Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7384 7385 7386 7387 7388 7389 7390 7391 7392 7393 7394 ... 7439 ) Next »

Mandrake alert: Updated util-linux packages provide stronger randomness in mcookie

The util-linux package provides the mcookie utility, a tool for generating random cookies that can be used for X authentication. The util-linux packages that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it use /dev/urandom instead of /dev/random, which resulted in the mcookie being more predictable than it would otherwise be. This patch has been removed in these updates, giving mcookie a better source of entropy and making the generated cookies less predictable. Thanks to Dirk Mueller for pointing this out.

Debian alert: New w3mmee-ssl packages fix cookie information leak

  • Mailing list (Posted by dave on Feb 13, 2003 4:57 AM EDT)
  • Story Type: Security; Groups: Debian
Hironori Sakamoto, one of the w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send his local cookies which are used for configuration. The information is not leaked automatically, though.

Red Hat alert: Updated fileutils package fixes race condition in recursive operations

  • Mailing list (Posted by dave on Feb 12, 2003 11:35 PM EDT)
  • Story Type: Security; Groups: Red Hat
New fileutils packages for Red Hat Linux 6.2, 7.0, 7.1, 7.2 and 7.3 fix a race condition in recursive remove and move commands.

Red Hat alert: Updated PAM packages fix bug in pam_xauth module

  • Mailing list (Posted by dave on Feb 12, 2003 11:34 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated PAM packages are now available for Red Hat Linux 7.1, 7.2, 7.3, and 8.0. These packages correct a bug in pam_xauth's handling of authorization data for the root user.

Red Hat alert: Updated lynx packages fix CRLF injection vulnerability

  • Mailing list (Posted by dave on Feb 12, 2003 10:22 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated lynx packages are available that fix an error in the way lynx parses its command line arguments, which can lead to faked headers being sent to a web server.

Red Hat alert: Updated python packages fix predictable temporary file

  • Mailing list (Posted by dave on Feb 12, 2003 6:25 AM EDT)
  • Story Type: Security; Groups: Red Hat
An insecure use of a temporary file has been found in Python. This erratum provides updated Python packages. [updated Feb 12 2003] Updated packages for Red Hat Linux 7.3 are available that fix a binary incompatibility change in the original erratum packages that affected redhat-config-users, and to add back the missing python-tools package.

Mandrake alert: Updated postgresql packages fix various buffer overflows

Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone.

Debian alert: New w3mmee packages fix cookie information leak

  • Mailing list (Posted by dave on Feb 11, 2003 4:33 AM EDT)
  • Story Type: Security; Groups: Debian
Hironori Sakamoto, one of w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send his local cookies which are used for configuration. The information is not leaked automatically, though.

Red Hat alert: Updated kernel-utils packages fix setuid vulnerability

  • Mailing list (Posted by dave on Feb 7, 2003 9:16 AM EDT)
  • Story Type: Security; Groups: Red Hat
An updated kernel-utils package is available that removes the setuid bits incorrectly assigned to the uml_net binary.

Red Hat alert: Updated w3m packages fix cross-site scripting issues

  • Mailing list (Posted by dave on Feb 6, 2003 10:10 PM EDT)
  • Story Type: Security; Groups: Red Hat
New w3m packages are available that fix two cross-site scripting issues.

Red Hat alert: Updated Xpdf packages fix security vulnerability

  • Mailing list (Posted by dave on Feb 6, 2003 6:05 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Xpdf packages are now available that fix a vulnerability in which a maliciously-crafted pdf document could run arbitrary code.

Red Hat alert: Updated WindowMaker packages fix vulnerability in theme-loading

  • Mailing list (Posted by dave on Feb 6, 2003 12:12 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages are available to fix a vulnerability in WindowMaker.

Red Hat alert: Updated openldap packages available

  • Mailing list (Posted by dave on Feb 5, 2003 11:44 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated openldap packages are available which fix a number of local and remote buffer overflows in libldap and the slapd and slurpd servers, and potential issues stemming from using user-specified LDAP configuration files.

Mandrake alert: Updated slocate packages fix buffer overflow

A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7.

Mandrake alert: Updated kernel packages fix a number of bugs

An updated kernel for 9.0 is available with a number of bug fixes. Supermount has been completely overhauled and should be solid on all systems. Other fixes include XFS with high memory, a netfilter fix, a fix for Sony VAIO DMI, i845 should now work with UDMA, and new support for VIA C3 is included. Prism24 has been updated so it now works properly on HP laptops and a new ACPI is included, although it is disabled by default for broader compatibility.

Red Hat alert: Updated PHP packages available

  • Mailing list (Posted by dave on Feb 4, 2003 11:42 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated PHP packages are available that fix a vulnerability in the wordwrap() function and a number of compatibility bugs.

Red Hat alert: Updated 2.4 kernel fixes various vulnerabilities

  • Mailing list (Posted by dave on Feb 4, 2003 9:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now available that fix an information leak from several ethernet drivers, and a file system issue.

Mandrake alert: Updated MySQL packages fix DoS vulnerability

Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account.

Mandrake alert: Updated vim packages fix arbitrary command execution vulnerability

A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages.

Debian alert: New hypermail packages fix arbitrary code execution

  • Mailing list (Posted by dave on Jan 31, 2003 5:24 AM EDT)
  • Story Type: Security; Groups: Debian
Ulf Harnhammar discovered two problems in hypermail, a program to create HTML archives of mailing lists.

« Previous ( 1 ... 7384 7385 7386 7387 7388 7389 7390 7391 7392 7393 7394 ... 7439 ) Next »