Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7231 7232 7233 7234 7235 7236 7237 7238 7239 7240 7241 ... 7442 ) Next »

Mandrake security alert: Updated cvs packages fix remotely exploitable vulnerability

  • Mailing list; By Mandrake Linux Security Team <security@linux-mandrake.com> (Posted by dave on Apr 14, 2004 9:29 AM EDT)
  • Story Type: Security; Groups: Mandriva
Sebastian Krahmer from the SUSE security team discovered a remotely exploitable vulnerability in the CVS client. When doing a cvs checkout or update over a network, the client accepts absolute pathnames in the RCS diff files. A maliciously configured server could then create any file with content on the local user's disk. This problem affects all versions of CVS prior to 1.11.15 which has fixed the problem.

Unite and conquer

  • NewsForge; By Evan Leibovitch (Posted by dave on Apr 14, 2004 9:06 AM EDT)
  • Story Type: News Story
A recent commentary by Robin Miller regarding squabbling within the free software and open source communities was a useful wake-up call. This bickering is having a detrimental effect on our ability to confront those who are trying to convince policy and opinion makers against the use of free and open source software (FOSS). These challenges are neither severe nor insurmountable, but they do require the parties understand the differences between internal and external debate.

Debian alert: New mysql packages fix insecure temporary file creation

  • Mailing list; By joey@infodrom.org (Martin Schulze) (Posted by dave on Apr 14, 2004 9:06 AM EDT)
  • Story Type: Security; Groups: Debian
Two vulnerabilities have been discovered in mysql, a common database system. Two scripts contained in the package don't create temporary files in a secure fashion. This could allow a local attacker to overwrite files with the privileges of the user invoking the MySQL server, which is often the root user.

Via "violates" GNU GPL with Padlock

  • The Inquirer (Posted by dave on Apr 14, 2004 8:57 AM EDT)
  • Story Type: News Story; Groups: GNU
The Sourceforge project administrator has claimed that Via's "Padlock" software violates the GNU general public licence (GPL). Via Padlock, said Eric Harmon, breaks the conditions of the GPL in three ways.

Is Windows safer than Linux?

  • Network World on Linux; By Phil Hochmuth (Posted by dave on Apr 14, 2004 8:49 AM EDT)
  • Story Type: News Story; Groups: Microsoft
A recent study comparing Windows and Linux vulnerabilities showed that Microsoft is quicker at responding to problems in its software, while many of the leading Linux distributions lag in reaction time. The study conducted by Forrester Research..

Debian alert: New Linux 2.4.17 packages fix local root exploit (source+powerpc/apus+s390)

  • Mailing list; By joey@infodrom.org (Martin Schulze) (Posted by dave on Apr 14, 2004 8:42 AM EDT)
  • Story Type: Security; Groups: Debian
Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the PowerPC/apus and S/390 architectures.

Fedora Core alert: Updated kernel packages resolve security vulnerabilities

  • Mailing list; By Dave Jones <davej@redhat.com> (Posted by dave on Apr 14, 2004 8:16 AM EDT)
  • Story Type: Security; Groups: Fedora
iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue.

Debian alert: New Linux 2.4.17 packages fix local root exploit (ia64)

  • Mailing list; By joey@infodrom.org (Martin Schulze) (Posted by dave on Apr 14, 2004 8:11 AM EDT)
  • Story Type: Security; Groups: Debian
Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 for the IA-64 architecture.

SUSE alert: Linux Kernel (SuSE-SA:2004:009)

  • Mailing list; By Thomas Biege <thomas@suse.de> (Posted by dave on Apr 14, 2004 8:00 AM EDT)
  • Story Type: Security; Groups: SUSE
iDEFENSE Inc. informed us about a buffer overflow in the linux 2.4 kernel code which handles ISO9660 filesystems. The original code is not able to handle very long symlink names. The vulnerability can be triggered locally by mounting removable media that contains a malformed filesystem or by using the loopback device. Exploiting this buffer overflow results in kernel-level access to the system.

SUSE alert: cvs (SuSE-SA:2004:008)

  • Mailing list; By Sebastian Krahmer <krahmer@suse.de> (Posted by dave on Apr 14, 2004 8:00 AM EDT)
  • Story Type: Security; Groups: SUSE
During the analyzation of the CVS protocol and their implementation, the SuSE Security Team discovered a flaw within the handling of pathnames. Evil CVS servers could specify absolute pathnames during checkouts and updates, which allows to create arbitrary files with the permissions of the user invoking the CVS client. This could lead to a compromise of the system.

