Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7394 7395 7396 7397 7398 7399 7400 7401 7402 7403 7404 ... 7439 ) Next »

Red Hat alert: Updated Mozilla packages fix security vulnerabilities

  • Mailing list (Posted by dave on Oct 18, 2002 1:18 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Mozilla packages are now available for Red Hat Linux. These new packages fix vulnerabilities in previous versions of Mozilla.

Debian alert: New PAM packages fix serious security violation in Debian/unstable

  • Mailing list (Posted by dave on Oct 17, 2002 9:44 AM EDT)
  • Story Type: Security; Groups: Debian
Paul Aurich and Samuele Giovanni Tonon discovered a serious security violation in PAM. Disabled passwords (i.e. those with '*' in the password file) were classified as empty password and access to such accounts is granted through the regular login procedure (getty, telnet, ssh). This works for all such accounts whose shell field in the password file does not refer to /bin/false. Only version 0.76 of PAM seems to be affected by this problem.

Debian alert: New Heimdal packages fix remote command execution

  • Mailing list (Posted by dave on Oct 17, 2002 6:06 AM EDT)
  • Story Type: Security; Groups: Debian
The SuSE Security Team has reviewed critical parts of the Heimdal package such as the kadmind and kdc server. While doing so several potential buffer overflows and other bugs have been uncovered and fixed. Remote attackers can probably gain remote root access on systems without fixes. Since these services usually run on authentication servers these bugs are considered very serious.

Red Hat alert: New kernel 2.2 packages fix local vulnerabilities

  • Mailing list (Posted by dave on Oct 17, 2002 2:11 AM EDT)
  • Story Type: Security; Groups: Red Hat
Some potential local security vulnerabilities were found in the kernel during code audits; these have been fixed in the

Red Hat alert: New kernel fixes local security issues

  • Mailing list (Posted by dave on Oct 17, 2002 2:11 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated kernel fixes local security issues and provides several updated drivers to support newer hardware and fix bugs under Red Hat Linux 7.3.

Red Hat alert: New kernel fixes local security issues

  • Mailing list (Posted by dave on Oct 17, 2002 2:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
A new errata kernel based on the

Debian alert: New gv packages fix buffer overflow

  • Mailing list (Posted by dave on Oct 16, 2002 6:59 AM EDT)
  • Story Type: Security; Groups: Debian
Zen-parse discovered a buffer overflow in gv, a PostScript and PDF viewer for X11. This problem is triggered by scanning the PostScript file and can be exploited by an attacker sending a malformed PostScript or PDF file. The attacker is able to cause arbitrary code to be run with the privileges of the victim.

Mandrake alert: apache update

A number of vulnerabilities were discovered in Apache versions prior to 1.3.27.

Mandrake alert: Status of 7.1/Corporate Server 1.0.1 updates

With the release of Mandrake Linux 9.0, we will no longer be supporting some older distributions, particularly versions 7.1 and Corporate Server 1.0.1. If you are still using one of these distributions, we suggest you upgrade to a more recent version of Mandrake Linux.

Red Hat alert: Updated xinetd packages fix denial of service vulnerability

  • Mailing list (Posted by dave on Oct 15, 2002 9:09 AM EDT)
  • Story Type: Security; Groups: Red Hat
Xinetd contains a denial-of-service (DoS) vulnerability.

Debian alert: New syslog-ng packages fix buffer overflow

  • Mailing list (Posted by dave on Oct 15, 2002 5:36 AM EDT)
  • Story Type: Security; Groups: Debian
Péter Höltzl discovered a problem in the way syslog-ng handles macro expansion. When a macro is expanded a static length buffer is used accompanied by a counter. However, when constant chharacters are appended, the counter is not updated properly, leading to incorrect boundary checking. An attacker may be able to use specially crafted log messages inserted via UDP which overflows the buffer.

SuSE alert: Heartbeat

  • Mailing list (Posted by dave on Oct 14, 2002 8:15 AM EDT)
  • Story Type: Security; Groups: SUSE
Heartbeat is a monitoring service that is used to implement failover in high-availablity environments. It can be configured to monitor other systems via serial connections, or via UDP/IP.

Red Hat alert: Command execution vulnerability in dvips

  • Mailing list (Posted by dave on Oct 14, 2002 5:37 AM EDT)
  • Story Type: Security; Groups: Red Hat
dvips contains a vulnerability allowing print users to execute arbitrary commands

Debian alert: New heartbeat packages fix buffer overflows

  • Mailing list (Posted by dave on Oct 14, 2002 5:24 AM EDT)
  • Story Type: Security; Groups: Debian
Nathan Wallwork discovered a buffer overflow in heartbeat, a subsystem for High-Availability Linux. A remote attacker could send a specially crafted TCP packet that overflows a buffer, leaving heartbeat to execute arbitrary code as root.

Red Hat alert: Updated squirrelmail packages close cross-site scripting vulnerabilities

  • Mailing list (Posted by dave on Oct 11, 2002 12:35 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated squirrelmail packages are now available for Red Hat Linux.

Mandrake alert: tar update

A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename.

Mandrake alert: unzip update

A directory traversal vulnerability was discovered in unzip version 5.42 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename, as well as prefixing filenames in the archive with "/" (slash).

Red Hat alert: Updated packages fix PostScript and PDF security issue

  • Mailing list (Posted by dave on Oct 10, 2002 12:20 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages for gv and ggv fix a local buffer overflow when reading malformed PDF or PostScript(R) files.

Red Hat alert: Updated analog packages are available

  • Mailing list (Posted by dave on Oct 10, 2002 6:47 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages for analog are available which fix a cross-site scripting problem and a denial of service problem.

Mandrake alert: kdelibs update

A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, javascript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. This is fixed in KDE 3.0.3a, and the KDE team provided a patch for KDE 2.2.2. This patch has been applied to the following packages. After upgrading kdelibs, you must restart KDE in order for the fix to work.

« Previous ( 1 ... 7394 7395 7396 7397 7398 7399 7400 7401 7402 7403 7404 ... 7439 ) Next »