Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7364 7365 7366 7367 7368 7369 7370 7371 7372 7373 7374 ... 7384 ) Next »
Red Hat alert: Updated mount package available
Updated mount packages fixing a potential security problem are available.
Red Hat alert: Updated kdelibs packages fixing security problem and memory leaks available
Updated kdelibs packages fixing a security problem, some memory leaks and
some minor bugs are available.
Debian alert: nedit symlink attack
The nedit (Nirvana editor) package as shipped in the non-free section
accompanying Debian GNU/Linux 2.2/potato had a bug in its printing code:
when printing text it would create a temporary file with the to be
printed text and pass that on to the print system. The temporary file
was not created safely, which could be exploited by an attacked to make
nedit overwrite arbitrary files.
Debian alert: New versions of Zope fix vulnerabilities
This is an addition to DSA 043-1 which fixes several vulnerabilities
in Zope. Something went wrong so it has to be corrected. The
previous security release 2.1.6-7 has two severe problems:
Red Hat alert: gftp format string vulnerability corrected
An updated gftp package is available for Red Hat Linux 6.2 and 7.1. This
package contains an upgrade to gftp version
Debian alert: New sendfile packages fix root exploit
Daniel Kobras has discovered and fixed a problem in sendfiled which
caused the daemon not to drop privileges as expected when sendnig
notification mails. Exploiting this a local user can easily make it
execute arbitrary code under root privileges.
Debian alert: New Netscape packages available
Florian Wesch has discovered a problem (reported to bugtraq) with the
way how Netscape handles comments in GIF files. The Netscape browser
does not escape the GIF file comment in the image information page.
This allows javascript execution in the "about:" protocol and can for
example be used to upload the History (about:global) to a webserver,
thus leaking private information. This problem has been fixed
upstream in Netscape 4.77. Since we haven't received sourcecode for
these packages they are not part of the Debian GNU/Linux distribution
but are packaged up as `.deb' files for a convenient installation.
Red Hat alert: Updated mgetty packages available
Updated mgetty packages are now available for Red Hat Linux 6.2 and 7.x.
These packages fix packaging errors present in previous versions.
SuSE alert: hylafax
The HylaFax program hfaxd(8c) implements the server part of the HylaFax package. It is started either by inetd(8) or runs in standalone mode. hfaxd(8c) offers three different protocols to process fax jobs. When hfaxd(8c) tries to change to it's queue directory and fails, it prints an error message via syslog by directly passing user supplied data as format string. As long as hfaxd(8c) is installed setuid root, this behavior could be exploited to gain root access locally.
Debian alert: New version sendfile fix local root exploit
Colin Phipps and Daniel Kobras discovered and fixed several serious
bugs in the saft daemon `sendfiled' which caused it to drop privileges
incorrectly. Exploiting this a local user can easily make it execute
arbitrary code under root privileges.
Red Hat alert: FTP iptables vulnerability in 2.4 kernel
A security hole has been found that does not affect the default
configuration of Red Hat Linux, but can affect some custom
configurations of Red Hat Linux 7.1 only. The bug is specific
to the Linux
SuSE alert: nedit
The Nirvana Editor, NEdit, is a GUI-style text editor based on popular Macintosh and MS Windows editors. When printing a whole text or selected parts of a text, nedit(1) creates a temporary file in an insecure manner. This behavior could be exploited to gain access to other users privileges, even root.
SuSE alert: sudo
The setuid application sudo(8) allows a user to execute commands under the privileges of another user (including root). sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow in it's logging code, which could lead to local root compromise.
Debian alert: exuberant-ctags for sparc was incorrectly built
The updated exuberant-ctags that was mentioned in DSA-046-1 was
unfortunately compiled incorrectly: the stable chroot we used
turned out to be running unstable instead.
Debian alert: samba for sparc was incorrectly built
The updated samba packages that were mentioned in DSA-048-1 were
unfortunately compiled incorrectly: the stable chroot we used
turned out to be running unstable instead.
Debian alert: remote cfingerd exploit
Megyer Laszlo report on Bugtraq that the cfingerd Debian as distributed
with Debian GNU/Linux 2.2 was not careful in its logging code. By
combining this with an off-by-one error in the code that copied the
username from an ident response cfingerd could exploited by a remote
user. Since cfingerd does not drop its root privileges until after
it has determined which user to finger an attacker can gain
root privileges.
Debian alert: samba symlink attacks
Marcus Meissner discovered that samba was not creating temporary
files safely in two places:
Announcing availability of Red Hat Linux 7.1 (Seawolf)
2001-- Red Hat, Inc. (Nasdaq:RHAT - news), the leader in
developing, deploying and managing open source solutions, announced
today the availability of Red Hat Linux 7.1, the latest version of the
world's most popular open source server operating environment. Red Hat
Linux 7.1 includes the new 2.4 kernel with improved SMP support for
superior performance on Intel multi-processor platforms. Red Hat Linux
7.1 also delivers new configuration tools that enable users to
effortlessly set up and administer DNS, Web and print servers. This
release features Red Hat Network connectivity, including software
manager.
Red Hat alert: Linux kernel 2.2.19 now available, provides security fixes, enhancements
A local denial of service attack and root compromise of the kernel have
been corrected, drivers have been updated, and NFS version 3 has been
integrated.
Red Hat alert: New netscape packages available (Red Hat Linux 7.1 added)
New netscape packages are availabe to fix a problem with the handling of
JavaScript in certain situations. By exploiting this flaw, a remote site
could gain access to the browser history, and possibly other data.
It is recommended that all users upgrade to the fixed packages.
2001-04-16: netscape-4.77-1 packages are now available for Red Hat Linux
7.1 for Intel.
« Previous ( 1 ... 7364 7365 7366 7367 7368 7369 7370 7371 7372 7373 7374 ... 7384 ) Next »