Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 7399 ... 7418 ) Next »

Slackware alert: mutt remote exploit patched

An exploitable overflow has been found in the address handling code of the mutt mail client version 1.2.5i supplied with Slackware 8.0. A new mutt-1.2.5.1 has been released which addresses this problem, and packages are now available for Slackware 8.0 and -current.

SuSE alert: mutt

  • Mailing list (Posted by dave on Jan 7, 2002 10:28 AM EDT)
  • Story Type: Security; Groups: SUSE
mutt, a popular mail client for Linux-like systems, is vulnerable to a buffer overflow that is remotely exploitable. We have added patches to the versions of mutt as shipped with the affected distributions to fix the problem. We recommend to install the update package for your product and to restart all running instances of mutt. We thank Joost Pol for reporting the problem to the makers of mutt.

Debian alert: New versions of Exim fix uncontrolled program execution

  • Mailing list (Posted by dave on Jan 3, 2002 11:33 PM EDT)
  • Story Type: Security; Groups: Debian
Patrice Fournier discovered a bug in all versions of Exim older than Exim 3.34 and Exim 3.952.

Debian alert: mutt buffer overflow, sparc update

  • Mailing list (Posted by dave on Jan 2, 2002 3:29 PM EDT)
  • Story Type: Security; Groups: Debian
The sparc binary for the mutt security fix described in DSA-096-1 is now available.

Debian alert: mutt buffer overflow

  • Mailing list (Posted by dave on Jan 2, 2002 8:38 AM EDT)
  • Story Type: Security; Groups: Debian
Joost Pol found a buffer overflow in the address handling code of mutt (a popular mail user agent). Even though this is a one byte overflow this is exploitable.

Red Hat alert: Updated Mailman packages available

  • Mailing list (Posted by dave on Jan 2, 2002 6:24 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Mailman packages are now available for Red Hat Secure Web Server 3.2 (U.S.). These updates fix cross-site scripting bugs which might allow another server to be used to gain a user's private information from a server running Mailman.

Debian alert: gpm (gpm-root) format string vulnerabilities

  • Mailing list (Posted by dave on Dec 27, 2001 11:22 AM EDT)
  • Story Type: Security; Groups: Debian
The package 'gpm' contains the 'gpm-root' program, which can be used to create mouse-activated menus on the console. Among other problems, the gpm-root program contains a format string vulnerability, which allows an attacker to gain root privileges.

Red Hat alert: Updated namazu packages are available

  • Mailing list (Posted by dave on Dec 24, 2001 6:05 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated namazu packages are available for Red Hat Linux 7.0J. These packages fix cross-site scripting vulnerability.

SuSE alert: glibc/shlibs, in.ftpd

  • Mailing list (Posted by dave on Dec 24, 2001 9:11 AM EDT)
  • Story Type: Security; Groups: SUSE
This security announcement obsoletes SuSE-SA:2001:001 about glibc (shlibs).

Red Hat alert: Updated Mailman packages available

  • Mailing list (Posted by dave on Dec 21, 2001 5:12 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Mailman packages are now available for Red Hat PowerTools 7 and 7.1. These updates fix cross-site scripting bugs which might allow another server to be used to gain a user's private information from a server running Mailman.

Red Hat alert: Updated Mailman packages available

  • Mailing list (Posted by dave on Dec 21, 2001 5:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Mailman packages are now available for Red Hat Linux 7.

Mandrake alert: glibc update

Flavio Veloso found an overflowable buffer problem in earlier versions of the glibc glob(3) implementation. It may be possible to exploit some programs that pass input to the glibc glob() function in a manner that can be modified by the user.

Mandrake alert: libgtop update

A remote format string vulnerability was found in the libgtop daemon by Laboratory intexxia. By sending a specially crafted format string to the server, a remote attacker could potentially execute arbitrary code on the remote system with the daemon's permissions. By default libgtop runs as the user nobody, but the flaw could be used to compromise local system security by allowing the attacker to exploit other local vulnerabilities. A buffer overflow was also found by Flavio Veloso which could allow the client to execute code on the server. Both vulnerabilities are patched in this update and will be fixed upstream in version 1.0.14. libgtop_daemon is not invoked by default anywhere in Mandrake Linux.

Mandrake alert: kerberos update

A buffer overflow exists in the telnet portion of Kerberos that could provide root access to local users. MDKSA-2001:068 provided a similar fix to the normal telnet packages, but the Kerberized equivalent was not updated previously.

Debian alert: mailman cross-site scripting problem

  • Mailing list (Posted by dave on Dec 15, 2001 4:42 PM EDT)
  • Story Type: Security; Groups: Debian
Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables.

Red Hat alert: Updated glibc packages are available

  • Mailing list (Posted by dave on Dec 14, 2001 1:05 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated glibc packages are available to fix an overflowable buffer and for 7.x to fix a couple of non-security related bugs.

Mandrake alert: openssh update

The new OpenSSH 3.0.2 fixes a vulnerability in the UseLogin option. By default, Mandrake Linux does not enable UseLogin, but if the administrator enables it, local users are able to pass environment variables to the login process. This update also fixes a security hole in the KerberosV support that is present in versions 2.9.9 and 3.0.0.

Mandrake alert: passwd update

The default pam files for the passwd program did not include support for md5 passwords, thus any password changes or post-install added users would not have md5 passwords.

Debian alert: postfix memory exhaustion

  • Mailing list (Posted by dave on Dec 12, 2001 7:23 AM EDT)
  • Story Type: Security; Groups: Debian
Wietse Venema reported he found a denial of service vulnerability in postfix. The SMTP session log that postfix keeps for debugging purposes could grow to an unreasonable size.

Red Hat alert: Updated secureweb packages available

  • Mailing list (Posted by dave on Dec 7, 2001 12:36 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages are now available for Red Hat Secure Web Server 3.2 (U.S.). These updates close a potential security hole which would present clients with a listing of the contents of a directory instead of the contents of an index file or the proper error message. The previous revision of this errata advisory included incorrect URLs. This revision lists the correct location of the updated packages.

« Previous ( 1 ... 7389 7390 7391 7392 7393 7394 7395 7396 7397 7398 7399 ... 7418 ) Next »