Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7345 7346 7347 7348 7349 7350 7351 7352 7353 7354 7355 ... 7384 ) Next »
Debian alert: Multiple OpenSSL problems
The OpenSSL development team has announced that a security audit by A.L.
Digital Ltd and The Bunker, under the DARPA CHATS program, has revealed
remotely exploitable buffer overflow conditions in the OpenSSL code.
Additionaly, the ASN1 parser in OpenSSL has a potential DoS attack
independently discovered by Adi Stav and James Yonan.
Red Hat alert: Updated openssl packages fix remote vulnerabilities
Updated OpenSSL packages are available which fix several serious buffer
overflow vulnerabilities.
Red Hat alert: Updated util-linux package fixes password locking race
A locally exploitable vulnerability is present in the util-linux package
shipped with Red Hat Linux
Red Hat alert: Updated glibc packages fix vulnerabilities in resolver
Updated glibc packages are available to fix two vulnerabilities in the
resolver functions.
Red Hat alert: Updated mod_ssl packages available
Updated mod_ssl packages are now available for Red Hat Linux 7, 7.1, 7.2,
and 7.3. These updates incorporate a fix for an incorrect bounds check in
versions of mod_ssl up to and including version
SuSE alert: Resolver
A vulnerability has been discovered in some resolver library functions. The affected code goes back to the resolver library shipped as part of BIND4; code derived from it has been included in later BIND releases as well as the GNU libc.
SuSE alert: squid
squid is a web proxy cache contained but not installed and activated by default on SuSE products.
Red Hat alert: New Squid packages available
New Squid packages are available which fix various security issues.
SuSE alert: openssh
SuSE Security has issued two warnings and one SuSE Security Announcement on 25th and 26th of June concerning the vulnerabilities found in the openssh package that is contained and installed by default on most SuSE products. For a few days, the nature of the errors were unknown to the public, making it difficult for distributors to provide proper solutions against the problem. Now that details of the errors have been disclosed, we hereby re-release SuSE Security Announcement SuSE-SA:2002:023 (openssh) under a new announcement ID with links to a set of update packages that represent SuSE's permanent fix for the problems found.
Debian alert: buffer overflow / DoS in libapache-mod-ssl
The libapache-mod-ssl package provides SSL capability to the apache
webserver.
Recently, a problem has been found in the handling of .htaccess files,
allowing arbitrary code execution as the web server user (regardless of
ExecCGI / suexec settings), DoS attacks (killing off apache children), and
allowing someone to take control of apache child processes - all trough
specially crafted .htaccess files.
More information about this vulnerability can be found at
Red Hat alert: Updated OpenSSH packages fix various security issues
Updated openssh packages are now available for Red Hat Linux 7, 7.1, 7.2,
and 7.3. These updates fix an input validation error in OpenSSH.
Debian alert: OpenSSH Remote Challenge Vulnerability
This advisory is an update to DSA-134-3: this advisory contains
updated information that is relevant to all Debian installations of
OpenSSH (the ssh package). DSA-134-4 supersedes previous versions of
DSA-134.
Red Hat alert: Updated mailman packages available
Updated mailman packages are now available for Red Hat Secure Web Server
3.2 (U.S.). These updates resolve a cross-site scripting vulnerability
present in versions of Mailman prior to
Red Hat alert: Updated secureweb packages fix chunked encoding issue
The Apache Web server contains a security vulnerability which can be used
to launch a denial of service attack, or in some cases, allow remote code
execution. Red Hat Secure Web server is based on the Apache Web server and
the secureweb package has been updated to fix this denial of service
vulnerability.
Slackware alert: New OpenSSH packages available
"While testing for Oracle vulnerabilities, Mark Litchfield discovered a
denial of service attack for Apache on Windows. Investigation by the
Apache Software Foundation showed that this issue has a wider scope, which
on some platforms results in a denial of service vulnerability, while on
some other platforms presents a potential a remote exploit vulnerability."
SuSE alert: More information on the OpenSSH vulnerability
ISS and the OpenSSH team just released advisories concerning the
OpenSSH vulnerability.
Debian alert: Unknown OpenSSH remote vulnerability
This advisory is an update to DSA-134-2: the changes mainly deal with
packaging issues; if you have already successfully installed an
openssh package from a previous DSA-134 advisory you may disregard
this message.
SuSE alert: OpenSSH
There's a new vulnerabilty in the OpenSSH daemon, of which we were notified yesterday.
Debian alert: Unknown OpenSSH remote vulnerability
This advisory is an update to DSA-134-1: some extra information is
provided on broken or changed functionality in this new release and
packages for Debian GNU/Linux 2.2/potato are now available.
SuSE alert: OpenSSH Vulnerability
There's a new vulnerabiltiy in the OpenSSH daemon. The OpenSSH/OpenBSD
team does not release any details concerning this issue, except:
« Previous ( 1 ... 7345 7346 7347 7348 7349 7350 7351 7352 7353 7354 7355 ... 7384 ) Next »