Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7390 7391 7392 7393 7394 7395 7396 7397 7398 7399 7400 ... 7418 ) Next »
Red Hat alert: Updated secureweb packages available
Updated packages are now available for Red Hat Secure Web Server 3.2 (U.S.).
These updates close a potential security hole which would present clients
with a listing of the contents of a directory instead of the contents of an
index file or the proper error message.
SuSE alert: openssh
This is a re-release of the SuSE Security Announcement SuSE-SA:2001:044,
adding another bugfix for the openssh package as well as more detailed
information about the vulnerabilities to prevent misunderstandings.
Debian alert: local root in wmtv
Nicolas Boullis found a nasty security problem in the wmtv (a
dockable video4linux tv player for windowmaker) package as
distributed in Debian GNU/Linux 2.2.
Debian alert: OpenSSH UseLogin vulnerability
If the UseLogin feature is enabled in for ssh local users could
pass environment variables (including variables like LD_PRELOAD)
to the login process. This has been fixed by not copying the
environment of UseLogin is enabled.
Debian alert: xtel symlink vulnerabilities
The xtel (a X emulator for minitel) package as distributed with Debian
GNU/Linux 2.2 has two possible symlink attacks:
Debian alert: several problems in icecast-server
The icecast-server (a streaming music server) package as distributed
in Debian GNU/Linux 2.2 has several security problems:
Debian alert: improper character escaping in fml
The fml (a mailing list package) as distributed in Debian GNU/Linux 2.2
suffers from a cross-site scripting problem. When generating index
pages for list archives the `<' and `>' characters were not properly
escaped for subjects.
Red Hat alert: Updated OpenSSH packages available
Updated OpenSSH packages are now available for Red Hat Linux 7, 7.1, and
7.
Red Hat alert: Updated apache packages available
Updated Apache packages are now available for Red Hat Linux 6.2, 7, 7.1,
and 7.
SuSE alert: OpenSSH
The OpenSSH daemon shipped with SuSE distributions contains various minor bugs which allows bypassing of IP-access control in some circumstances or the deletion of files named "cookies" if X11 forwarding is enabled. It has also been verified that the recent remotely exploitable crc32 bug as well as the logging-bug has been fixed in our latest ssh packages. We strongly recommend to update to OpenSSH version 2.9.9p2. Please download and update the packages as described in section 3. Then invoke
Debian alert: wu-ftpd buffer overflow in glob code
CORE ST reports that an exploit has been found for a bug in the wu-ftpd
glob code (this is the code that handles filename wildcard expansion).
Any logged in user (including anonymous ftp users) can exploit the bug
to gain root privilege on the server.
Red Hat alert: Updated OpenSSH packages available
Updated OpenSSH packages are now available for Red Hat Linux 7, 7.1, and
7.
Red Hat alert: Updated Cyrus SASL packages available
Updated Cyrus-SASL packages are now available for Red Hat Linux 7, 7.1, and
7.
Red Hat alert: Updated Cyrus SASL packages available
Updated Cyrus-SASL packages are now available for Red Hat Power Tools 6.
SuSE alert: wuftpd
The wuftpd package as shipped with SuSE Linux distributions comes with two versions of wuftpd: wuftpd-2.4.2, installed as /usr/sbin/wuftpd, and wuftpd-2.6.0, installed as /usr/sbin/wuftpd-2.6. The admin decides which version to use by the inetd/xinetd configuration.
Red Hat alert: Updated postfix packages are available
Updated postfix packages are now availble that will fix a possible denial
of service attack.
Red Hat alert: Updated wu-ftpd packages are available
Updated wu-ftpd packages are available to fix an overflowable buffer.
SuSE alert: cyrus-sasl
The Cyrus SASL library provides an authentication API for mail clients and servers. A format bug was found in one of the logging functions, that could be used by an attacker to gain access to a machine or to acquire higher privileges.
SuSE alert: susehelp
The susehelp package contains several CGI-scripts to provide a flexible help-system to the user. Some of these scripts open files in an insecure manner, thus allowing remote attackers to execute arbitrary commands as wwwrun-user on the server running susehelp package. These bugs have been fixed in the newly available packages. Please update your susehelp package immediately if present on your system.
Debian alert: New versions of ssh-nonfree & ssh-socks fix buffer overflow
We have received reports that the "SSH CRC-32 compensation attack
detector vulnerability" is being actively exploited. This is the same
integer type error previously corrected for OpenSSH in DSA-027-1.
OpenSSH (the Debian ssh package) was fixed at that time, but
ssh-nonfree and ssh-socks were not.
« Previous ( 1 ... 7390 7391 7392 7393 7394 7395 7396 7397 7398 7399 7400 ... 7418 ) Next »