Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7388 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 ... 7439 ) Next »
Debian alert: New IMP packages fix SQL injection and typo
The advisory DSA 229-1 contained a typo in one file which could cause
certain installations to fail suddenly.
Debian alert: New IMP packages fix SQL injection
Jouko Pynnonen discovered a probem with IMP, a web based IMAP mail
program. Using carefully crafted URLs a remote attacker is able to
inject SQL code into SQL queries without proper user authentication.
Even though results of SQL queries aren't directly readable from the
screen, an attacker might. update his mail signature to contain wanted
query results and then view it on the preferences page of IMP.
Mandrake alert: Updated OpenLDAP packages fix multiple vulnerabilities
A review was completed by the SuSE Security Team on the OpenLDAP server software, and this audit revealed several buffer overflows and other bugs that remote attackers could exploit to gain unauthorized access to the system running the vulnerable OpenLDAP servers. Additionally, various locally exploitable bugs in the OpenLDAP v2 libraries have been fixed as well.
Mandrake alert: Updated leafnode packages fix remote DoS vulnerability
A vulnerability was discovered by Jan Knutar in leafnode that Mark Brown pointed out could be used in a Denial of Service attack. This vulnerability causes leafnode to go into an infinite loop with 100% CPU use when an article that has been crossposed to several groups, one of which is the prefix of another, is requested by it's Message-ID.
Red Hat alert: Updated PostgreSQL packages fix security issues and bugs
Updated PostgreSQL packages are available for Red Hat Linux 7.3 and 8.0.
These packages correct several security and other bugs. A separate
advisory deals with updated PostgreSQL packages for Red Hat Linux 6.2, 7,
7.1, and 7.
Red Hat alert: Updated PostgreSQL packages fix buffer overrun vulnerabilities
Updated PostgreSQL packages are available for Red Hat Linux 6.2, 7, 7.1,
and 7.2 where we have backported a number of security fixes. A separate
advisory deals with updated PostgreSQL packages for Red Hat Linux 7.3 and 8.0.
Debian alert: New libmcrypt packages fix buffer overflows and memory leak
Ilia Alshanetsky discovered several buffer overflows in libmcrypt, a
decryption and encryption library, that originates in from improper or
lacking input validation. By passing input which is longer then
expected to a number of functions (multiple functions are affected)
the user can successful make libmcrypt crash and may be able to insert
arbitrary, malicious, code which will be executed under the user
libmcrypt runs as, e.g. inside a web server.
SuSE alert: libpng
The library libpng provides several functions to encode, decode and manipulate Portable Network Graphics (PNG) image files. Due to wrong calculation of some loop offset values a buffer overflow can occur. The buffer overflow can lead to Denial-of-Service or even to remote compromise.
Mandrake alert: Updated KDE packages fix multiple vulnerabilities
Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources.
Mandrake alert: Updated krb5 packages fix incorrect initscripts
A stack buffer overflow in the implementation of the Kerberos v4 compatibility administration daemon (kadmind4) in the krb5 package can be exploited to gain unauthorized root access to a KDC host. Authentication to the daemon is not required to successfully perform the attack and according to MIT at least one exploit is known to exist. kadmind4 is used only by sites that require compatibility with legacy administrative clients, and sites that do not have these needs are likely not using kadmind4 and are not affected.
Red Hat alert: Updated CUPS packages fix various vulnerabilities
Updated CUPS packages are available for Red Hat Linux 7.3 and 8.0 which fix
various security issues.
Red Hat alert: Updated libpng packages fix buffer overflow
Updated libpng packages are available that fix a buffer overflow vulnerability.
Debian alert: New openldap packages fix buffer overflows and remote exploit
The SuSE Security Team reviewed critical parts of openldap2, an
implementation of the Lightweight Directory Access Protocol (LDAP)
version 2 and 3, and found several buffer overflows and other bugs
remote attackers could exploit to gain access on systems running
vulnerable LDAP servers. In addition to these bugs, various local
exploitable bugs within the OpenLDAP2 libraries have been fixed.
Debian alert: New xpdf-i packages fix arbitrary command execution
iDEFENSE discovered an integer overflow in the pdftops filter from the
xpdf and xpdf-i packages that can be exploited to gain the privileges
of the target user. This can lead to gaining privileged access to the
'lp' user if thee pdftops program is part of the print filter.
Mandrake alert: Updated dhcpcd packages fix character expansion vulnerability
A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-<interface>.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-<interface>.info which contains shell variables and DHCP assignment information. The way quotes are handled inside these assignments is flawed, and a malicious DHCP server can execute arbitrary shell commands on the vulnerable DHCP client system. This can also be exploited by an attacker able to spoof DHCP responses.
Mandrake alert: Updated xpdf packages fix integer overflow vulnerability
The pdftops filter found in both the xpdf and CUPS packages suffers from an integer overflow that can be exploited to gain the privilege of the victim user.
Mandrake alert: Updated CUPS packages fix multiple vulnerabilities
iDefense reported several security problems in CUPS that can lead to local and remote root compromise.
Red Hat alert: Updated Ethereal packages are available
Updated Ethereal packages are available which fix various security issues.
Debian alert: New tomcat packages fix source disclosure vulnerability
A security vulnerability has been confirmed to exist in Apache Tomcat
4.0.x releases, which allows to use a specially crafted URL to return
the unprocessed source of a JSP page, or, under special circumstances,
a static resource which would otherwise have been protected by a
security constraint, without the need for being properly
authenticated. This is based on a variant of the exploit that was
identified as CAN-2002-1148.
Debian alert: New canna packages fix buffer overflow and denial of service
Several vulnerabilities have been discovered in canna, a Japanese
input system. The Common Vulnerabilities and Exposures (CVE) project
identified the following vulnerabilities:
« Previous ( 1 ... 7388 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 ... 7439 ) Next »