Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 7373 ... 7440 ) Next »
Mandrake alert: Updated proftpd packages fix remote root vulnerability
A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell.
Debian alert: New marbles packages fix buffer overflow
Steve Kemp discovered a buffer overflow in marbles, when processing
the HOME environment variable. This vulnerability could be exploited
by a local user to gain gid 'games'.
Slackware alert: WU-FTPD Security Advisory (SSA:2003-259-03)
Upgraded WU-FTPD packages are available for Slackware 9.0 and
- -current. These fix a problem where an attacker could use a
specially crafted filename in conjunction with WU-FTPD's
conversion feature (mostly used to compress files, or produce tar
archives) to execute arbitrary commands on the server.
Slackware alert: ProFTPD Security Advisory (SSA:2003-259-02)
Upgraded ProFTPD packages are available for Slackware 8.1, 9.0 and
- -current. These fix a security issue where an attacker could gain
a root shell by downloading a specially crafted file.
Slackware alert: New OpenSSH packages (SSA:2003-266-01)
Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1,
9.0 and -current. This fixes security problems with PAM
authentication. It also includes several code cleanups from Solar
Designer.
Red Hat alert: Updated Perl packages fix security issues.
Updated Perl packages that fix a security issue in Safe.pm and a cross-site
scripting (XSS) vulnerability in CGI.pm are now available.
Red Hat alert: Updated Apache and mod_ssl packages fix security vulnerabilities
Updated Apache and mod_ssl packages that fix several minor security issues
are now available for Red Hat Linux 7.1, 7.2, and 7.3.
Debian alert: OpenSSH buffer management fix
This advisory is an addition to the earlier DSA-383-1 advisory: Solar
Designer found four more bugs in OpenSSH that may be exploitable.
Debian alert: OpenSSH buffer management fix
This advisory is an addition to the earlier DSA-382-1 and DSA-382-3
advisories: Solar Designer found four more bugs in OpenSSH that may be
exploitable.
Debian alert: New ipmasq packages fix insecure packet filtering rules
ipmasq is a package which simplifies configuration of Linux IP
masquerading, a form of network address translation which allows a
number of hosts to share a single public IP address. Due to use of
certain improper filtering rules, traffic arriving on the external
interface addressed for an internal host would be forwarded,
regardless of whether it was associated with an established
connection. This vulnerability could be exploited by an attacker
capable of forwarding IP traffic with an arbitrary destination address
to the external interface of a system with ipmasq installed.
SuSE alert: sendmail, sendmail-tls
sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SuSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SuSE products up to and including SuSE Linux 8.0 and the SuSE Linux Enterprise Server 7.
Debian alert: New kdebase packages fix multiple vulnerabilites in KDM
Two vulnerabilities were discovered in kdebase:
Mandrake alert: Updated MySQL packages fix buffer overflow vulnerability
A buffer overflow was discovered in MySQL that could be executed by any user with "ALTER TABLE" privileges on the "mysql" database. If successfully exploited, the attacker could execute arbitrary code with the privileges of the user running the mysqld process (mysqld). The "mysql" database is used by MySQL for internal record keeping and by default only the "root" user, or MySQL administrative account, has permission to alter its tables.
Mandrake alert: Updated gtkhtml packages fix vulnerability
Alan Cox discovered that certain malformed messages could cause the Evolution mail component to crash due to a null pointer dereference in the GtkHTML library, versions prior to 1.1.0.
Debian alert: New gopher packages fix buffer overflows
gopherd, a gopher server from the University of Minnesota, contains a
number of buffer overflows which could be exploited by a remote
attacker to execute arbitrary code with the privileges of the gopherd
process (the "gopher" user by default).
Debian alert: New libmailtools-perl packages fix input validation bug
The SuSE security team discovered during an audit that the
Mail::Mailer module, a Perl module used for sending email, whereby
potentially untrusted input is passed to a program such as mailx,
which may interpret certain escape sequences as commands to be
executed.
Debian alert: New hztty packages fix buffer overflows
Jens Steube reported a pair of buffer overflow vulnerabilities in
hztty, a program to translate Chinese character encodings in a
terminal session. These vulnerabilities could be exploited by a local
attacker to gain root privileges on a system where hztty is installed.
SuSE alert: openssh (second release)
The openssh package is the most widely used implementation of the secure shell protocol family (ssh). It provides a set of network connectivity tools for remote (shell) login, designed to substitute the traditional BSD-style r-protocols (rsh, rlogin). openssh has various authentification mechanisms and many other features such as TCP connection and X11 display forwarding over the fully encrypted network connection as well as file transfer facilities.
Mandrake alert: Updated sendmail packages fix buffer overflow vulnerability
A buffer overflow vulnerability was discovered in the address parsing code in all versions of sendmail prior to 8.12.10 by Michal Zalewski, with a patch to fix the problem provided by Todd C. Miller. This vulnerability seems to be remotely exploitable on Linux systems running on the x86 platform; the sendmail team is unsure of other platforms (CAN-2003-0694).
Debian alert: New sendmail packages fix buffer overflows
Two vulnerabilities were reported in sendmail.
« Previous ( 1 ... 7363 7364 7365 7366 7367 7368 7369 7370 7371 7372 7373 ... 7440 ) Next »