Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7366 7367 7368 7369 7370 7371 7372 7373 7374 7375 7376 ... 7440 ) Next »

Red Hat alert: Updated pam_smb packages fix remote buffer overflow.

  • Mailing list (Posted by dave on Aug 26, 2003 4:25 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated pam_smb packages are now available which fix a security vulnerability (buffer overflow).

Mandrake alert: Updated sendmail packages fix vulnerability

A vulnerability was discovered in all 8.12.x versions of sendmail up to and including 8.12.8. Due to wrong initialization of RESOURCE_RECORD_T structures, if sendmail receives a bad DNS reply it will call free() on random addresses which usually causes sendmail to crash.

Debian alert: New unzip packages fix directory traversal vulnerability

  • Mailing list (Posted by dave on Aug 25, 2003 8:53 PM EDT)
  • Story Type: Security; Groups: Debian
A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters. The fix which was implemented in DSA-344-1 may not have protected against all methods of exploiting this vulnerability.

Slackware alert: unzip vulnerability patched (SSA:2003-237-01)



Upgraded infozip packages are available for Slackware 9.0 and -current. These fix a security issue where a specially crafted archive may overwrite files (including system files anywhere on the filesystem) upon extraction by a user with sufficient permissions.

Red Hat alert: Updated iptables packages are available

  • Mailing list (Posted by dave on Aug 25, 2003 5:07 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated iptables packages which are fully compatible with recent kernel updates are now available.

Slackware alert: GDM security update (SSA:2003-236-01)

Upgraded gdm packages are available for Slackware 9.0 and -current. These fix a security issue where a local user may use GDM to read any file on the system.

Mandrake alert: Updated gdm packages fix vulnerabilities

Several vulnerabilities were discovered in versions of gdm prior to 2.4.1.6. The first vulnerability is that any user can read any text file on the system due to code originally written to be run as the user logging in was in fact being run as the root user. This code is what allows the examination of the ~/.xsession-errors file. If a user makes a symlink from this file to any other file on the system during the session and ensures that the session lasts less than ten seconds, the user can read the file provided it was readable as a text file.

Red Hat alert: GDM allows local user to read any file.

  • Mailing list (Posted by dave on Aug 21, 2003 11:18 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated GDM packages are available which correct a bug allowing local users to read any text files on the system, and a denial of service issue if XDMCP is enabled.

Mandrake alert: Updated perl-CGI packages fix cross-site scripting vulnerabilities

Eye on Security found a cross-site scripting vulnerability in the start_form() function in CGI.pm. This vulnerability allows a remote attacker to place a web script in a URL which feeds into a form's action parameter and allows execution by the browser as if it was coming from the site.

Mandrake alert: Updated eroaster packages fix temporary file vulnerability

A vulnerability was discovered in eroaster where it does not take any security precautions when creating a temporary file for the lockfile. This vulnerability could be exploited to overwrite arbitrary files with the privileges of the user running eroaster.

Mandrake alert: Updated unzip packages fix vulnerability

A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence.

Debian alert: New man-db packages fix segmentation fault

  • Mailing list (Posted by dave on Aug 18, 2003 5:11 AM EDT)
  • Story Type: Security; Groups: Debian
A previous man-db update (DSA-364-1) fixed buffer overruns in ult_src, a part of the "mandb" command that finds the canonical source file for each man page. However, this update introduced an error in the routine that resolves hardlinks: depending on the filenames of hardlinked man pages, that routine might itself overrun allocated memory, causing a segmentation fault.

Debian alert: New autorespond packages fix buffer overflow

  • Mailing list (Posted by dave on Aug 16, 2003 4:31 PM EDT)
  • Story Type: Security; Groups: Debian
Christian Jaeger discovered a buffer overflow in autorespond, an email autoresponder used with qmail. This vulnerability could potentially be exploited by a remote attacker to gain the privileges of a user who has configured qmail to forward messages to autorespond. This vulnerability is currently not believed to be exploitable due to incidental limits on the length of the problematic input, but there may be situations in which these limits do not apply.

Debian alert: New netris packages fix buffer overflow

  • Mailing list (Posted by dave on Aug 16, 2003 4:19 PM EDT)
  • Story Type: Security; Groups: Debian
Shaun Colley discovered a buffer overflow vulnerability in netris, a network version of a popular puzzle game. A netris client connecting to an untrusted netris server could be sent an unusually long data packet, which would be copied into a fixed-length buffer without bounds checking. This vulnerability could be exploited to gain the priviliges of the user running netris in client mode, if they connect to a hostile netris server.

Red Hat alert: Updated unzip packages fix trojan vulnerability

  • Mailing list (Posted by dave on Aug 15, 2003 12:32 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated unzip packages resolving a vulnerability allowing arbitrary files to be overwritten are now available. [Updated 15 August 2003] Ben Laurie found that the original patch to fix this issue missed a case where the path component included a quoted slash. These updated packages contain a new patch that corrects this issue.

Debian alert: New kernel packages fix potential "oops"

  • Mailing list (Posted by dave on Aug 13, 2003 4:46 PM EDT)
  • Story Type: Security; Groups: Debian
This advisory provides a correction to the previous kernel updates, which contained an error introduced in kernel-source-2.4.18 version 2.4.18-10. This error could result in a kernel "oops" under certain circumstances involving POSIX locks and multithreaded programs.

Mandrake alert: Updated php packages fix vulnerabilities

A vulnerability was discovered in the transparent session ID support in PHP4 prior to version 4.3.2. It did not properly escape user- supplied input prior to inserting it in the generated web page. This could be exploited by an attacker to execute embedded scripts within the context of the generated HTML (CAN-2003-0442).

SuSE alert: kernel

  • Mailing list (Posted by dave on Aug 12, 2003 8:52 AM EDT)
  • Story Type: Security; Groups: SUSE
During the last weeks a couple of security relevant fixes have been accumulated for the kernel. These fix local vulnerabilities and remote DoS conditions. The list of the fixed vulnerabilities is as follows:

Debian alert: New perl packages fix cross-site scripting

  • Mailing list (Posted by dave on Aug 11, 2003 7:32 PM EDT)
  • Story Type: Security; Groups: Debian
A cross-site scripting vulnerability exists in the start_form() function in CGI.pm. This function outputs user-controlled data into the action attribute of a form element without sanitizing it, allowing a remote user to execute arbitrary web script within the context of the generated page. Any program which uses this function in the CGI.pm module may be affected.

Red Hat alert: Updated KDE packages fix security issue

  • Mailing list (Posted by dave on Aug 11, 2003 12:00 AM EDT)
  • Story Type: Security; Groups: Red Hat
This erratum provides updated KDE packages that resolve a security issue in Konquerer.

« Previous ( 1 ... 7366 7367 7368 7369 7370 7371 7372 7373 7374 7375 7376 ... 7440 ) Next »