Showing headlines posted by dave

New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages. 2001-10-22: Packages are now available for Red Hat Linux 7.

Updated openssh packages are now available for Red Hat Linux 7 and 7.1. These packages fix a vulnerability which may allow unauthorized users to log in from hosts that have been denied access. 2001-10-22: Pacakges are now available for Red Hat Linux 7.

New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages. 2001-10-22: Packages are now available for Red Hat Linux 7.

Updated openssh packages are now available for Red Hat Linux 7 and 7.1. These packages fix a vulnerability which may allow unauthorized users to log in from hosts that have been denied access. 2001-10-22: Pacakges are now available for Red Hat Linux 7.

Takeshi Uno found a very stupid format string vulnerability in all versions of nvi (in both, the plain and the multilingualized version). When a filename is saved, it ought to get displayed on the screen. The routine handling this didn't escape format strings.

Updated diffutils packages are now available, fixing a temporary file handling vulnerability in the sdiff program.

A vulnerability has been found in the ptrace code of the kernel (ptrace is the part that allows program debuggers to run) that could be abused by local users to gain root privileges.

A vulnerability has been found in the ptrace code of the kernel (ptrace is the part that allows program debuggers to run) that could be abused by local users to gain root privileges.

A vulnerability has been found in the ptrace code of the kernel (ptrace is the part that allows program debuggers to run) that could be abused by local users to gain root privileges.

A vulnerability has been found in the ptrace code of the kernel (ptrace is the part that allows program debuggers to run) that could be abused by local users to gain root privileges.

Stephane Gaudreault told us that version 2.0.6a of gftp displays the password in plain text on the screen within the log window when it is logging into an ftp server. A malicious collegue who is watching the screen could gain access to the users shell on the remote machine.

In SNS Advisory No. 32 a buffer overflow vulnerability has been reported in the routine which parses MIME headers that are returned from web servers. A malicious web server administrator could exploit this and let the client web browser execute arbitrary code.

Using older versions of procmail it was possible to make procmail crash by sending it signals. On systems where procmail is installed setuid this could be exploited to obtain unauthorized privileges.

Christophe Bailleux reported on bugtraq that Xvt is vulnerable to a buffer overflow in its argument handling. Since Xvt is installed setuid root, it was possible for a normal user to pass carefully-crafted arguments to xvt so that xvt executed a root shell.

In SNS Advisory No. 32 a buffer overflow vulnerability has been reported in the routine which parses MIME headers that are returned from web servers. A malicious web server administrator could exploit this and let the client web browser execute arbitrary code.

Nergal reported a vulnerability in the htsearch program which is distributed as part of the ht://Dig package, a indexing and searching system for small domains or intranets. Using former versions it was able to pass the parameter `-c' to the cgi program in order to use a different configuration file.

New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages.

New util-linux packages are available that fix a problem with /bin/login's PAM implementation. This could, in some non-default setups, cause users to receive credentials of other users. It is recommended that all users update to the fixed packages.

Updated openssh packages are now available for Red Hat Linux 7 and 7.1. These packages fix a vulnerability which may allow unauthorized users to log in from hosts that have been denied access.

New Zope packages are available which fix a security flaw with DTML scripting.