogin vulnerability
If the UseLogin feature is enabled in for ssh local users could
pass environment variables (including variables like LD_PRELOAD)
to the login process. This has been fixed by not copying the
environment of UseLogin is enabled.
Debian alert: xtel symlink vulnerabilities
The xtel (a X emulator for minitel) package as distributed with Debian
GNU/Linux 2.2 has two possible symlink attacks:
Debian alert: several problems in icecast-server
The icecast-server (a streaming music server) package as distributed
in Debian GNU/Linux 2.2 has several security problems:
« Previous ( 1 ... 567 568 569 570 571 572 573 574 575 576 577 ... 595 ) Next »