Showing headlines posted by dave
« Previous ( 1 ... 590 591 592 593 594 595 )Red Hat alert: man package's 'makewhatis' uses insecure handling of files in /tmp
The makewhatis portion of the man package used files in /tmp
in an insecure fashion. It was possible for local users to
exploit this vulnerability to modify files that they normally
could not and gain elevated privilege.
Debian alert: New version of canna released.
The canna package as distributed in Debian GNU/Linux 2.1 can be
remotely exploited to gain access. This could be done by overflowing
a buffer by sending a SR_INIT command with a very long usernamd or
groupname.
Debian alert: New verion of dhcp released
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2
(potato) are vulnerable to a root exploit. The OpenBSD team reports that the
client inappropriately executes commands embedded in replies sent from a dhcp
server. This means that a malicious dhcp server can execute commands on the
client with root privilages.
SuSE alert: Problems after Kernel Update
alot of customers report problems after updateing the kernel.
Please, execute 'mk_initrd' and 'lilo' after upgrading the kernel.
Slackware alert: wu-ftpd remote exploit patched
A remote exploit has been found in the FTP daemon, wu-ftpd. This can
allow an attacker full access to your machine.
SuSE alert: kernel-2.2.x
The implementation of the capability feature of the kernel
SuSE alert: wuftpd-2.6
The wu-ftp FTP server does not do proper bounds checking while processing the SITE EXEC command.
Red Hat alert: remote root exploit (SITE EXEC) fixed
A security bug in wu-ftpd can permit remote users, even without
an account, to gain root access.
The new version closes the hole.
Debian alert: New Debian wu-ftpd packages released
The version of wu-ftpd distributed in Debian GNU/Linux 2.1 (a.k.a. slink),
as well as in the frozen (potato) and unstable (woody) distributions, is
vulnerable to a remote root compromise. The default configuration in all
current Debian packages prevents the currently available exploits in the
case of anonymous access, although local users could still possibly
compromise the server.
Red Hat alert: Zope update
Remote vulnerabilities exist with all Zope-
Red Hat alert: New Linux kernel fixes security bug
This new kernel release fixes a security hole that could
affect any setuid program on the system. In addition,
several accumulated fixes are included.
Red Hat alert: New Linux kernel fixes security bug
This new kernel release fixes a security hole that could
affect any setuid program on the system. In addition,
several accumulated fixes are included.
Red Hat alert: Updated Kerberos 5 packages are now available for Red Hat Linux.
Security vulnerabilities have been found in the Kerberos 5 implementation
shipped with Red Hat Linux 6.
Red Hat alert: Updated Kerberos 5 packages are now available for Red Hat Linux.
Security vulnerabilities have been found in the Kerberos 5 implementation
shipped with Red Hat Linux 6.
Red Hat alert: New emacs packages available
With emacs < 20.7, unprivileged local users can eavesdrop the communication between Emacs and its subprocesses.
Slackware alert: Kernel 2.2.16 and /usr/bin/Mail
The 2.2.16 release of the Linux kernel is available and includes a number of
security fixes. The following list of fixes comes from the kernel release
notes:
Red Hat alert: kdelibs vulnerability for suid-root KDE applications
In kdelibs 1.1.2 there are security issues for some applications when they are run suid root.
Red Hat alert: New majordomo packages available
New majordomo packages are available to fix local security problems in majordomo.
Red Hat alert: Updated mailman packages are available.
New mailman packages are available which close security holes present
in earlier versions of mailman.