Showing headlines posted by dave
« Previous ( 1 ... 580 581 582 583 584 585 586 587 588 589 590 ... 595 ) Next »Debian alert: New version of BIND 8 released
BIND 8 suffered from several buffer overflows. It is possible to
construct an inverse query that allows the stack to be read remotely
exposing environment variables. CERT has disclosed information about
these issues. A new upstream version fixes this. Due to the
complexity of BIND we have decided to make an exception to our rule by
releasin the new upstream source to our stable distribution.
Slackware alert: multiple vulnerabilities in bind 8.x
Multiple vulnerabilities exist in the versions of BIND found in Slackware
7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix
these problems. More information can be found on the BIND website:
Debian alert: New sparc packages of OpenSSH released
A former security upload of OpenSSH was linked against the wrong
version of libssl (providing an API to SSL), that version was not
available on sparc. This ought to fix a former upload that lacked
support for PAM which lead into people not being able to log in into
their server. This was only a problem on the sparc architecture.
Debian alert: New sparc packages of OpenSSH released
A former security upload of OpenSSH lacked support for PAM which lead
into people not being able to log in into their server. This was only
a problem on the sparc architecture.
Debian alert: New version of cron released
The FreeBSD team has found a bug in the way new crontabs were handled
which allowed malicious users to display arbitrary crontab files on
the local system. This only affects valid crontab files so can't be
used to get access to /etc/shadow or something. crontab files are not
especially secure anyway, as there are other ways they can leak. No
passwords or similar sensitive data should be in there.
Debian alert: New version of inn2 released
1. People at WireX have found several potential insecure uses of
temporary files in programs provided by INN2. Some of them only
lead to a vulnerability to symlink attacks if the temporary
directory was set to /tmp or /var/tmp, which is the case in many
installations, at least in Debian packages. An attacker could
overwrite any file owned by the news system administrator,
i.e. owned by news.news.
Debian alert: New version of exmh released
Former versions of the exmh program used /tmp for storing temporary
files. No checks were made to ensure that nobody placed a symlink
with the same name in /tmp in the meantime and thus was vulnerable to
a symlink attack. This could lead to a malicious local user being
able to overwrite any file writable by the user executing exmh.
Upstream developers have reported and fixed this. The exmh program
now use /tmp/login now unless TMPDIR or EXMHTMPDIR is set.
SuSE alert: shlibs/glibc
ld-linux.so.2, the dynamical linker, adds shared libraries to the memoryspace of a program to be started. Its flexibility allows for some environment variables to influence the linking process such as preloading shared libraries as well as defining the path in which the linker will search for the shared libraries. Special care must be exercised when runtime-linking setuid- or setgid-binaries: The runtime-linker must not link against user-specified libraries since the code therein would then run with the elevated privileges of the suid binary. The runtime-linker as used in the SuSE distributions ignores the content of the critical environment variables if the specified path begins with a slash ("/"), or if the library file name is not cached (eg it is contained in a path from /etc/ld.so.conf). However, Solar Designer has found out that even preloading glibc- native shared libraries can be dangerous: The code in the user-linked library is not aware of the fact that the binary runs with suid or sgid privileges. Using debugging features of the glibc (and possibly other features) it is possible for a local attacker to overwrite arbitrary files with the elevated privileges of the suid/sgid binary executed. This may lead to a local root compromise.
Debian alert: New version of Apache released
WireX have found some occurrences of insecure opening of temporary
files in htdigest and htpasswd. Both programs are not installed
setuid or setgid and thus the impact should be minimal. The Apache
group has released another security bugfix which fixes a vulnerability
in mod_rewrite which may result the remote attacker to access
arbitrary files on the web server.
Debian alert: New versions of PHP4 released
The Zend people have found a vulnerability in older versions of PHP4
(the original advisory speaks of 4.0.4 while the bugs are present in
4.0.3 as well). It is possible to specify PHP directives on a
per-directory basis which leads to a remote attacker crafting an HTTP
request that would cause the next page to be served with the wrong
values for these directives. Also even if PHP is installed, it can be
activated and deactivated on a per-directory or per-virtual host basis
using the "engine=on" or "engine=off" directive. This setting can be
leaked to other virtual hosts on the same machine, effectively
disabling PHP for those hosts and resulting in PHP source code being
sent to the client instead of being executed on the server.
Debian alert: New version of squid released
WireX discovered a potential temporary file race condition in the way
that squid sends out email messages notifying the administrator about
updating the program. This could lead to arbitrary files to get
overwritten. However the code would only be executed if running a
very bleeding edge release of squid, running a server whose time is
set some number of months in the past and squid is crashing. Read it
as hardly to exploit. This version also containes more upstream
bugfixes wrt. dots in hostnames and unproper HTML quoting.
Red Hat alert: New micq packages are available
New micq packages are available which fix a buffer overflow vulnerability.
Red Hat alert: Updated PHP packages available for Red Hat Linux 5.2, 6.x, and 7
Updated PHP packages are now available for Red Hat Linux 5.2, 6.x, and 7.
Red Hat alert: String format vulnerability in icecast
A remote vulnerablity allows execution of arbitrary code.
Debian alert: Correction: New version of wu-ftpd released
Security people at WireX have noticed a temp file creation bug and the
WU-FTPD development team has found a possible format string bug in
wu-ftpd. Both could be remotely exploited, though no such exploit
exists currently.
Debian alert: Correction: New version of wu-ftpd released
Security people at WireX have noticed a temp file creation bug and the
WU-FTPD development team has found a possible format string bug in
wu-ftpd. Both could be remotely exploited, though no such exploit
exists currently.
Debian alert: New version of tinyproxy released
PkC have found a heap overflow in tinyproxy that could be remotely
exploited. An attacker could gain a shell (user nobody) remotely.
Debian alert: Correction: New version of splitvt released
This advisory is only a corrected security advisory for DSA 014-1
since I wasn't careful enough last night and files from an older
advisory back from June 2000 slipped through. To keep confusion to a
minimum this advisory contains all relevant URLs - and only these.
Red Hat alert: Updated mysql packages available for Red Hat Linux 7
The MySQL database that shipped with Red Hat Linux 7 and the updates for it
have been reported by the MySQL authors to have security problems.
Debian alert: New version of jazip released
With older versions of jazip a user could gain root access for members
of the floppy group to the local machine. The interface doesn't run
as root anymore and this very exploit was prevented. The program now
also truncates DISPLAY to 256 characters if it is bigger, which closes
the buffer overflow (within xforms).
« Previous ( 1 ... 580 581 582 583 584 585 586 587 588 589 590 ... 595 ) Next »