Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7367 7368 7369 7370 7371 7372 7373 7374 7375 7376 7377 ... 7440 ) Next »
Debian alert: New kdelibs-crypto packages fix multiple vulnerabilities
Two vulnerabilities were discovered in kdelibs:
Debian alert: New pam-pgsql packages fix format string vulnerability
Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the
username to be used for authentication is used as a format string when
writing a log message. This vulnerability may allow an attacker to
execute arbitrary code with the privileges of the program requesting
PAM authentication.
Debian alert: New zblast packages fix buffer overflow
Steve Kemp discovered a buffer overflow in zblast-svgalib, when saving
the high score file. This vulnerability could be exploited by a local
user to gain gid 'games', if they can achieve a high score.
Red Hat alert: up2date improperly checks GPG signature of packages
Updated up2date packages for Red Hat Linux 8.0 and 9 fix RPM GPG signature
verification.
Debian alert: New xpcd packages fix buffer overflow
Steve Kemp discovered a buffer overflow in xpcd-svga which can be
triggered by a long HOME environment variable. This vulnerability
could be exploited by a local attacker to gain root privileges.
Debian alert: New xtokkaetama packages fix buffer overflow
Another buffer overflow was discovered in xtokkaetama, involving the
"-nickname" command line option. This vulnerability could be
exploited by a local attacker to gain gid 'games'.
Debian alert: New man-db packages fix problem with DSA-364-1
The previous man-db update (DSA-364-1) introduced an error which
resulted in a segmentation fault in the "mandb" command, which runs
part of the daily cron job. This error was caused by allocating a
memory region which was one byte too small to hold the data written
into it.
Debian alert: New eroaster packages fix insecure temporary file creation
eroaster, a frontend for burning CD-R media using cdrecord, does not
take appropriate security precautions when creating a temporary file
for use as a lockfile. This bug could potentially be exploited to
overwrite arbitrary files with the privileges of the user running
eroaster.
Debian alert: New phpgroupware package fix several vulnerabilities
Several vulnerabilities have been discovered in phpgroupware:
Debian alert: New kernel packages fix potential "oops"
This advisory provides a correction to the previous kernel updates,
which contained an error introduced in kernel-source-2.4.18 version
2.4.18-7. This error could result in a kernel "oops" under certain
circumstances.
Debian alert: New kernel packages fix potential "oops"
This advisory provides a correction to the previous kernel updates,
which contained an error introduced in kernel-source-2.4.18 version
2.4.18-7. This error could result in a kernel "oops" under certain
circumstances.
Debian alert: New man-db packages fix buffer overflows, arbitrary command execution
man-db provides the standard man(1) command on Debian systems. During
configuration of this package, the administrator is asked whether
man(1) should run setuid to a dedicated user ("man") in order to
provide a shared cache of preformatted manual pages. The default is
for man(1) NOT to be setuid, and in this configuration no known
vulnerability exists. However, if the user explicitly requests setuid
operation, a local attacker could exploit either of the following bugs to
execute arbitrary code as the "man" user.
Red Hat alert: New postfix packages fix security issues.
New Postfix packages that fix two potential security issues are now available.
SuSE alert: postfix
Postfix is a flexible MTA replacement for sendmail. Michal Zalewski has reported problems in postfix which can lead to a remote DoS attack or allow attackers to bounce-scan private networks. These problems have been fixed. Even though not all of our products are vulnerable in their default configurations, the updates should be applied.
Debian alert: New postfix packages fix remote denial of service, bounce scanning
The postfix mail transport agent in Debian 3.0 contains two
vulnerabilities:
Debian alert: New mindi packages fix insecure temporary file creation
mindi, a program for creating boot/root disks, does not take
appropriate security precautions when creating temporary files. This
bug could potentially be exploited to overwrite arbitrary files with
the privileges of the user running mindi.
Slackware alert: KDE packages updated (SSA:2003-213-01)
New KDE packages are available for Slackware 9.0. These address a
security issue where Konqueror may leak authentication credentials.
Debian alert: New kdelibs packages fix several vulnerabilities
Two vulnerabilities were discovered in kdelibs:
Debian alert: New xfstt packages fix several vulnerabilities
xfstt, a TrueType font server for the X window system was found to
contain two classes of vulnerabilities:
Mandrake alert: Updated kdelibs packages fix konqueror authentication leak
A vulnerability in Konqueror was discovered where it could inadvertently send authentication credentials to websites other than the intended site in clear text via the HTTP-referer header when authentication credentials are passed as part of a URL in the form http://user:password@host/.
« Previous ( 1 ... 7367 7368 7369 7370 7371 7372 7373 7374 7375 7376 7377 ... 7440 ) Next »