Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 7380 ... 7440 ) Next »
Mandrake alert: Updated unzip packages fix vulnerability
A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence.
Debian alert: New mozart packages fix unsafe mailcap configuration
mozart, a development platform based on the Oz language, includes MIME
configuration data which specifies that Oz applications should be
passed to the Oz interpreter for execution. This means that file
managers, web browsers, and other programs which honor the mailcap
file could automatically execute Oz programs downloaded from untrusted
sources. Thus, a malicious Oz program could execute arbitrary code
under the uid of a user running a MIME-aware client program if the
user selected a file (for example, choosing a link in a web browser).
Debian alert: New liece packages fix insecure temporary file creation
liece, an IRC client for Emacs, does not take appropriate security
precautions when creating temporary files. This bug could potentially
be exploited to overwrite arbitrary files with the privileges of the
user running Emacs and liece, potentially with contents supplied
by the attacker.
Debian alert: New x-face-el packages fix insecure temporary file creation
NOTE: due to a combination of administrative problems, this advisory
was erroneously released with the identifier "DSA-338-1". DSA-338-1
correctly refers to an earlier advisory regarding proftpd.
Debian alert: New semi, wemi packages fix insecure temporary file creation
NOTE: due to a combination of administrative problems, this advisory
was erroneously released with the identifier "DSA-337-1". DSA-337-1
correctly refers to an earlier advisory regarding gtksee.
Debian alert: New x-face-el packages fix insecure temporary file creation
x-face-el, a decoder for images included inline in X-Face email
headers, does not take appropriate security precautions when creating
temporary files. This bug could potentially be exploited to overwrite
arbitrary files with the privileges of the user running Emacs and
x-face-el, potentially with contents supplied by the attacker.
Debian alert: New semi, wemi packages fix insecure temporary file creation
semi, a MIME library for GNU Emacs, does not take appropriate
security precautions when creating temporary files. This bug could
potentially be exploited to overwrite arbitrary files with the
privileges of the user running Emacs and semi, potentially with
contents supplied by the attacker.
Red Hat alert: Updated Ethereal packages fix security issues
Updated Ethereal packages available to fix a number of remotely
exploitable security issues
Red Hat alert: Updated PHP packages are now available
Updated PHP packages for Red Hat Linux 8.0 and 9 are available that fix a
number of bugs, as well as a minor security problem in the transparent
session ID functionality.
Red Hat alert: Updated XFree86 packages provide security and bug fixes
New XFree86 packages for Red Hat Linux 8.0 are now available which include
several security fixes, bug fixes, enhancements, and driver updates.
[Updated: June 30, 2003]
The XFree86 4.
Red Hat alert: Updated unzip packages fix trojan vulnerability
Updated unzip packages resolving a vulnerability allowing arbitrary files
to be overwritten are now available.
Debian alert: Factual correction for DSA-336-1
NOTE: This advisory is being released as a factual correction to
DSA-336-1. In an administrative error, DSA-336-1 listed several CVE
names which did not, in fact, apply to Linux 2.2.20, and omitted one
vulnerability which was fixed in the updated packages. The packages
are (and were) correct, and remain unchanged. The package changelog
contains the correct information. This advisory provides updated
information only.
Debian alert: New gtksee packages fix buffer overflow
Viliam Holub discovered a bug in gtksee whereby, when loading PNG
images of certain color depths, gtksee would overflow a heap-allocated
buffer. This vulnerability could be exploited by an attacker using a
carefully constructed PNG image to execute arbitrary code when the
victim loads the file in gtksee.
Debian alert: New proftpd packages fix SQL injection
runlevel [runlevel@raregazz.org] reported that ProFTPD's PostgreSQL
authentication module is vulnerable to a SQL injection attack. This
vulnerability could be exploited by a remote, unauthenticated attacker
to execute arbitrary SQL statements, potentially exposing the
passwords of other users, or to connect to ProFTPD as an arbitrary
user without supplying the correct password.
Debian alert: New Linux 2.2.20 packages and i386 kernel images fix several vulnerabilities
A number of vulnerabilities have been discovered in the Linux kernel.
Debian alert: New mantis packages fix insecure file permissions
mantis, a PHP/MySQL web based bug tracking system, stores the password
used to access its database in a configuration file which is
world-readable. This could allow a local attacker to read the
password and gain read/write access to the database.
Debian alert: New xgalaga packages fix buffer overflow
Steve Kemp discovered several buffer overflows in xgalaga, a game,
which can be triggered by a long HOME environment variable. This
vulnerability could be exploited by a local attacker to gain gid
'games'.
Debian alert: New acm packages fix integer overflow
acm, a multi-player aerial combat simulation, uses a network protocol
based on the same RPC implementation used in many C libraries. This
implementation was found to contain an integer overflow vulnerability
which could be exploited to execute arbitrary code.
Debian alert: New Linux 2.4.17 source code and MIPS kernel images fix several vulnerabilities
A number of vulnerabilities have been discovered in the Linux kernel.
Debian alert: New imagemagick packages fix insecure temporary file creation
imagemagick's libmagick library, under certain circumstances, creates
temporary files without taking appropriate security precautions. This
vulnerability could be exploited by a local user to create or
overwrite files with the privileges of another user who is invoking a
program using this library.
« Previous ( 1 ... 7370 7371 7372 7373 7374 7375 7376 7377 7378 7379 7380 ... 7440 ) Next »