Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7369 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 ... 7440 ) Next »

Red Hat alert: Updated 2.4 kernel fixes vulnerabilities

  • Mailing list (Posted by dave on Jul 21, 2003 7:39 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated kernel packages are now available fixing several security vulnerabilities.

Mandrake alert: Updated nfs-utils packages fix buffer overflow

An off-by-one buffer overflow was found in the logging code in nfs-utils when adding a newline to the string being logged. This could allow an attacker to execute arbitrary code or cause a DoS (Denial of Service) on the server by sending certain RPC requests.

Mandrake alert: Updated apache2 packages fix multiple vulnerabilities

Several vulnerabilities were discovered in Apache 2.x versions prior to 2.0.47. From the Apache 2.0.47 release notes:

Mandrake alert: Updated kernel packages fix multiple vulnerabilities

Multiple vulnerabilities were discovered and fixed in the Linux kernel.

Red Hat alert: Updated Xpdf packages fix security vulnerability.

  • Mailing list (Posted by dave on Jul 17, 2003 12:41 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code. [Updated 16 July 2003] Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability.

Debian alert: New php4 packages fix cross-site scripting vulnerability

  • Mailing list (Posted by dave on Jul 16, 2003 3:42 PM EDT)
  • Story Type: Security; Groups: Debian
The transparent session ID feature in the php4 package does not properly escape user-supplied input before inserting it into the generated HTML page. An attacker could use this vulnerability to execute embedded scripts within the context of the generated page.

Mandrake alert: Updated kernel packages fix multiple vulnerabilities

Multiple vulnerabilities were discovered and fixed in the Linux kernel.

Slackware alert: nfs-utils packages replaced (SSA:2003-195-01b)

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to replace the ones that were issued yesterday. A bug in has been fixed in utils/mountd/auth.c that could cause mountd to crash.

Debian alert: New falconseye packages fix buffer overflow

  • Mailing list (Posted by dave on Jul 15, 2003 5:06 AM EDT)
  • Story Type: Security; Groups: Debian
The falconseye package is vulnerable to a buffer overflow exploited via a long '-s' command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where falconseye is installed.

SuSE alert: nfs-utils

  • Mailing list (Posted by dave on Jul 15, 2003 4:30 AM EDT)
  • Story Type: Security; Groups: SUSE
The nfs-utils package contains various programs to offer and manage certain RPC services such as the rpc.mountd. iSEC Security Research has reported an off-by-one bug in the xlog() function used by the rpc.mountd. It is possible for remote attackers to use this off-by-one overflow to execute arbitrary code as root. Some of the products listed above seem not vulnerable to this one byte overflow due to the stack alignment generated by the compiler during the build. Nevertheless, since there is no easy workaround except shutting down the RPC services, an update is strongly recommended for every product listed above.

Red Hat alert: Updated Mozilla packages fix security vulnerability

  • Mailing list (Posted by dave on Jul 14, 2003 11:57 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Mozilla packages fixing various bugs and security issues are now available.

Slackware alert: nfs-utils off-by-one overflow fixed

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to fix an off-by-one buffer overflow in xlog.c. Thanks to Janusz Niewiadomski for discovering and reporting this problem.

Debian alert: New nfs-utils package fixes buffer overflow

  • Mailing list (Posted by dave on Jul 14, 2003 10:47 AM EDT)
  • Story Type: Security; Groups: Debian
The logging code in nfs-utils contains an off-by-one buffer overrun when adding a newline to the string being logged. This vulnerability may allow an attacker to execute arbitrary code or cause a denial of service condition by sending certain RPC requests.

Red Hat alert: Updated nfs-utils packages fix denial of service vulnerability

  • Mailing list (Posted by dave on Jul 14, 2003 8:10 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated nfs-utils packages are available that fix a remotely exploitable Denial of Service vulnerability.

Debian alert: New traceroute-nanog packages fix integer overflow

  • Mailing list (Posted by dave on Jul 13, 2003 8:42 PM EDT)
  • Story Type: Security; Groups: Debian
traceroute-nanog, an enhanced version of the common traceroute program, contains an integer overflow bug which could be exploited to execute arbitrary code. traceroute-nanog is setuid root, but drops root privileges immediately after obtaining raw ICMP and raw IP sockets. Thus, exploitation of this bug provides only access to these sockets, and not root privileges.

Debian alert: New teapop packages fix SQL injection

  • Mailing list (Posted by dave on Jul 8, 2003 7:28 PM EDT)
  • Story Type: Security; Groups: Debian
teapop, a POP-3 server, includes modules for authenticating users against a PostgreSQL or MySQL database. These modules do not properly escape user-supplied strings before using them in SQL queries. This vulnerability could be exploited to execute arbitrary SQL under the privileges of the database user as which teapop has authenticated.

Debian alert: New phpsysinfo packages fix directory traversal

  • Mailing list (Posted by dave on Jul 8, 2003 6:27 PM EDT)
  • Story Type: Security; Groups: Debian
Albert Puigsech Galicia <ripe@7a69ezine.org> reported that phpsysinfo, a web-based program to display status information about the system, contains two vulnerabilities which could allow local files to be read, or arbitrary PHP code to be executed, under the privileges of the web server process (usually www-data). These vulnerabilities require access to a writable directory on the system in order to be exploited.

Debian alert: New xbl packages fix buffer overflow

  • Mailing list (Posted by dave on Jul 8, 2003 6:27 PM EDT)
  • Story Type: Security; Groups: Debian
Another buffer overflow was discovered in xbl, distinct from the one addressed in DSA-327 (CAN-2003-0451), involving the -display command line option. This vulnerability could be exploited by a local attacker to gain gid 'games'.

Debian alert: New unzip packages fix directory traversal

  • Mailing list (Posted by dave on Jul 8, 2003 3:49 PM EDT)
  • Story Type: Security; Groups: Debian
A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ("../") by placing certain invalid characters between the two "." characters.

Debian alert: New skk, ddskk packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Jul 8, 2003 3:33 PM EDT)
  • Story Type: Security; Groups: Debian
skk (Simple Kana to Kanji conversion program), does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and skk.

« Previous ( 1 ... 7369 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 ... 7440 ) Next »