Showing all newswire headlines

Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the username to be used for authentication is used as a format string when writing a log message. This vulnerability may allow an attacker to execute arbitrary code with the privileges of the program requesting PAM authentication.

Steve Kemp discovered a buffer overflow in zblast-svgalib, when saving the high score file. This vulnerability could be exploited by a local user to gain gid 'games', if they can achieve a high score.

Updated up2date packages for Red Hat Linux 8.0 and 9 fix RPM GPG signature verification.

Steve Kemp discovered a buffer overflow in xpcd-svga which can be triggered by a long HOME environment variable. This vulnerability could be exploited by a local attacker to gain root privileges.

Another buffer overflow was discovered in xtokkaetama, involving the "-nickname" command line option. This vulnerability could be exploited by a local attacker to gain gid 'games'.

The previous man-db update (DSA-364-1) introduced an error which resulted in a segmentation fault in the "mandb" command, which runs part of the daily cron job. This error was caused by allocating a memory region which was one byte too small to hold the data written into it.

eroaster, a frontend for burning CD-R media using cdrecord, does not take appropriate security precautions when creating a temporary file for use as a lockfile. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running eroaster.

Several vulnerabilities have been discovered in phpgroupware:

This advisory provides a correction to the previous kernel updates, which contained an error introduced in kernel-source-2.4.18 version 2.4.18-7. This error could result in a kernel "oops" under certain circumstances.

This advisory provides a correction to the previous kernel updates, which contained an error introduced in kernel-source-2.4.18 version 2.4.18-7. This error could result in a kernel "oops" under certain circumstances.

man-db provides the standard man(1) command on Debian systems. During configuration of this package, the administrator is asked whether man(1) should run setuid to a dedicated user ("man") in order to provide a shared cache of preformatted manual pages. The default is for man(1) NOT to be setuid, and in this configuration no known vulnerability exists. However, if the user explicitly requests setuid operation, a local attacker could exploit either of the following bugs to execute arbitrary code as the "man" user.

New Postfix packages that fix two potential security issues are now available.

Postfix is a flexible MTA replacement for sendmail. Michal Zalewski has reported problems in postfix which can lead to a remote DoS attack or allow attackers to bounce-scan private networks. These problems have been fixed. Even though not all of our products are vulnerable in their default configurations, the updates should be applied.

The postfix mail transport agent in Debian 3.0 contains two vulnerabilities:

mindi, a program for creating boot/root disks, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running mindi.

New KDE packages are available for Slackware 9.0. These address a security issue where Konqueror may leak authentication credentials.

Two vulnerabilities were discovered in kdelibs:

xfstt, a TrueType font server for the X window system was found to contain two classes of vulnerabilities:

A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/.

Steve Kemp discovered multiple buffer overflows in atari800, an Atari emulator. In order to directly access graphics hardware, one of the affected programs is setuid root. A local attacker could exploit this vulnerability to gain root privileges.