Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7391 7392 7393 7394 7395 7396 7397 7398 7399 7400 7401 ... 7418 ) Next »
Red Hat alert: Red Hat Linux 7.1 Korean installation program creates files with bad umask
Due to the kernel used in the Red Hat Linux 7.1 Korean installation
program, some files are written by the installation program with the wrong
permissions.
It is recommended that all users of the Red Hat Linux 7.1 Korean
installation program use the update disk image. If users have already
installed, they should check their systems and fix the permissions on the
affected files. They can do this by installing the updated redhat-release
package.
Red Hat alert: remote exploit possible in lpd
The lpd printing daemon provided by the lpr package posses a remotely
exploitable hole.
Red Hat alert: Updated iptables packages are available
A new version of iptables fixing various minor security problems and some
other bugs is available.
Red Hat alert: Updated htdig packages are available
Updated ht://dig packages fix a DOS attack and a potential (yet unlikely)
security problem.
Red Hat alert: New sendmail packages available which fix a local root exploit
An input validation error in the debugging functionality of all currently
released versions of sendmail can enable a local user to gain root
access. New packages that fix this problem are available for Red Hat Linux
5.2, 6.2, 7.0, and 7.1.
SuSE alert: webalizer
The webalizer is a widely used tool for analyzing web server logs and produce statistics in HTML format. An exploitable bug was found in webalizer which allows a remote attacker to execute commands on other client machines or revealing sensitive information by placing HTML tags in the right place. This is possible due to missing sanity checks on untrusted data - hostnames and search keywords in this case - that are received by webalizer. This kind of attack is also known as "Cross-Site Scripting Vulnerability". Additionally the untrusted data will be written to files on the server running webalizer; this may lead to further problems when using this data as input for third-party software/scripts.
Red Hat alert: kernel 2.2 and 2.4: syncookie vulnerability
Syncookies are used to protect a system against certain Denial Of Service
(DOS) attacks. A flaw in this mechanism has been found which can be used to
circumvent certain types of firewall configurations.
Note: syncookies are not enabled in the default installation of Red Hat
Linux but many server administrators do enable syncookies.
SuSE alert: kernel (update)
Information about the security problems fixed with the new kernel rpm packages from SuSE Security Announcement: kernel (SuSE-SA:2001:036) has been withheld in coordination with other Linux distributors/vendors. We hereby re-release SuSE-SA:2001:036 with the new announcement ID SuSE-SA:2001:039, now including additional information about the bugs fixed.
Red Hat alert: New ucd-snmp package to fix several security vulnerabilities
Updated ucd-snmp packages are now available for Red Hat Linux 6.2, 7 and
7.1. These packages include fixes for the following problems:
- /tmp race and setgroups() privilege problem
- Various buffer overflow and format string issues
- One signedness problem in ASN handling
It is recommended that all users update to the fixed packages.
Red Hat alert: Comprehensive Printing Update
A collection of security fixes, bug fixes, and functionality updates,
including the Omni print drivers from IBM.
SuSE alert: uucp
UUCP is a well known tool suite for copying data between unix-like systems. Zen-Parse reported that the higher privileges of uux (UID uucp) aren't dropped if long options instead of normal (short) options are used. An attacker could exploit this hole, by specifying a malicious configuration file to execute and/or access arbitrary data with the privilege of user uucp.
Red Hat alert: New teTeX packages available
Updated teTeX packages are available, fixing a temporary file handling
vulnerability and an insecure invocation of dvips in a print filter.
Red Hat alert: Updated webalizer package available
These updated webalizer package fixes a security problem and some minor bugs.
Red Hat alert: Updated webalizer packages available
Updated webalizer packages are available which fix a security problem and
some minor bugs.
Red Hat alert: Updated webalizer packages available
Updated webalizer packages are available which fix a security problem and
some minor bugs.
SuSE alert: squid
The squid proxy server can be crashed with a malformed request, resulting in a denial of service attack. After the crash, the squid proxy must be restarted. The weakness can only be triggered from an address that is allowed to send requests, as configured in the squid configuration file.
Red Hat alert: Printing exposes system files to reading.
When used in a spooling environment, it is inappropriate to allow programs
to read arbitrary files as a result of print requests. Ghostscript, a
postscript interpreter, can read arbitrary system files with the same
permissions as the print spooler, potentially exposing the system to an
information compromise.
SuSE alert: kernel
Two security related problems have been found in both the 2.2 and
2.4 series kernels:
Red Hat alert: Updated mod_auth_pgsql packages available
Updated mod_auth_pgsql packages are now available for Red Hat Linux 7.
Red Hat alert: Updated mod_auth_pgsql packages available
Updated mod_auth_pgsql packages are now available for Red Hat Linux 7.
« Previous ( 1 ... 7391 7392 7393 7394 7395 7396 7397 7398 7399 7400 7401 ... 7418 ) Next »