Introduction to Linux Audio

  • OSnews; By Filippo Pappalardo (Posted by dave on Apr 14, 2004 7:50 AM EDT)
  • Story Type: News Story
I wanted to write something about the great progress being carried on linux as OS of choice for a professional Digital Audio Workstation (DAW) since a long time. With the inclusion of the Advanced Linux Sound Architecture (ALSA) into the 2.6 kernels, time has come to extend my experiences to all of you.

Debian alert: New Linux 2.4.17 and 2.4.18 packages fix local root exploit (hppa)

  • Mailing list; By joey@infodrom.org (Martin Schulze) (Posted by dave on Apr 14, 2004 7:45 AM EDT)
  • Story Type: Security; Groups: Debian
Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.17 and 2.4.18 for the hppa (PA-RISC) architecture.

SUSE alert: Linux Kernel (SuSE-SA:2004:009)

  • Mailing list; By Thomas Biege <thomas@suse.de> (Posted by dave on Apr 14, 2004 7:23 AM EDT)
  • Story Type: Security; Groups: SUSE
iDEFENSE Inc. informed us about a buffer overflow in the linux 2.4 kernel code which handles ISO9660 filesystems. The original code is not able to handle very long symlink names. The vulnerability can be triggered locally by mounting removable media that contains a malformed filesystem or by using the loopback device. Exploiting this buffer overflow results in kernel-level access to the system.

Debian alert: New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)

  • Mailing list; By joey@infodrom.org (Martin Schulze) (Posted by dave on Apr 14, 2004 7:23 AM EDT)
  • Story Type: Security; Groups: Debian
Several serious problems have been discovered in the Linux kernel. This update takes care of Linux 2.4.18 for the alpha, i386 and powerpc architectures.

Mandrakelinux 10.0 Official is available!

Mandrakesoft today announce the availability of Mandrakelinux 10.0 Official, a full-featured operating system that includes a full suite of desktop and server applications. Mandrakelinux 10.0 Official is available for download to Mandrakeclub Members, and as part of Mandrakesoft's complete range of retail packs, now available for pre-order on http://www.mandrakestore.com and soon in retail stores (Suggested Retail Price for all products are shown below).

Red Hat alert: Updated CVS packages fix security issue

  • Mailing list; By bugzilla@redhat.com (Posted by dave on Apr 14, 2004 6:47 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated cvs packages that fix a client vulnerability that could be exploited by a malicious server are now available.

Red Hat alert: Updated cadaver package fixes security vulnerability in neon

  • Mailing list; By bugzilla@redhat.com (Posted by dave on Apr 14, 2004 6:47 AM EDT)
  • Story Type: Security; Groups: Red Hat
An updated cadaver package that fixes a vulnerability in neon exploitable by a malicious DAV server is now available.

Network packet capturing for Linux

This intermediate tutorial covers different mechanisms for capturing and manipulating packets. Security applications -- such as VPNs, firewalls, and sniffers, and network apps such as routers -- rely on methods like those described here to do their work. Once you have the hang of them, you will rely on them too. You won't want to miss this tutorial all about packet interception, covering kernels from 2.2.x to the present and techniques from divert socket and netfilter to interrupt handling and messing with the kernel source code itself.

Real World Linux 2004, Day 1: A real world experience

  • NewsForge; By David 'cdlu' Graham (Posted by dave on Apr 14, 2004 6:39 AM EDT)
  • Story Type: News Story
Real World Linux 2004 Conference and Expo is taking place this year at the Metro Toronto Convention Center, North building, next to the Canadian National Tower in the middle of Canada's largest city.

Stanford’s Linux, Solaris boxes attacked

  • The Inquirer (Posted by dave on Apr 14, 2004 6:27 AM EDT)
  • Story Type: News Story
Multi user Solaris and Linux boxes at the prestigious Stanford University campus have been turned over by hackers. According to an "advisory", or warning as we used to call it, put out by the university's Information Technology Systems and Services department its Solaris and Linux computers were the target of a "large number of sophisticated attacks by an individual or a group."

« Previous ( 1 ... 7231 7232 7233 7234 7235 7236 7237 7238 7239 7240 7241 ... 7442 ) Next »