Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 ... 7440 ) Next »
Mandrake alert: Updated gdm packages fix local vulnerabilities
Two vulnerabilities were discovered in gdm by Jarno Gassenbauer that would allow a local attacker to cause gdm to crash or freeze.
Debian alert: New tomcat4 packages fix denial of service
Aldrin Martoq has discovered a denial of service (DoS) vulnerability in
Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP
connector makes Tomcat reject further requests on this port until it is
restarted.
Mozilla Links Newsletter - 4 - October 14, 2003
Mozilla Links is now being translated into Italian, German and Dutch,
making Mozilla Links available in five different languages.
Debian alert: New openssl095 packages fix denial of service
Steve Henson of the OpenSSL core team identified and prepared fixes
for a number of vulnerabilities in the OpenSSL ASN1 code that were
discovered after running a test suite by British National
Infrastructure Security Coordination Centre (NISCC).
Mandrake alert: Updated sane packages fix remote vulnerabilities
Several vulnerabilities were discovered in the saned daemon, a part of the sane package, which allows for a scanner to be used remotely. The IP address of the remote host is only checked after the first communication occurs, which causes the saned.conf restrictions to be ignored for the first connection. As well, a connection that is dropped early can cause Denial of Service issues due to a number of differing factors. Finally, a lack of error checking can cause various other unfavourable actions.
Red Hat alert: Updated MySQL packages fix vulnerability
Updated MySQL server packages fix a buffer overflow vulnerability.
Red Hat alert: Updated SANE packages fix remote vulnerabilities
Updated SANE packages that resolve a number of vulnerabilities with the
saned daemon are now available.
Red Hat alert: Updated Perl packages fix security issues.
Updated Perl packages that fix a security issue in Safe.pm and a cross-site
scripting (XSS) vulnerability in CGI.pm are now available.
[Updated 3 Oct 2003]
Added updated mod_perl packages for Red Hat Linux 7.1, which are required
due to the move to Perl version 5.6.1 on this platform.
SuSE alert: openssl
OpenSSL is an implementation of the Secure Socket Layer (SSL v2/3) and Transport Layer Security (TLS v1) protocol. While checking the openssl implementation with a tool-kit from NISCC several errors were revealed most are ASN.1 encoding issues that causes a remote denial-of-service attack on the server side and possibly lead to remote command execution.
SuSE alert: mysql
A remotely exploitable buffer overflow within the authentication code of MySQL has been reported. This allows remote attackers who have access to the 'User' table to execute arbitrary commands as mysql user. The list of affected packages is as follows: mysql, mysql-client, mysql-shared, mysql-bench, mysql-devel, mysql-Max. In this advisory the MD5 sums for the mysql, mysql-shared and mysql-devel packages are listed.
Debian alert: New OpenSSL packages correct denial of service issues
Dr. Stephen Henson (steve@openssl.org), using a test suite provided by
NISCC (www.niscc.gov.uk), discovered a number of errors in the OpenSSL
ASN1 code. Combined with an error that causes the OpenSSL code to parse
client certificates even when it should not, these errors can cause a
denial of service (DoS) condition on a system using the OpenSSL code,
depending on how that code is used. For example, even though apache-ssl
and ssh link to OpenSSL libraries, they should not be affected by this
vulnerability. However, other SSL-enabled applications may be
vulnerable and an OpenSSL upgrade is recommended.
SuSE alert: lsh
LSH is the GNU implementation of SSH and can be seen as an alternative to OpenSSH. Recently various remotely exploitable buffer overflows have been reported in LSH. These allow attackers to execute arbitrary code as root on un-patched systems. LSH is not installed by default on SuSE Linux. An update is therefore only recommended if you run LSH. Maintained SuSE products are not affected by this bug as LSH is not packaged on maintained products such as the Enterprise Server.
Slackware alert: OpenSSL security update (SSA:2003-273-01)
Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix problems with ASN.1 parsing which could lead to a denial of service. It is not known whether the problems could lead to the running of malicious code on the server, but it has not been ruled out.
Mandrake alert: Updated openssl packages fix vulnerabilities
Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CAN-2003-0543 and CAN-2003-0544.
Mandrake alert: Updated mplayer packages fix buffer overflow vulnerability
A buffer overflow vulnerability was found in MPlayer that is remotely exploitable. A malicious host can craft a harmful ASX header and trick MPlayer into executing arbitrary code when it parses that particular header.
Red Hat alert: Updated OpenSSL packages fix vulnerabilities
Updated OpenSSL packages that fix ASN.1 parsing vulnerabilities are now
available for Red Hat Linux versions 7.1, 7.2, 7.3, and 8.0.
Red Hat alert: Updated OpenSSL packages fix vulnerabilities
Updated OpenSSL packages that fix ASN.1 parsing vulnerabilities are now
available for Red Hat Linux 9.
Debian alert: New webfs packages fix buffer overflows, file and directory exposure
Jens Steube reported two vulnerabilities in webfs, a lightweight HTTP
server for static content.
Debian alert: New freesweep packages fix buffer overflow
Steve Kemp discovered a buffer overflow in freesweep, when processing
several environment variables. This vulnerability could be exploited
by a local user to gain gid 'games'.
Mandrake alert: Updated apache2 packages fix CGI scripting deadlock
A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in mod_cgi.
« Previous ( 1 ... 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 ... 7440 ) Next »