Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7372 7373 7374 7375 7376 7377 7378 7379 7380 7381 7382 ... 7440 ) Next »

Debian alert: New typespeed packages fix buffer overflow

  • Mailing list (Posted by dave on Jun 16, 2003 4:47 PM EDT)
  • Story Type: Security; Groups: Debian
typespeed is a game which challenges the player to type words correctly and quickly. It contains a network play mode which allows players on different systems to play competitively. The network code contains a buffer overflow which could allow a remote attacker to execute arbitrary code under the privileges of the user invoking typespeed, in addition to gid games.

Mandrake alert: Updated gzip packages fix insecure temporary file creation

A vulnerability exists in znew, a script included with gzip, that would create temporary files without taking precautions to avoid a symlink attack. Patches have been applied to make use of mktemp to generate unique filenames, and properly make use of noclobber in the script. Likewise, a fix for gzexe which had been applied previously was incomplete. It has been fixed to make full use of mktemp everywhere a temporary file is created.

Mandrake alert: Updated ethereal packages fix multiple vulnerabilities

Several vulnerabilities in ethereal were discovered by Timo Sirainen. Integer overflows were found in the Mount and PPP dissectors, as well as one-byte buffer overflows in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors. These vulnerabilties were corrected in ethereal 0.9.12.

Debian alert: New radiusd-cistron packages fix buffer overflow

  • Mailing list (Posted by dave on Jun 13, 2003 6:17 PM EDT)
  • Story Type: Security; Groups: Debian
radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port attribute is received. This could allow a remote attacker to execute arbitrary code on the with the privileges of the RADIUS daemon (usually root).

Debian alert: New mikmod packages fix buffer overflow

  • Mailing list (Posted by dave on Jun 13, 2003 3:44 PM EDT)
  • Story Type: Security; Groups: Debian
Ingo Saitz discovered a bug in mikmod whereby a long filename inside an archive file can overflow a buffer when the archive is being read by mikmod.

SuSE alert: radiusd-cistron

  • Mailing list (Posted by dave on Jun 13, 2003 5:23 AM EDT)
  • Story Type: Security; Groups: SUSE
The package radiusd-cistron is an implementation of the RADIUS protocol. Unfortunately the RADIUS server handles too large NAS numbers not correctly. This leads to overwriting internal memory of the server process and may be abused to gain remote access to the system the RADIUS server is running on.

Debian alert: New webmin packages fix remote session ID spoofing

  • Mailing list (Posted by dave on Jun 12, 2003 3:53 PM EDT)
  • Story Type: Security; Groups: Debian
miniserv.pl in the webmin package does not properly handle metacharacters, such as line feeds and carriage returns, in Base64-encoded strings used in Basic authentication. This vulnerability allows remote attackers to spoof a session ID, and thereby gain root privileges.

Debian alert: New lyskom-server packages fix denial of service

  • Mailing list (Posted by dave on Jun 12, 2003 3:02 PM EDT)
  • Story Type: Security; Groups: Debian
Calle Dybedahl discovered a bug in lyskom-server which could result in a denial of service where an unauthenticated user could cause the server to become unresponsive as it processes a large query.

Debian alert: New cupsys packages fix denial of service

  • Mailing list (Posted by dave on Jun 11, 2003 7:19 PM EDT)
  • Story Type: Security; Groups: Debian
The CUPS print server in Debian is vulnerable to a denial of service when an HTTP request is received without being properly terminated.

Debian alert: New slashem packages fix buffer overflow

  • Mailing list (Posted by dave on Jun 11, 2003 7:13 PM EDT)
  • Story Type: Security; Groups: Debian
The slashem package is vulnerable to a buffer overflow exploited via a long '-s' command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where slashem is installed.

Debian alert: New nethack packages fix buffer overflow, incorrect permissions

  • Mailing list (Posted by dave on Jun 11, 2003 4:27 PM EDT)
  • Story Type: Security; Groups: Debian
The nethack package is vulnerable to a buffer overflow exploited via a long '-s' command line option. This vulnerability could be used by an attacker to gain gid 'games' on a system where nethack is installed.

Debian alert: New gnocatan packages fix buffer overflows, denial of service

  • Mailing list (Posted by dave on Jun 11, 2003 3:36 PM EDT)
  • Story Type: Security; Groups: Debian
Bas Wijnen discovered that the gnocatan server is vulnerable to several buffer overflows which could be exploited to execute arbitrary code on the server system

Debian alert: New atftp packages fix buffer overflow

  • Mailing list (Posted by dave on Jun 11, 2003 3:28 PM EDT)
  • Story Type: Security; Groups: Debian
Rick Patel discovered that atftpd is vulnerable to a buffer overflow when a long filename is sent to the server. An attacker could exploit this bug remotely to execute arbitrary code on the server.

Debian alert: New ethereal packages fix buffer overflows, integer overflows

  • Mailing list (Posted by dave on Jun 11, 2003 3:24 PM EDT)
  • Story Type: Security; Groups: Debian
Timo Sirainen discovered several vulnerabilities in ethereal, a network traffic analyzer. These include one-byte buffer overflows in the AIM, GIOP Gryphon, OSPF, PPTP, Quake, Quake2, Quake3, Rsync, SMB, SMPP, and TSP dissectors, and integer overflows in the Mount and PPP dissectors.

Debian alert: New eterm packages fix error introduced in DSA-309-1

  • Mailing list (Posted by dave on Jun 11, 2003 3:16 PM EDT)
  • Story Type: Security; Groups: Debian
A buffer overflow was fixed in DSA-309-1, but a different error was introduced in the handling of the ETERMPATH environment variable. This bug was not security-related, but would cause this environment variable not to be recognized correctly. This is now corrected by an updated version of the package.

Mandrake alert: Updated kernel packages fix multiple vulnerabilities

Multiple vulnerabilities were discovered and fixed in the Linux kernel.

Mandrake alert: Updated ghostscript packages fix vulnerability

A vulnerability was discovered in Ghostscript versions prior to 7.07 that allowed malicious postscript files to execute arbitrary commands even when -dSAFER is enabled.

Debian alert: New powerpc kernel fixes several vulnerabilities

  • Mailing list (Posted by dave on Jun 9, 2003 7:42 PM EDT)
  • Story Type: Security; Groups: Debian
A number of vulnerabilities have been discovered in the Linux kernel.

Debian alert: New xaos packages fix improper setuid-root execution

  • Mailing list (Posted by dave on Jun 8, 2003 6:07 PM EDT)
  • Story Type: Security; Groups: Debian
XaoS, a program for displaying fractal images, is installed setuid root on certain architectures in order to use svgalib, which requires access to the video hardware. However, it is not designed for secure setuid execution, and can be exploited to gain root privileges.

Debian alert: New kernel packages fix several vulnerabilities

  • Mailing list (Posted by dave on Jun 8, 2003 5:26 PM EDT)
  • Story Type: Security; Groups: Debian
A number of vulnerabilities have been discovered in the Linux kernel.

« Previous ( 1 ... 7372 7373 7374 7375 7376 7377 7378 7379 7380 7381 7382 ... 7440 ) Next »