Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7365 7366 7367 7368 7369 7370 7371 7372 7373 7374 7375 ... 7440 ) Next »
Red Hat alert: Updated pine packages fix vulnerabilities
Updated Pine packages that resolve remotely exploitable security issues are
now available.
Slackware alert: security issues in pine (SSA:2003-253-01)
Upgraded pine packages are available for Slackware 8.1, 9.0 and
- -current. These fix two security problems found by iDEFENSE Labs
which could lead to arbitrary code execution when a specially
crafted email is processed by Pine.
Interview with YellowTAB's Bernd Korz
Tonight we had a quick chat with YellowTAB's Bernd Korz over the Zeta OS. The German engineer, manager and spokesperson of YellowTAB is speaking of the release date, the changing goals of Zeta and more. Read more for the interesting transcript.
Red Hat alert: Updated gtkhtml packages fix vulnerability
Updated gtkhtml packages that fix a null pointer dereference are now available.
Slackware alert: inetd DoS patched (SSA:2003-251-01)
Upgraded inetd packages are available for Slackware 8.1, 9.0 and - -current. These fix a previously hard-coded limit of 256 connections-per-minute, after which the given service is disabled for ten minutes. An attacker could use a quick burst of connections every ten minutes to effectively disable a service.
Debian alert: New mah-jong packages fix buffer overflows, denial of service
Nicolas Boullis discovered two vulnerabilities in mah-jong, a
network-enabled game.
Debian alert: New exim packages fix incorrect permissions on documentation
A buffer overflow exists in exim, which is the standard mail transport
agent in Debian. By supplying a specially crafted HELO or EHLO
command, an attacker could cause a constant string to be written past
the end of a buffer allocated on the heap. This vulnerability is not
believed at this time to be exploitable to execute arbitrary code.
Debian alert: New wu-ftpd packages fix insecure program execution
wu-ftpd, an FTP server, implements a feature whereby multiple files
can be fetched in the form of a dynamically constructed archive file,
such as a tar archive. The names of the files to be included are
passed as command line arguments to tar, without protection against
them being interpreted as command-line options. GNU tar supports
several command line options which can be abused, by means of this
vulnerability, to execute arbitrary programs with the privileges of
the wu-ftpd process.
Debian alert: New exim, exim-tls packages fix buffer overflow
A buffer overflow exists in exim, which is the standard mail transport
agent in Debian. By supplying a specially crafted HELO or EHLO
command, an attacker could cause a constant string to be written past
the end of a buffer allocated on the heap. This vulnerability is not
believed at this time to be exploitable to execute arbitrary code.
Red Hat alert: Updated httpd packages fix Apache security vulnerabilities
Updated httpd packages that fix several minor security issues are now
available for Red Hat Linux 8.0 and 9.
SuSE alert: pam_smb
The PAM module (and server) pam_smb allows users of Linux systems to be authenticated by querying an NT server. Dave Airlie <airlied@samba.org> informed us about a bug in the authentication code of pam_smb that allows a remote attacker to gain access to a system using pam_smb by issuing a too long password string.
Mandrake alert: Updated pam_ldap packages fix vulnerability with pam filtering
A bug was fixed in pam_ldap 162 with the pam_filter mechanism which is commonly used for host-based access restriction in environments using LDAP for authentication. Mandrake Linux 9.1 provided pam_ldap 161 which had this problem and as a result, systems relying on pam_filter for host-based access restriction would allow any user, regardless of the host attribute associated with their account, to log into the system. All users who use LDAP-based authentication are encouraged to upgrade immediately.
Mozilla Links Newsletter - 1 - September 2, 2003
You will find simple, brief, valuable and centralized information about everything Mozilla: the main project, independent projects running here and there to extend Mozilla products' capabilities, tips for people starting with these products and not so starters and a chance for everybody to let his/her voice be counted on our monthly polls.
Red Hat alert: New up2date available with updated SSL certificate authority file
New versions of the up2date and rhn_register clients are available and
are required for continued access to Red Hat Network.
Debian alert: New node packages fix remote root vulnerability
Morgan alias SM6TKY discovered and fixed several security related
problems in LinuxNode, an Amateur Packet Radio Node program. The
buffer overflow he discovered can be used to gain unauthorised root
access and can be remotely triggered.
Mandrake alert: Updated gkrellm packages fix remote arbitrary code executeion vulnerability
A buffer overflow was discovered in gkrellmd, the server component of the gkrellm monitor package, in versions of gkrellm 2.1.x prior to 2.1.14. This buffer overflow occurs while reading data from connected gkrellm clients and can lead to possible arbitrary code execution as the user running the gkrellmd server.
Mandrake alert: Updated apache2 packages fix multiple vulnerabilities
Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes:
Red Hat alert: Updated Sendmail packages fix vulnerability.
Updated Sendmail packages are available to fix a vulnerability in the
handling of DNS maps.
SuSE alert: sendmail
The well known and widely used MTA sendmail is vulnerable to a remote denial-of-service attack in version 8.12.8 and earlier (but not before 8.12). The bug exists in the DNS map code. This feature is enabled by specifying FEATURE(`enhdnsbl'). When sendmail receives an invalid DNS response it tries to call free(3) on random data which results in a process crash.
Debian alert: New libpam-smb packages fix buffer overflow
libpam-smb is a PAM authentication module which makes it possible to
authenticate users against a password database managed by Samba or a
Microsoft Windows server. If a long password is supplied, this can
cause a buffer overflow which could be exploited to execute arbitrary
code with the privileges of the process which invokes PAM services.
« Previous ( 1 ... 7365 7366 7367 7368 7369 7370 7371 7372 7373 7374 7375 ... 7440 ) Next »