Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7388 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 ... 7418 ) Next »

Mandrake alert: sudo update

The SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail (or equivalent mailer) program with root privileges and an environment that is not completely clean. This problem has been fixed upstream by the author in sudo 1.6.4 and it is highly recommended that all users upgrade regardless of what mailer you are using.

Red Hat alert: Updated xchat packages are available

  • Mailing list (Posted by dave on Jan 15, 2002 7:08 AM EDT)
  • Story Type: Security; Groups: Red Hat
Versions of xchat prior to version 1.8.7 contain a vulnerability which allows an attacker to cause a vulnerable client to execute arbitrary IRC server commands as if the vulnerable user had typed them. This security erratum updates xchat to version 1.8.7, which is not vulnerable to this attack.

Red Hat alert: Updated pine packages are available

  • Mailing list (Posted by dave on Jan 15, 2002 7:01 AM EDT)
  • Story Type: Security; Groups: Red Hat
Pine (version 4.43 and earlier) as released with all currently supported versions of Red Hat Linux (6.2, 7, 7.1, 7.2), contains a URL handling bug. This bug can allow a malicious attacker to cause arbitrary commands embedded in a URL to be executed on the users system upon attempting to view the URL.

Red Hat alert: Updated sudo package is available

  • Mailing list (Posted by dave on Jan 14, 2002 11:55 PM EDT)
  • Story Type: Security; Groups: Red Hat
This updated sudo package fixes a potential local root exploit.

Red Hat alert: Updated bugzilla packages available

  • Mailing list (Posted by dave on Jan 14, 2002 11:55 PM EDT)
  • Story Type: Security; Groups: Red Hat
A number of security-related bugs have been found in Bugzilla version

Red Hat alert: Updated sudo packages are available

  • Mailing list (Posted by dave on Jan 14, 2002 11:54 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated sudo packages fixing a security problem are available.

Red Hat alert: New groff packages available to fix security problems

  • Mailing list (Posted by dave on Jan 14, 2002 7:18 AM EDT)
  • Story Type: Security; Groups: Red Hat
New groff packages have been made available that fix an overflow in groff. If the printing system running this is a security issue, it is recommended to update to the new, fixed packages.

Debian alert: New sudo packages fix local root exploit

  • Mailing list (Posted by dave on Jan 14, 2002 4:18 AM EDT)
  • Story Type: Security; Groups: Debian
Sebastian Krahmer from SuSE found a vulnerability in sudo which could easily lead into a local root exploit.

Debian alert: CIPE DoS attack

  • Mailing list (Posted by dave on Jan 14, 2002 4:10 AM EDT)
  • Story Type: Security; Groups: Debian
Larry McVoy found a bug in the packet handling code for the CIPE VPN package: it did not check if a received packet was too short and could crash.

SuSE alert: sudo

  • Mailing list (Posted by dave on Jan 14, 2002 3:29 AM EDT)
  • Story Type: Security; Groups: SUSE
The SuSE Security Team discovered a bug in the sudo program which is installed setuid to root. Attackers may trick "sudo" to log failed sudo invocations executing the sendmail program with root-privileges and not completely cleaned environment. Depending on the installed mail-package this may enable attackers to execute code as root. This is the case for at least the postfix mailer. Other mailers may be exploited in a similar way. This bug has been fixed by having "sudo" invoke the sendmail command with user-privileges instead. Please update your sudo package regardless of the mail-packages you are using. As a temporary workaround you may remove the s-bit from sudo with the "chmod -s `which sudo`" command, which will disable the sudo functionality.

Debian alert: glibc buffer overflow

  • Mailing list (Posted by dave on Jan 13, 2002 12:07 PM EDT)
  • Story Type: Security; Groups: Debian
A buffer overflow has been found in the globbing code for glibc. This code which is used to glob patterns for filenames and is commonly used in applications like shells and FTP servers.

Slackware alert: Pine update fixes insecure URL-handling

Pine 4.44 packages are now available to fix a problem with insecure URL handling.

Slackware alert: glibc glob overflow patched

A buffer overflow has been found in the glob(3) function in glibc. Fixed packages for Slackware 8.0 are now available.

Red Hat alert: New mutt packages available to fix security problem

  • Mailing list (Posted by dave on Jan 9, 2002 1:19 PM EDT)
  • Story Type: Security; Groups: Red Hat
New mutt packages that fix an overflow in mutt's address parsing code are available. It is recommended that all mutt users update to the fixed packages.

Red Hat alert: Updated namazu packages are available

  • Mailing list (Posted by dave on Jan 9, 2002 1:58 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated namazu packages are available for Red Hat Linux 7.0J. These packages fix cross-site scripting vulnerabilities. It also fixes a possible buffer overflow.

Mandrake alert: bind update

There are some insecure permissions on configuration files and executables with the bind 9.x packages shipped with Mandrake Linux 8.0 and 8.1. This update provides stricter permissions by making the /etc/rndc.conf and /etc/rndc.key files read/write by the named user and by making /sbin/rndc-confgen and /sbin/rndc read/write/executable only by root.

Mandrake alert: mutt update

Joost Pol reported a remotely exploitable buffer overflow in the mutt email client. It is recommended that all mutt users upgrade their packages immediately.

Mandrake alert: glibc update

Flavio Veloso found an overflowable buffer problem in earlier versions of the glibc glob(3) implementation. It may be possible to exploit some programs that pass input to the glibc glob() function in a manner that can be modified by the user. Update: The glibc update for 8.0/PPC resulted in ldconfig segfaulting consistently. This update fixes the problems with ldconfig on PPC.

Debian alert: two libgtop security problems

  • Mailing list (Posted by dave on Jan 8, 2002 2:53 PM EDT)
  • Story Type: Security; Groups: Debian
Two different problems where found in libgtop-daemon:

Slackware alert: mutt remote exploit patched

An exploitable overflow has been found in the address handling code of the mutt mail client version 1.2.5i supplied with Slackware 8.0. A new mutt-1.2.5.1 has been released which addresses this problem, and packages are now available for Slackware 8.0 and -current.

« Previous ( 1 ... 7388 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 ... 7418 ) Next »