Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 7380 ... 7440 ) Next »

Mandrake alert: Updated unzip packages fix vulnerability

A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence.

Debian alert: New mozart packages fix unsafe mailcap configuration

  • Mailing list (Posted by dave on Jul 7, 2003 10:13 AM EDT)
  • Story Type: Security; Groups: Debian
mozart, a development platform based on the Oz language, includes MIME configuration data which specifies that Oz applications should be passed to the Oz interpreter for execution. This means that file managers, web browsers, and other programs which honor the mailcap file could automatically execute Oz programs downloaded from untrusted sources. Thus, a malicious Oz program could execute arbitrary code under the uid of a user running a MIME-aware client program if the user selected a file (for example, choosing a link in a web browser).

Debian alert: New liece packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Jul 7, 2003 10:04 AM EDT)
  • Story Type: Security; Groups: Debian
liece, an IRC client for Emacs, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and liece, potentially with contents supplied by the attacker.

Debian alert: New x-face-el packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Jul 6, 2003 4:54 PM EDT)
  • Story Type: Security; Groups: Debian
NOTE: due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-338-1". DSA-338-1 correctly refers to an earlier advisory regarding proftpd.

Debian alert: New semi, wemi packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Jul 6, 2003 4:52 PM EDT)
  • Story Type: Security; Groups: Debian
NOTE: due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee.

Debian alert: New x-face-el packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Jul 6, 2003 4:39 PM EDT)
  • Story Type: Security; Groups: Debian
x-face-el, a decoder for images included inline in X-Face email headers, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and x-face-el, potentially with contents supplied by the attacker.

Debian alert: New semi, wemi packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Jul 6, 2003 4:09 PM EDT)
  • Story Type: Security; Groups: Debian
semi, a MIME library for GNU Emacs, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and semi, potentially with contents supplied by the attacker.

Red Hat alert: Updated Ethereal packages fix security issues

  • Mailing list (Posted by dave on Jul 3, 2003 12:41 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Ethereal packages available to fix a number of remotely exploitable security issues

Red Hat alert: Updated PHP packages are now available

  • Mailing list (Posted by dave on Jul 2, 2003 8:06 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated PHP packages for Red Hat Linux 8.0 and 9 are available that fix a number of bugs, as well as a minor security problem in the transparent session ID functionality.

Red Hat alert: Updated XFree86 packages provide security and bug fixes

  • Mailing list (Posted by dave on Jul 1, 2003 6:13 PM EDT)
  • Story Type: Security; Groups: Red Hat
New XFree86 packages for Red Hat Linux 8.0 are now available which include several security fixes, bug fixes, enhancements, and driver updates. [Updated: June 30, 2003] The XFree86 4.

Red Hat alert: Updated unzip packages fix trojan vulnerability

  • Mailing list (Posted by dave on Jul 1, 2003 1:17 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated unzip packages resolving a vulnerability allowing arbitrary files to be overwritten are now available.

Debian alert: Factual correction for DSA-336-1

  • Mailing list (Posted by dave on Jun 30, 2003 1:32 PM EDT)
  • Story Type: Security; Groups: Debian
NOTE: This advisory is being released as a factual correction to DSA-336-1. In an administrative error, DSA-336-1 listed several CVE names which did not, in fact, apply to Linux 2.2.20, and omitted one vulnerability which was fixed in the updated packages. The packages are (and were) correct, and remain unchanged. The package changelog contains the correct information. This advisory provides updated information only.

Debian alert: New gtksee packages fix buffer overflow

  • Mailing list (Posted by dave on Jun 29, 2003 8:41 AM EDT)
  • Story Type: Security; Groups: Debian
Viliam Holub discovered a bug in gtksee whereby, when loading PNG images of certain color depths, gtksee would overflow a heap-allocated buffer. This vulnerability could be exploited by an attacker using a carefully constructed PNG image to execute arbitrary code when the victim loads the file in gtksee.

Debian alert: New proftpd packages fix SQL injection

  • Mailing list (Posted by dave on Jun 29, 2003 8:35 AM EDT)
  • Story Type: Security; Groups: Debian
runlevel [runlevel@raregazz.org] reported that ProFTPD's PostgreSQL authentication module is vulnerable to a SQL injection attack. This vulnerability could be exploited by a remote, unauthenticated attacker to execute arbitrary SQL statements, potentially exposing the passwords of other users, or to connect to ProFTPD as an arbitrary user without supplying the correct password.

Debian alert: New Linux 2.2.20 packages and i386 kernel images fix several vulnerabilities

  • Mailing list (Posted by dave on Jun 29, 2003 8:19 AM EDT)
  • Story Type: Security; Groups: Debian
A number of vulnerabilities have been discovered in the Linux kernel.

Debian alert: New mantis packages fix insecure file permissions

  • Mailing list (Posted by dave on Jun 28, 2003 5:47 PM EDT)
  • Story Type: Security; Groups: Debian
mantis, a PHP/MySQL web based bug tracking system, stores the password used to access its database in a configuration file which is world-readable. This could allow a local attacker to read the password and gain read/write access to the database.

Debian alert: New xgalaga packages fix buffer overflow

  • Mailing list (Posted by dave on Jun 28, 2003 5:45 PM EDT)
  • Story Type: Security; Groups: Debian
Steve Kemp discovered several buffer overflows in xgalaga, a game, which can be triggered by a long HOME environment variable. This vulnerability could be exploited by a local attacker to gain gid 'games'.

Debian alert: New acm packages fix integer overflow

  • Mailing list (Posted by dave on Jun 28, 2003 5:44 PM EDT)
  • Story Type: Security; Groups: Debian
acm, a multi-player aerial combat simulation, uses a network protocol based on the same RPC implementation used in many C libraries. This implementation was found to contain an integer overflow vulnerability which could be exploited to execute arbitrary code.

Debian alert: New Linux 2.4.17 source code and MIPS kernel images fix several vulnerabilities

  • Mailing list (Posted by dave on Jun 28, 2003 5:44 PM EDT)
  • Story Type: Security; Groups: Debian
A number of vulnerabilities have been discovered in the Linux kernel.

Debian alert: New imagemagick packages fix insecure temporary file creation

  • Mailing list (Posted by dave on Jun 28, 2003 5:41 PM EDT)
  • Story Type: Security; Groups: Debian
imagemagick's libmagick library, under certain circumstances, creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of another user who is invoking a program using this library.

« Previous ( 1 ... 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 7380 ... 7440 ) Next »