Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 ... 7440 ) Next »

Mandrake alert: Updated gdm packages fix local vulnerabilities

Two vulnerabilities were discovered in gdm by Jarno Gassenbauer that would allow a local attacker to cause gdm to crash or freeze.

Debian alert: New tomcat4 packages fix denial of service

  • Mailing list (Posted by dave on Oct 15, 2003 1:02 AM EDT)
  • Story Type: Security; Groups: Debian
Aldrin Martoq has discovered a denial of service (DoS) vulnerability in Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP connector makes Tomcat reject further requests on this port until it is restarted.

Mozilla Links Newsletter - 4 - October 14, 2003

Mozilla Links is now being translated into Italian, German and Dutch, making Mozilla Links available in five different languages.

Debian alert: New openssl095 packages fix denial of service

  • Mailing list (Posted by dave on Oct 11, 2003 5:54 AM EDT)
  • Story Type: Security; Groups: Debian
Steve Henson of the OpenSSL core team identified and prepared fixes for a number of vulnerabilities in the OpenSSL ASN1 code that were discovered after running a test suite by British National Infrastructure Security Coordination Centre (NISCC).

Mandrake alert: Updated sane packages fix remote vulnerabilities

Several vulnerabilities were discovered in the saned daemon, a part of the sane package, which allows for a scanner to be used remotely. The IP address of the remote host is only checked after the first communication occurs, which causes the saned.conf restrictions to be ignored for the first connection. As well, a connection that is dropped early can cause Denial of Service issues due to a number of differing factors. Finally, a lack of error checking can cause various other unfavourable actions.

Red Hat alert: Updated MySQL packages fix vulnerability

  • Mailing list (Posted by dave on Oct 9, 2003 12:59 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated MySQL server packages fix a buffer overflow vulnerability.

Red Hat alert: Updated SANE packages fix remote vulnerabilities

  • Mailing list (Posted by dave on Oct 7, 2003 11:11 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated SANE packages that resolve a number of vulnerabilities with the saned daemon are now available.

Red Hat alert: Updated Perl packages fix security issues.

  • Mailing list (Posted by dave on Oct 3, 2003 6:33 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Perl packages that fix a security issue in Safe.pm and a cross-site scripting (XSS) vulnerability in CGI.pm are now available. [Updated 3 Oct 2003] Added updated mod_perl packages for Red Hat Linux 7.1, which are required due to the move to Perl version 5.6.1 on this platform.

SuSE alert: openssl

  • Mailing list (Posted by dave on Oct 1, 2003 9:15 AM EDT)
  • Story Type: Security; Groups: SUSE
OpenSSL is an implementation of the Secure Socket Layer (SSL v2/3) and Transport Layer Security (TLS v1) protocol. While checking the openssl implementation with a tool-kit from NISCC several errors were revealed most are ASN.1 encoding issues that causes a remote denial-of-service attack on the server side and possibly lead to remote command execution.

SuSE alert: mysql

  • Mailing list (Posted by dave on Oct 1, 2003 3:45 AM EDT)
  • Story Type: Security; Groups: SUSE
A remotely exploitable buffer overflow within the authentication code of MySQL has been reported. This allows remote attackers who have access to the 'User' table to execute arbitrary commands as mysql user. The list of affected packages is as follows: mysql, mysql-client, mysql-shared, mysql-bench, mysql-devel, mysql-Max. In this advisory the MD5 sums for the mysql, mysql-shared and mysql-devel packages are listed.

Debian alert: New OpenSSL packages correct denial of service issues

  • Mailing list (Posted by dave on Oct 1, 2003 2:43 AM EDT)
  • Story Type: Security; Groups: Debian
Dr. Stephen Henson (steve@openssl.org), using a test suite provided by NISCC (www.niscc.gov.uk), discovered a number of errors in the OpenSSL ASN1 code. Combined with an error that causes the OpenSSL code to parse client certificates even when it should not, these errors can cause a denial of service (DoS) condition on a system using the OpenSSL code, depending on how that code is used. For example, even though apache-ssl and ssh link to OpenSSL libraries, they should not be affected by this vulnerability. However, other SSL-enabled applications may be vulnerable and an OpenSSL upgrade is recommended.

SuSE alert: lsh

  • Mailing list (Posted by dave on Oct 1, 2003 1:38 AM EDT)
  • Story Type: Security; Groups: SUSE
LSH is the GNU implementation of SSH and can be seen as an alternative to OpenSSH. Recently various remotely exploitable buffer overflows have been reported in LSH. These allow attackers to execute arbitrary code as root on un-patched systems. LSH is not installed by default on SuSE Linux. An update is therefore only recommended if you run LSH. Maintained SuSE products are not affected by this bug as LSH is not packaged on maintained products such as the Enterprise Server.

Slackware alert: OpenSSL security update (SSA:2003-273-01)



Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix problems with ASN.1 parsing which could lead to a denial of service. It is not known whether the problems could lead to the running of malicious code on the server, but it has not been ruled out.

Mandrake alert: Updated openssl packages fix vulnerabilities

Two bugs were discovered in OpenSSL 0.9.6 and 0.9.7 by NISCC. The parsing of unusual ASN.1 tag values can cause OpenSSL to crash, which could be triggered by a remote attacker by sending a carefully-crafted SSL client certificate to an application. Depending upon the application targetted, the effects seen will vary; in some cases a DoS (Denial of Service) could be performed, in others nothing noticeable or adverse may happen. These two vulnerabilities have been assigned CAN-2003-0543 and CAN-2003-0544.

Mandrake alert: Updated mplayer packages fix buffer overflow vulnerability

A buffer overflow vulnerability was found in MPlayer that is remotely exploitable. A malicious host can craft a harmful ASX header and trick MPlayer into executing arbitrary code when it parses that particular header.

Red Hat alert: Updated OpenSSL packages fix vulnerabilities

  • Mailing list (Posted by dave on Sep 30, 2003 4:17 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated OpenSSL packages that fix ASN.1 parsing vulnerabilities are now available for Red Hat Linux versions 7.1, 7.2, 7.3, and 8.0.

Red Hat alert: Updated OpenSSL packages fix vulnerabilities

  • Mailing list (Posted by dave on Sep 30, 2003 4:10 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated OpenSSL packages that fix ASN.1 parsing vulnerabilities are now available for Red Hat Linux 9.

Debian alert: New webfs packages fix buffer overflows, file and directory exposure

  • Mailing list (Posted by dave on Sep 29, 2003 7:55 AM EDT)
  • Story Type: Security; Groups: Debian
Jens Steube reported two vulnerabilities in webfs, a lightweight HTTP server for static content.

Debian alert: New freesweep packages fix buffer overflow

  • Mailing list (Posted by dave on Sep 28, 2003 6:15 AM EDT)
  • Story Type: Security; Groups: Debian
Steve Kemp discovered a buffer overflow in freesweep, when processing several environment variables. This vulnerability could be exploited by a local user to gain gid 'games'.

Mandrake alert: Updated apache2 packages fix CGI scripting deadlock

A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in mod_cgi.

« Previous ( 1 ... 7362 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 ... 7440 ) Next »