Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7366 7367 7368 7369 7370 7371 7372 7373 7374 7375 7376 ... 7440 ) Next »
Red Hat alert: Updated pam_smb packages fix remote buffer overflow.
Updated pam_smb packages are now available which fix a security
vulnerability (buffer overflow).
Mandrake alert: Updated sendmail packages fix vulnerability
A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash.
Debian alert: New unzip packages fix directory traversal vulnerability
A directory traversal vulnerability in UnZip 5.50 allows attackers to
bypass a check for relative pathnames ("../") by placing certain invalid
characters between the two "." characters. The fix which was
implemented in DSA-344-1 may not have protected against all methods of
exploiting this vulnerability.
Slackware alert: unzip vulnerability patched (SSA:2003-237-01)
Upgraded infozip packages are available for Slackware 9.0 and -current. These fix a security issue where a specially crafted archive may overwrite files (including system files anywhere on the filesystem) upon extraction by a user with sufficient permissions.
Red Hat alert: Updated iptables packages are available
Updated iptables packages which are fully compatible with recent kernel
updates are now available.
Slackware alert: GDM security update (SSA:2003-236-01)
Upgraded gdm packages are available for Slackware 9.0 and -current.
These fix a security issue where a local user may use GDM to read any
file on the system.
Mandrake alert: Updated gdm packages fix vulnerabilities
Several vulnerabilities were discovered in versions of gdm prior to 2.4.1.6. The first vulnerability is that any user can read any text file on the system due to code originally written to be run as the user logging in was in fact being run as the root user. This code is what allows the examination of the ~/.xsession-errors file. If a user makes a symlink from this file to any other file on the system during the session and ensures that the session lasts less than ten seconds, the user can read the file provided it was readable as a text file.
Red Hat alert: GDM allows local user to read any file.
Updated GDM packages are available which correct a bug allowing local users
to read any text files on the system, and a denial of service issue if
XDMCP is enabled.
Mandrake alert: Updated perl-CGI packages fix cross-site scripting vulnerabilities
Eye on Security found a cross-site scripting vulnerability in the start_form() function in CGI.pm. This vulnerability allows a remote attacker to place a web script in a URL which feeds into a form's action parameter and allows execution by the browser as if it was coming from the site.
Mandrake alert: Updated eroaster packages fix temporary file vulnerability
A vulnerability was discovered in eroaster where it does not take any security precautions when creating a temporary file for the lockfile. This vulnerability could be exploited to overwrite arbitrary files with the privileges of the user running eroaster.
Mandrake alert: Updated unzip packages fix vulnerability
A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence.
Debian alert: New man-db packages fix segmentation fault
A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a
part of the "mandb" command that finds the canonical source file for
each man page. However, this update introduced an error in the routine
that resolves hardlinks: depending on the filenames of hardlinked man
pages, that routine might itself overrun allocated memory, causing a
segmentation fault.
Debian alert: New autorespond packages fix buffer overflow
Christian Jaeger discovered a buffer overflow in autorespond, an email
autoresponder used with qmail. This vulnerability could potentially
be exploited by a remote attacker to gain the privileges of a user who
has configured qmail to forward messages to autorespond. This
vulnerability is currently not believed to be exploitable due to
incidental limits on the length of the problematic input, but there
may be situations in which these limits do not apply.
Debian alert: New netris packages fix buffer overflow
Shaun Colley discovered a buffer overflow vulnerability in netris, a
network version of a popular puzzle game. A netris client connecting
to an untrusted netris server could be sent an unusually long data
packet, which would be copied into a fixed-length buffer without
bounds checking. This vulnerability could be exploited to gain the
priviliges of the user running netris in client mode, if they connect
to a hostile netris server.
Red Hat alert: Updated unzip packages fix trojan vulnerability
Updated unzip packages resolving a vulnerability allowing arbitrary files
to be overwritten are now available.
[Updated 15 August 2003]
Ben Laurie found that the original patch to fix this issue missed a case
where the path component included a quoted slash. These updated packages
contain a new patch that corrects this issue.
Debian alert: New kernel packages fix potential "oops"
This advisory provides a correction to the previous kernel updates,
which contained an error introduced in kernel-source-2.4.18 version
2.4.18-10. This error could result in a kernel "oops" under certain
circumstances involving POSIX locks and multithreaded programs.
Mandrake alert: Updated php packages fix vulnerabilities
A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. It did not properly escape user- supplied input prior to inserting it in the generated web page. This could be exploited by an attacker to execute embedded scripts within the context of the generated HTML (CAN-2003-0442).
SuSE alert: kernel
During the last weeks a couple of security relevant fixes have been accumulated for the kernel. These fix local vulnerabilities and remote DoS conditions. The list of the fixed vulnerabilities is as follows:
Debian alert: New perl packages fix cross-site scripting
A cross-site scripting vulnerability exists in the start_form()
function in CGI.pm. This function outputs user-controlled data into
the action attribute of a form element without sanitizing it, allowing
a remote user to execute arbitrary web script within the context of
the generated page. Any program which uses this function in the
CGI.pm module may be affected.
Red Hat alert: Updated KDE packages fix security issue
This erratum provides updated KDE packages that resolve a security issue in
Konquerer.
« Previous ( 1 ... 7366 7367 7368 7369 7370 7371 7372 7373 7374 7375 7376 ... 7440 ) Next »