Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 7373 ... 7440 ) Next »

Mandrake alert: Updated proftpd packages fix remote root vulnerability

A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell.

Debian alert: New marbles packages fix buffer overflow

  • Mailing list (Posted by dave on Sep 25, 2003 9:05 PM EDT)
  • Story Type: Security; Groups: Debian
Steve Kemp discovered a buffer overflow in marbles, when processing the HOME environment variable. This vulnerability could be exploited by a local user to gain gid 'games'.

Slackware alert: WU-FTPD Security Advisory (SSA:2003-259-03)

Upgraded WU-FTPD packages are available for Slackware 9.0 and - -current. These fix a problem where an attacker could use a specially crafted filename in conjunction with WU-FTPD's conversion feature (mostly used to compress files, or produce tar archives) to execute arbitrary commands on the server.

Slackware alert: ProFTPD Security Advisory (SSA:2003-259-02)

Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and - -current. These fix a security issue where an attacker could gain a root shell by downloading a specially crafted file.

Slackware alert: New OpenSSH packages (SSA:2003-266-01)

Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and -current. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer.

Red Hat alert: Updated Perl packages fix security issues.

  • Mailing list (Posted by dave on Sep 22, 2003 12:53 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Perl packages that fix a security issue in Safe.pm and a cross-site scripting (XSS) vulnerability in CGI.pm are now available.

Red Hat alert: Updated Apache and mod_ssl packages fix security vulnerabilities

  • Mailing list (Posted by dave on Sep 22, 2003 12:39 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Apache and mod_ssl packages that fix several minor security issues are now available for Red Hat Linux 7.1, 7.2, and 7.3.

Debian alert: OpenSSH buffer management fix

  • Mailing list (Posted by dave on Sep 21, 2003 11:05 AM EDT)
  • Story Type: Security; Groups: Debian
This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer found four more bugs in OpenSSH that may be exploitable.

Debian alert: OpenSSH buffer management fix

  • Mailing list (Posted by dave on Sep 21, 2003 11:05 AM EDT)
  • Story Type: Security; Groups: Debian
This advisory is an addition to the earlier DSA-382-1 and DSA-382-3 advisories: Solar Designer found four more bugs in OpenSSH that may be exploitable.

Debian alert: New ipmasq packages fix insecure packet filtering rules

  • Mailing list (Posted by dave on Sep 20, 2003 2:05 PM EDT)
  • Story Type: Security; Groups: Debian
ipmasq is a package which simplifies configuration of Linux IP masquerading, a form of network address translation which allows a number of hosts to share a single public IP address. Due to use of certain improper filtering rules, traffic arriving on the external interface addressed for an internal host would be forwarded, regardless of whether it was associated with an established connection. This vulnerability could be exploited by an attacker capable of forwarding IP traffic with an arbitrary destination address to the external interface of a system with ipmasq installed.

SuSE alert: sendmail, sendmail-tls

  • Mailing list (Posted by dave on Sep 20, 2003 8:09 AM EDT)
  • Story Type: Security; Groups: SUSE
sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SuSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SuSE products up to and including SuSE Linux 8.0 and the SuSE Linux Enterprise Server 7.

Debian alert: New kdebase packages fix multiple vulnerabilites in KDM

  • Mailing list (Posted by dave on Sep 19, 2003 6:35 PM EDT)
  • Story Type: Security; Groups: Debian
Two vulnerabilities were discovered in kdebase:

Mandrake alert: Updated MySQL packages fix buffer overflow vulnerability

A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables.

Mandrake alert: Updated gtkhtml packages fix vulnerability

Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash due to a null pointer dereference in the GtkHTML library, versions prior to 1.1.0.

Debian alert: New gopher packages fix buffer overflows

  • Mailing list (Posted by dave on Sep 18, 2003 6:22 PM EDT)
  • Story Type: Security; Groups: Debian
gopherd, a gopher server from the University of Minnesota, contains a number of buffer overflows which could be exploited by a remote attacker to execute arbitrary code with the privileges of the gopherd process (the "gopher" user by default).

Debian alert: New libmailtools-perl packages fix input validation bug

  • Mailing list (Posted by dave on Sep 18, 2003 4:30 PM EDT)
  • Story Type: Security; Groups: Debian
The SuSE security team discovered during an audit that the Mail::Mailer module, a Perl module used for sending email, whereby potentially untrusted input is passed to a program such as mailx, which may interpret certain escape sequences as commands to be executed.

Debian alert: New hztty packages fix buffer overflows

  • Mailing list (Posted by dave on Sep 18, 2003 3:50 PM EDT)
  • Story Type: Security; Groups: Debian
Jens Steube reported a pair of buffer overflow vulnerabilities in hztty, a program to translate Chinese character encodings in a terminal session. These vulnerabilities could be exploited by a local attacker to gain root privileges on a system where hztty is installed.

SuSE alert: openssh (second release)

  • Mailing list (Posted by dave on Sep 18, 2003 10:18 AM EDT)
  • Story Type: Security; Groups: SUSE
The openssh package is the most widely used implementation of the secure shell protocol family (ssh). It provides a set of network connectivity tools for remote (shell) login, designed to substitute the traditional BSD-style r-protocols (rsh, rlogin). openssh has various authentification mechanisms and many other features such as TCP connection and X11 display forwarding over the fully encrypted network connection as well as file transfer facilities.

Mandrake alert: Updated sendmail packages fix buffer overflow vulnerability

A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694).

Debian alert: New sendmail packages fix buffer overflows

  • Mailing list (Posted by dave on Sep 17, 2003 6:19 PM EDT)
  • Story Type: Security; Groups: Debian
Two vulnerabilities were reported in sendmail.

« Previous ( 1 ... 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 7373 ... 7440 ) Next »