Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7373 7374 7375 7376 7377 7378 7379 7380 7381 7382 7383 ... 7440 ) Next »
Debian alert: New eterm packages fix buffer overflow
"bazarr" discovered that eterm is vulnerable to a buffer overflow of
the ETERMPATH environment variable. This bug can be exploited to gain
the privileges of the group "utmp" on a system where eterm is
installed.
Debian alert: New gzip packages fix insecure temporary file creation
Paul Szabo discovered that znew, a script included in the gzip
package, creates its temporary files without taking precautions to
avoid a symlink attack (CAN-2003-0367).
SuSE alert: pptpd
The PPTP daemon contains a remotely exploitable buffer overflow which was introduced due to a integer overflow in the third argument passed to the read() library call. This bug has been fixed. Since there is no workaround other than shutting down the PPTP daemon an update is strongly recommended if you need a PPTP server running.
SuSE alert: cups
The well known Common Unix Printing System (CUPS) was found vulnerable to a remote Denial of Service attack. The CUPS daemon will stop serving clients if the second carriage return in a request is not sent to complete the header. Since the vulnerability occurs before any authorization or address verification there is no other workaround than shutting down the CUPS server.
Red Hat alert: Updated hanterm packages provide security fixes
Updated hanterm packages fix two security issues.
Mandrake alert: Updated kon2 packages fix buffer overflow vulnerability
A vulnerability was discovered in kon2, a Kanji emulator for the console. A buffer overflow in the command line parsing can be exploited, leading to local users being able to gain root privileges.
Red Hat alert: Updated KDE packages fix security issue
Updated KDE packages that resolve a vulnerability in KDE's SSL
implementation are now available.
Red Hat alert: Updated kon2 packages fix buffer overflow
A buffer overflow in kon2 allows local users to obtain root privileges.
Red Hat alert: Updated 2.4 kernel fixes vulnerabilities and driver bugs
Updated kernel packages are now available that contain fixes for security
vulnerabilities as well as fixes for bugs in the audigy, cmd640 IDE, and USB
drivers.
Mandrake alert: Updated apache2 packages fix vulnerabilities
Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.
Red Hat alert: Updated 2.4 kernel fixes vulnerability
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now
available. These packages fix a ptrace-related vulnerability that can
lead to elevated (root) privileges.
[Updated 30 March 2003]
Updated kernel packages for Red Hat Linux 7.2 ia64 have been added.
[Updated 28 May 2003]
Replacement kernel packages for Red Hat Linux 7.2 ia64 have been added; the
previous packages did not contain the fix for the ptrace vulnerability.
Mandrake alert: Updated apache2 packages fix vulnerabilities
Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.
Red Hat alert: Updated ghostscript packages fix vulnerability
New ghostscript packages fixing a command execution vulnerability are now
available.
Mandrake alert: Updated cups packages fix Denial of Service vulnerability
A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default).
Slackware alert: CUPS DoS vulnerability fixed (SSA:2003-149-01)
Upgraded CUPS packages are available for Slackware 8.1, 9.0,
and -current to fix a denial of service attack vulnerability.
Debian alert: New gps packages fix multiple vulnerabilities
gPS is a graphical application to watch system processes. In release
1.1.0 of the gps package, several security vulnerabilities were fixed,
as detailed in the changelog:
Red Hat alert: Updated httpd packages fix Apache security vulnerabilities
Updated httpd packages that fix two security issues are now available for
Red Hat Linux 8.0 and 9.
SuSE alert: glibc
Another integer overflow was found in glibc' XDR code. This bug is equal to the one described in advisory SuSE-SA:2002:031. The overflow occurs in the function xdrmem_getbytes() and can be used by external attackers to execute arbitrary code.
Red Hat alert: Updated CUPS packages fix denial of service attack
Updated CUPS packages that fix a denial of service vulnerability are now
available.
Mandrake alert: Updated gnupg packages fix validation bug
A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid.
« Previous ( 1 ... 7373 7374 7375 7376 7377 7378 7379 7380 7381 7382 7383 ... 7440 ) Next »