Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7361 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 ... 7440 ) Next »

Mandrake alert: Updated hylafax packages fix remote root vulnerability

During a code review of the hfaxd server, part of the hylafax package, the SuSE Security Team discovered a format bug condition that allows remote attackers to execute arbitrary code as the root user. Updated packages have been patched to correct the problem.

Red Hat alert: Updated Ethereal packages fix security issues

  • Mailing list (Posted by dave on Nov 10, 2003 8:55 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Ethereal packages that fix a number of exploitable security issues are now available.

SuSE alert: hylafax

  • Mailing list (Posted by dave on Nov 10, 2003 5:44 AM EDT)
  • Story Type: Security; Groups: SUSE
Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by a protocol similar to http://FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remote attackers to execute arbitrary code as root. However, the bug can not be triggered in hylafax' default configuration.

Debian alert: New epic4 packages fix denial of service

  • Mailing list (Posted by dave on Nov 10, 2003 5:10 AM EDT)
  • Story Type: Security; Groups: Debian
Jeremy Nelson discovered a remotely exploitable buffer overflow in EPIC4, a popular client for Internet Relay Chat (IRC). A malicious server could craft a reply which triggers the client to allocate a negative amount of memory. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.

Debian alert: New conquest packages fix local conquest exploit

  • Mailing list (Posted by dave on Nov 10, 2003 12:27 AM EDT)
  • Story Type: Security; Groups: Debian
Steve Kemp discovered a buffer overflow in the environment variable handling of conquest, a curses based, real-time, multi-player space warfare game, which could lead a local attacker to gain unauthorised access to the group conquest.

Debian alert: New PostgreSQL packages fix buffer overflow

  • Mailing list (Posted by dave on Nov 6, 2003 10:52 PM EDT)
  • Story Type: Security; Groups: Debian
Tom Lane discovered a buffer overflow in the to_ascii function in PostgreSQL. This allows remote attackers to execute arbitrary code on the host running the database.

Announcing Fedora Core 1

The Fedora Project is a Red Hat-sponsored and community-supported open source project that promotes rapid development of innovative open source software through a collaborative, community effort.

Mandrake alert: Updated CUPS packages fix denial of service vulnerability

A bug in versions of CUPS prior to 1.1.19 was reported by Paul Mitcheson in the Internet Printing Protocol (IPP) implementation would result in CUPS going into a busy loop, which could result in a Denial of Service (DoS) condition. To be able to exploit this problem, an attacker would need to be able to make a TCP connection to the IPP port (port 631 by default).

Slackware alert: apache security update (SSA:2003-308-01)

Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix local vulnerabilities that could allow users who can create or edit Apache config files to gain additional privileges. Sites running Apache should upgrade to the new packages.

Mandrake alert: Updated apache packages fix vulnerabilities

A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems.

Mandrake alert: Updated postgresql packages fix buffer overflow vulnerability

Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitrary instructions on the PostgreSQL server.

Red Hat alert: Updated CUPS packages fix denial of service

  • Mailing list (Posted by dave on Nov 3, 2003 6:30 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated CUPS packages that fix a problem where CUPS can hang are now available.

Red Hat alert: Updated fileutils/coreutils package fix ls vulnerabilities

  • Mailing list (Posted by dave on Nov 3, 2003 6:28 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated fileutils and coreutils packages that close a potential denial of service vulnerability are now available.

Red Hat alert: Updated CUPS packages fix denial of service

  • Mailing list (Posted by dave on Nov 3, 2003 12:26 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated CUPS packages that fix a problem where CUPS can hang are now available.

SuSE alert: thttpd

  • Mailing list (Posted by dave on Oct 31, 2003 3:36 AM EDT)
  • Story Type: Security; Groups: SUSE
Two vulnerabilities were found in the "tiny" web-server thttpd. The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. Due to memory-alignment of the stack done by gcc 3.x this bug can not be exploited. All thttpd versions mentioned in this advisory are compiled with gcc 3.x and are therefore not exploitable. The other bug occurs in the virtual-hosting code of thttpd. A remote attacker can bypass the virtual-hosting mechanism to read arbitrary files.

Debian alert: New thttpd packages fix information leak, DoS and arbitrary code execution

  • Mailing list (Posted by dave on Oct 28, 2003 11:00 PM EDT)
  • Story Type: Security; Groups: Debian
Several vulnerabilities have been discovered in thttpd, a tiny HTTP server.

Mozilla Links Newsletter - 5 - October 28, 2003

Past couple of weeks have been pretty interesting.

Slackware alert: fetchmail security update (SSA:2003-300-02)

Upgraded fetchmail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix a vulnerability where a specially crafted email could crash fetchmail, preventing the user from downloading or forwarding their email.

Slackware alert: gdm security update (SSA:2003-300-01)

GDM is the GNOME Display Manager, and is commonly used to provide a graphical login for local users.

Mandrake alert: Updated apache2 packages fix CGI scripting deadlock

A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in mod_cgi.

« Previous ( 1 ... 7361 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 ... 7440 ) Next »