Showing headlines posted by dave
« Previous ( 1 ... 588 589 590 591 592 593 594 ... 595 ) Next »Debian alert: glibc update for Debian GNU/Linux 2.1
Recently two problems have been found in the glibc suite, which could be
used to trick setuid applications to run arbitrary code.
Debian alert: new version of screen released
A format string bug was recently discovered in screen which can be used
to gain elevated privilages if screen is setuid. Debian 2.1 (slink) did
ship screen setuid and the exploit can be used to gain root privilages.
In Debian 2.2 (potato) screen is not setuid, and is not vulnerable to a
root exploit. screen is, however, setgid utmp in Debian 2.2 (potato) and
we recommend upgrading.
Slackware alert: Perl root exploit in Slackware 7.1 & -current
A root exploit was found in the /usr/bin/suidperl5.6.0 program that
shipped with the Slackware 7.1 perl.tgz package.
Debian alert: New version of glibc released
Recently two problems have been found in the glibc suite, which could be
used to trick setuid applications to run arbitrary code.
Debian alert: New version of Netscape Communicator/Navigator released
Existing Netscape Communicator/Navigator packages contain the following
vulnerabilities:
Red Hat alert: glibc vulnerabilities in ld.so, locale and gettext
Several bugs were discovered in glibc which could allow local users to
gain root privileges.
Debian alert: New version of xchat released (update)
The version of X-Chat that was distributed with Debian GNU/Linux 2.2
has a vulnerability in the URL handling code: when a user clicks on
a URL X-Chat will start netscape to view its target. However it
did not check the URL for shell metacharacters, and this could be
abused to trick xchat into executing arbitraty commands.
Debian alert: New version of xchat released
The version of X-Chat that was distributed with Debian GNU/Linux 2.2
has a vulnerability in the URL handling code: when a user clicks on
a URL X-Chat will start netscape to view its target. However it
did not check the URL for shell metacharacters, and this could be
abused to trick xchat into executing arbitraty commands.
Debian alert: New version of ntop released
The updated version of ntop (1.2a7-10) that was released on August 5
was found to still be insecure: it was still exploitable using buffer
overflows. Using this technique it was possible to run arbitrary code
as the user who ran ntop in web mode.
Red Hat alert: Updated usermode packages.
Updated usermode packages are now available for Red Hat Linux 6.0, 6.1, and
6.
SuSE alert: Netscape
Due to US-American export restrictions for cryptographical software,
we are unable to provide update packages on our US ftp server http://ftp.suse.com. Instead, the packages can be found on http://ftp.suse.de. For
The legal issues have been resolved: Here are the links to download the SuSE Netscape update packages from our US-American ftp server:
The legal issues have been resolved: Here are the links to download the SuSE Netscape update packages from our US-American ftp server:
Red Hat alert: XChat can pass URLs from IRC to a shell
A new XChat package is available that fixes a possible
security hole.
SuSE alert: Netscape
Two security problems exist in the netscape package as shipped with SuSE Linux distributions. a) Improper verification in Netscape's jpeg processing code can lead to a buffer overflow where data read from the network can overwrite memory. As a result, arbitrary code from a remote origin could be executed. The attack is particularly dangerous since it can penetrate firewall setups. Netscape version 4.74 fixes (fixed) this vulnerability. b) Due to an error in the java implementation in Netscape, it is possible for an attacker to view files and directories with the priviledges of the user running Netscape if the user visits a malisciously crafted webpage. This issue is known as "Brown Orifice" and requires the user to have Java enabled in her browser configuration. Again, this attack can penetrate firewall setups. See http://www.brumleve.com/BrownOrifice for details.
Debian alert: new version of zope released (updated)
On versions of Zope prior to 2.2.1 it was possible for a user with the
ability to edit DTML to gain unauthorized access to extra roles during a
request. A fix was previously announced in the Debian zope package
2.1.6-5.1, but that package did not fully address the issue and has been
superseded by this announcement. More information is available at
http://www.zope.org/Products/Zope/Hotfix_2000-08-17/security_alert
Red Hat alert: New Netscape packages fix Java security hole
New Netscape packages are available to fix a serious security
problem with Java. It is recommended that all netscape users
update to the new packages. Users of Red Hat Linux 6.0 and 6.1
should use the packages for Red Hat Linux 6.
Red Hat alert: Updated mailx and perl packages are now available.
Updated perl and mailx package are now available which fix a potential
exploit made possible by incorrect assumptions made in suidperl.
This advisory contains additional instructions for installing the necessary
updates.
Red Hat alert: Zope update
Vulnerabilities exist with all Zope-
Debian alert: New version of xlockmore/xlockmore-gl released
There is a format string bug in all versions of xlockmore/xlockmore-gl.
Debian 2.1 (slink) installs xlock setgid by default, and this exploit
can be used to gain read access to the shadow file. We recommend
upgrading immediately.
Debian alert: new version of zope released
On versions of Zope prior to 2.2beta1 it was possible for a user with the
ability to edit DTML can gain unauthorized access to extra roles during a
request.
Red Hat alert: Updated usermode packages.
Updated usermode packages are now available for Red Hat Linux 6.0, 6.1, and
6.
« Previous ( 1 ... 588 589 590 591 592 593 594 ... 595 ) Next »