Showing headlines posted by dave

« Previous ( 1 ... 571 572 573 574 575 576 577 578 579 580 581 ... 595 ) Next »

SuSE alert: lprold

  • Mailing list (Posted by dave on Oct 10, 2001 7:05 AM EDT)
  • Story Type: Security; Groups: SUSE
ISS X-Force reported an overflow in BSD's lineprinter daemon shipped with the lprold package in SuSE Linux.

Red Hat alert: New Samba packages available for Red Hat Linux 5.2, 6.2, 7 and 7.1

  • Mailing list (Posted by dave on Oct 8, 2001 6:51 AM EDT)
  • Story Type: Security; Groups: Red Hat
New Samba packages are available for Red Hat Linux 5.2, 6.2, 7, and 7.1. These packages fix a security problem with remote clients giving special NetBIOS names to the server. It is recommended that all Samba users upgrade to the fixed packages. Please note that the packages for Red Hat Linux 6.2 require an updated logrotate package. UPDATE: The packages for Red Hat Linux 5.2 have been updated. The original packages detected the availability of syscalls present in kernels newer than

Red Hat alert: New squid packages available to fix FTP-based DoS

  • Mailing list (Posted by dave on Oct 4, 2001 1:41 PM EDT)
  • Story Type: Security; Groups: Red Hat
New squid packages are available that fix a potential DoS in Squid's FTP handling code. It is recommened that squid users update to the fixed packages. The packages for Red Hat Linux 6.2 also fix the problem described in RHSA-2001:097-04; it was later discovered that Red Hat Linux 6.2 is vulnerable to the same problem in accelerator-only mode.

Red Hat alert: Insecure setserial initscript

  • Mailing list (Posted by dave on Sep 26, 2001 7:30 AM EDT)
  • Story Type: Security; Groups: Red Hat
The initscript distributed with the setserial package (which is not installed or enabled by default) uses predictable temporary file names, and should not be used. setserial-

Red Hat alert: Insecure setserial initscript

  • Mailing list (Posted by dave on Sep 26, 2001 7:30 AM EDT)
  • Story Type: Security; Groups: Red Hat
The initscript distributed with the setserial package (which is not installed or enabled by default) uses predictable temporary file names, and should not be used. setserial-

Debian alert: New UUCP packages fix local exploit

  • Mailing list (Posted by dave on Sep 24, 2001 4:44 AM EDT)
  • Story Type: Security; Groups: Debian
zen-parse has found a problem with Taylor UUCP as distributed with many GNU/Linux distributions. It was possible to make `uux' execute `uucp' with malicious commandline arguments which gives an attacker access to files owned by uid/gid uucp.

Debian alert: slrn command invocation

  • Mailing list (Posted by dave on Sep 23, 2001 3:52 PM EDT)
  • Story Type: Security; Groups: Debian
Byrial Jensen found a nasty problem in slrn (a threaded news reader). The notice on slrn-announce describes it as follows:

Debian alert: squid FTP PUT problem

  • Mailing list (Posted by dave on Sep 23, 2001 3:52 PM EDT)
  • Story Type: Security; Groups: Debian
Vladimir Ivaschenko found a problem in squid (a popular proxy cache). He discovered that there was a flaw in the code to handle FTP PUT commands: when a mkdir-only request was done squid would detect an internal error and exit. Since squid is configured to restart itself on problems this is not a big problem.

Red Hat alert: Updated man package fixing GID security problems.

  • Mailing list (Posted by dave on Sep 21, 2001 12:34 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated man packages fixing a local GID man exploit and a potential GID man to root exploit, as well as a problem with the man paths of Red Hat Linux 5.x and 6.x.

Red Hat alert: Updated man package fixing GID security problems.

  • Mailing list (Posted by dave on Sep 21, 2001 12:34 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated man packages fixing a local GID man exploit and a potential GID man to root exploit, as well as a problem with the man paths of Red Hat Linux 5.x and 6.x.

SuSE alert: wmaker/WindowMaker

  • Mailing list (Posted by dave on Sep 20, 2001 8:50 AM EDT)
  • Story Type: Security; Groups: SUSE
The window manager Window Maker was found vulnerable to a buffer overflow due to improper bounds checking when setting the window title. An attacker can remotely exploit this buffer overflow by using malicious web page titles or terminal escape sequences to set a excessively long window title. This attack can lead to remote command execution with the privileges of the user running Window Maker.

Debian alert: New most packages available

  • Mailing list (Posted by dave on Sep 18, 2001 6:36 AM EDT)
  • Story Type: Security; Groups: Debian
Pavel Machek has found a buffer overflow in the `most' pager program. The problem is part of most's tab expansion where the program would write beyond the bounds two array variables when viewing a malicious file. This could lead into other data structures being overwritten which in turn could enable most to execute arbitrary code being able to compromise the users environment.

Red Hat alert: New bugzilla packages are available

  • Mailing list (Posted by dave on Sep 10, 2001 11:42 AM EDT)
  • Story Type: Security; Groups: Red Hat
The updated bugzilla package fixes numerous security issues which were present in previous releases of bugzilla.

Red Hat alert: New bugzilla packages are available

  • Mailing list (Posted by dave on Sep 10, 2001 11:42 AM EDT)
  • Story Type: Security; Groups: Red Hat
The updated bugzilla package fixes numerous security issues which were present in previous releases of bugzilla.

Red Hat alert: New bugzilla packages are available

  • Mailing list (Posted by dave on Sep 10, 2001 11:42 AM EDT)
  • Story Type: Security; Groups: Red Hat
The updated bugzilla package fixes numerous security issues which were present in previous releases of bugzilla.

Red Hat alert: New bugzilla packages are available

  • Mailing list (Posted by dave on Sep 10, 2001 11:42 AM EDT)
  • Story Type: Security; Groups: Red Hat
The updated bugzilla package fixes numerous security issues which were present in previous releases of bugzilla.

SuSE alert: apache-contrib

  • Mailing list (Posted by dave on Sep 10, 2001 9:17 AM EDT)
  • Story Type: Security; Groups: SUSE
The Apache module mod_auth_mysql 1.4,which is shipped since SuSE Linux 7.1, was found vulnerable to possible bypass authentication by MySQL command injection. An adversary could insert MySQL commands along with a password and these commands will be interpreted by MySQL while mod_auth_mysql is doing the password lookup in the database. A positive authentication could be returned.

Red Hat alert: Updated xinetd package available for Red Hat Linux 7 and 7.1

  • Mailing list (Posted by dave on Sep 10, 2001 8:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
A security audit has been done by Solar Designer on xinetd, and the results are now being made available as a preemptive measure.

Red Hat alert: Updated xinetd package available for Red Hat Linux 7 and 7.1

  • Mailing list (Posted by dave on Sep 10, 2001 8:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
A security audit has been done by Solar Designer on xinetd, and the results are now being made available as a preemptive measure.

Red Hat alert: Updated xinetd package available for Red Hat Linux 7 and 7.1

  • Mailing list (Posted by dave on Sep 10, 2001 8:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
A security audit has been done by Solar Designer on xinetd, and the results are now being made available as a preemptive measure.

« Previous ( 1 ... 571 572 573 574 575 576 577 578 579 580 581 ... 595 ) Next »