Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7397 7398 7399 7400 7401 7402 7403 7404 7405 7406 7407 ... 7439 ) Next »
Mandrake alert: linuxconf notice
A vulnerability was discovered in linuxconf by Dave Aitel and later by iDEFENSE that is locally exploitable to obtain elevated privilege.
Debian alert: New Mantis package fixes privilege escalation
A problem with user privileges has been discovered in the Mantis
package, a PHP based bug tracking system. The Mantis system didn't
check whether a user is permitted to view a bug, but displays it right
away if the user entered a valid bug id.
Debian alert: New scrollkeeper packages fix insecure temporary file creation
Spybreak discovered a problem in scrollkeeper, a free electronic
cataloging system for documentation. The scrollkeeper-get-cl program
creates temporary files in an insecure manner in /tmp using guessable
filenames. Since scrollkeeper is called automatically when a user
logs into a Gnome session, an attacker with local access can easily
create and overwrite files as another user.
Red Hat alert: Updated scrollkeeper packages fix tempfile vulnerability
Updated scrollkeeper packages are now available for Red Hat Linux 7.3 which
fix a tempfile vulnerability.
SuSE alert: glibc
An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker.
Red Hat alert: PXE server crashes from certain DHCP packets
Updated PXE packages are now available for Red Hat Linux which fix a
vulnerability that can crash the PXE server using certain DHCP packets.
Mandrake alert: hylafax update
Numerous vulnerabilities in the HylaFAX product exist in versions prior to 4.1.3. It does not check the TSI string which is received from remote FAX systems before using it in logging and other places.
Mandrake alert: gaim update
Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the "manual" browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable.
Red Hat alert: Updated ethereal packages are available
Updated ethereal packages are available which fix various security issues.
Debian alert: New Python packages fix insecure temporary file use
Zack Weinberg discovered an insecure use of a temporary file in
os._execvpe from os.py. It uses a predictable name which could lead
execution of arbitrary code.
Red Hat alert: Updated mailman packages close cross-site scripting vulnerability
Updated mailman packages are now available for Red Hat Secure Web Server
3.2 (U.S.). These updates close a cross-site scripting vulnerability
present in mailman versions prior to version
Debian alert: New gaim packages fix arbitrary program execution
The developers of Gaim, an instant messenger client that combines
several different networks, found a vulnerability in the hyperlink
handling code. The 'Manual' browser command passes an untrusted
string to the shell without escaping or reliable quoting, permitting
an attacker to execute arbitrary commands on the users machine.
Unfortunately, Gaim doesn't display the hyperlink before the user
clicks on it. Users who use other inbuilt browser commands aren't
vulnerable.
Mandrake alert: xinetd update
A vulnerability was discovered by Solar Designer in xinetd. File descriptors for the signal pipe that were introduced in version 2.3.4 are leaked into services started by xinetd, which can then be used to talk to xinetd, resulting in a crash of xinetd.
Debian alert: New mailman packages fix cross-site scripting problem
Quoting DSA 147-1:
Red Hat alert: Updated mailman packages close cross-site scripting vulnerability
Updated mailman packages are now available for Red Hat Power Tools 7 and
7.1. These updates close a cross-site scripting vulnerability present in
mailman versions prior to version
Red Hat alert: Updated mailman packages close cross-site scripting vulnerability
Updated mailman packages are now available for Red Hat Linux 7.2 and 7.3.
These updates close a cross-site scripting vulnerability present in mailman
versions prior to version
Debian alert: New irssi-text packages fix denial of service
The IRC client irssi is vulnerable to a denial of service condition.
The problem occurs when a user attempts to join a channel that has an
overly long topic description. When a certain string is appended to
the topic, irssi will crash.
Debian alert: New Light package fixes arbitrary script execution
All versions of the EPIC script Light prior to 2.7.30p5 (on the 2.7
branch) and prior to 2.8pre10 (on the 2.8 branch) running on any
platform are vulnerable to a remotely-exploitable bug, which can lead
to nearly arbitrary code execution.
Red Hat alert: New kernel update available, fixes i810 video oops, several security issues
Updated kernel packages are now available which fix an oops in the i810 3D
kernel code. This kernel update also fixes a difficult to trigger race in
the dcache (filesystem cache) code, as well as some potential security
holes, although we are not currently aware of any exploits.
Debian alert: New kdelibs packages fix several vulnerabilities
Due to a security engineering oversight, the SSL library from KDE,
which Konqueror uses, doesn't check whether an intermediate
certificate for a connection is signed by the certificate authority as
safe for the purpose, but accepts it when it is signed. This makes it
possible for anyone with a valid VeriSign SSL site certificate to
forge any other VeriSign SSL site certificate, and abuse Konqueror
users.
« Previous ( 1 ... 7397 7398 7399 7400 7401 7402 7403 7404 7405 7406 7407 ... 7439 ) Next »