Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7379 7380 7381 7382 7383 7384 7385 7386 7387 7388 7389 ... 7439 ) Next »
Debian alert: New lpr-ppd packages fix local root exploit
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line
printer spooling system. This problem can be exploited by a local
user to gain root privileges, even if the printer system is set up
properly.
Red Hat alert: Updated kerberos packages fix various vulnerabilities
Updated Kerberos packages for Red Hat Linux 9 fix a number of
vulnerabilities found in MIT Kerberos.
Mandrake alert: Updated krb5 packages fix multiple vulnerabilities
Multiple vulnerabilties have been found in the Kerberos network authentication system. The MIT Kerberos team have released an advisory detailing these vulnerabilties, a description of which follows.
Mandrake alert: Updated sendmail packages fix local and remote vulnerability
Michal Zalweski discovered a vulnerability in sendmail versions earlier than 8.12.9 in the address parser, which performs insufficient bounds checking in certain conditions due to a char to int conversion. This vulnerability makes it poissible for an attacker to take control of sendmail and is thought to be remotely exploitable, and very likely locally exploitable. Updated packages are available with patches applied (the older versions), and the new fixed version is available for Mandrake Linux 9.1 users.
Mandrake alert: Updated mutt packages fix exploitable buffer overflow
A vulnerability was discovered in the mutt text-mode email client in the IMAP code. This vulnerability can be exploited by a malicious IMAP server to crash mutt or even execute arbitrary code with the privilege of the user running mutt.
Mandrake alert: Updated Eterm packages fix escape sequence insecurities
Digital Defense Inc. released a paper detailing insecurities in various terminal emulators, including Eterm. Many of the features supported by these programs can be abused when untrusted data is displayed on the screen. This abuse can be anything from garbage data being displayed to the screen or a system compromise.
SuSE alert: sendmail
sendmail is the most widely used mail transport agent (MTA) in the internet. A remotely exploitable buffer overflow has been found in all versions of sendmail that come with SuSE products. These versions include sendmail-8.11 and sendmail-8.12 releases. sendmail is the MTA subsystem that is installed by default on all SuSE products up to and including SuSE Linux 8.0 and the SuSE Linux Enterprise Server 7.
Red Hat alert: Updated vsftpd packages re-enable tcp_wrappers support
Updated vsftpd packages that re-enable tcp_wrappers support are available
for Red Hat Linux 9.
Red Hat alert: New samba packages fix security vulnerabilities
Updated Samba packages are now available to fix security vulnerabilities
found during a code audit.
[Updated 24 March 2003]
Updated Samba packages for Red Hat Linux 6.2, 7, and 7.1 are now included.
These packages contain Samba version
Red Hat alert: Updated OpenSSL packages fix vulnerabilities
Updated OpenSSL packages are available that fix a potential timing-based
attack and a modified Bleichenbacher attack.
Red Hat alert: Updated dhcp packages fix possible packet storm
A potential remote denial of service attack affects version 3 of the ISC
DHCPD server. This advisory provides fixed packages for Red Hat Linux 8.0.
Red Hat alert: Updated sendmail packages fix vulnerability
Updated Sendmail packages are available to fix a vulnerability that
allows local and possibly remote attackers to gain root privileges.
Red Hat alert: Updated Evolution packages fix multiple vulnerabilities
Updated Evolution packages are available which fix several vulnerabilities.
[Updated 22 March 2003]
New packages are included for Red Hat Linux 7.3 as the previous erratum
packages lost support for SSL.
[Updated 31 March 2003]
New packages included for Red Hat Linux 9.
Slackware alert: Mutt buffer overflow in IMAP support
The mutt mail client packages in Slackware 8.1 and 9.0 have been
upgraded to mutt-1.4.1i to fix a security problem discovered by
Core Security Technologies. This issue may allow a remote
attacker controlling a malicious IMAP server to execute code on
your machine as the user running mutt if you connect to the IMAP
server using mutt.
Slackware alert: Sendmail buffer overflow fixed (NEW)
The sendmail packages in Slackware 8.0, 8.1, and 9.0 have been patched
to fix a security problem. Note that this vulnerablity is NOT the same
one that was announced on March 3rd and requires a new fix.
Debian alert: New mutt packages fix arbitrary code execution
Byrial Jensen discovered a couple of off-by-one buffer overflow in the
IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME,
GPG, PGP and threading. This problem could potentially allow a remote
malicious IMAP server to cause a denial of service (crash) and
possibly execute arbitrary code via a specially crafted mail folder.
Debian alert: New krb4 packages fix authentication failure
A cryptographic weakness in version 4 of the Kerberos protocol allows
an attacker to use a chosen-plaintext attack to impersonate any
principal in a realm. Additional cryptographic weaknesses in the krb4
implementation permit the use of cut-and-paste attacks to fabricate
krb4 tickets for unauthorized client principals if triple-DES keys are
used to key krb4 services. These attacks can subvert a site's entire
Kerberos authentication infrastructure.
Debian alert: New dietlibc packages fix arbitrary code execution
eEye Digital Security discovered an integer overflow in the
xdrmem_getbytes() function of glibc, that is also present in dietlibc,
a small libc useful especially for small and embedded systems. This
function is part of the XDR encoder/decoder derived from Sun's RPC
implementation. Depending upon the application, this vulnerability
can cause buffer overflows and could possibly be exploited to execute
arbitray code.
Mandrake alert: Updated kernel22 packages fix multiple vulnerabilities
A number of vulnerabilities have been found in the Linux 2.2 kernel that have been addressed with the latest 2.2.25 release.
Mandrake alert: Updated 2,4 kernel packages fix ptrace vulnerability
A bug in the kernel module loader code could allow a local user to gain root privileges. This is done by a local user using ptrace and attaching to a modprobe process that is spawned if the user triggers the loading of a kernel module.
« Previous ( 1 ... 7379 7380 7381 7382 7383 7384 7385 7386 7387 7388 7389 ... 7439 ) Next »