Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7399 7400 7401 7402 7403 7404 7405 7406 7407 7408 7409 ... 7439 ) Next »

Debian alert: New hylafax packages fix security related problems

  • Mailing list (Posted by dave on Aug 11, 2002 11:53 PM EDT)
  • Story Type: Security; Groups: Debian
A set of problems have been discovered in Hylafax, a flexible client/server fax software distributed with many GNU/Linux distributions. Quoting SecurityFocus the problems are in detail:

Red Hat alert: Updated bind packages fix buffer overflow in resolver library

  • Mailing list (Posted by dave on Aug 9, 2002 8:24 AM EDT)
  • Story Type: Security; Groups: Red Hat
Various versions of the ISC BIND resolver libraries are vulnerable to a buffer overflow attack. Updated BIND packages are now available to fix this issue.

Debian alert: New mailman packages fix cross-site scripting problem

  • Mailing list (Posted by dave on Aug 8, 2002 11:15 PM EDT)
  • Story Type: Security; Groups: Debian
A cross-site scripting vulnerability was discovered in mailman, a software to manage electronic mailing lists. When a properly crafted URL is accessed with Internet Explorer (other browsers don't seem to be affected), the resulting webpage is rendered similar to the real one, but the javascript component is executed as well, which could be used by an attacker to get access to sensitive information. The new version for Debian 2.2 also includes backports of security related patches from mailman 2.0.11.

Debian alert: New dietlibc packages fix integer overflows

  • Mailing list (Posted by dave on Aug 8, 2002 11:08 AM EDT)
  • Story Type: Security; Groups: Debian
The upstream author of dietlibc, Felix von Leitner, discovered a potential division by zero chance in the fwrite and calloc integer overflow checks, which are fixed in the version below.

Debian alert: New dietlibc packages fix integer overflows

  • Mailing list (Posted by dave on Aug 8, 2002 1:46 AM EDT)
  • Story Type: Security; Groups: Debian
An integer overflow bug has been discovered in the RPC library used by dietlibc, a libc optimized for small size, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to software linking to this code. The packages below also fix integer overflows in the calloc, fread and fwrite code. They are also more strict regarding hostile DNS packets that could lead to a vulnerability otherwise.

Debian alert: New tinyproxy packages fix security vulnerability

  • Mailing list (Posted by dave on Aug 7, 2002 9:54 AM EDT)
  • Story Type: Security; Groups: Debian
The authors of tinyproxy, a lightweight HTTP proxy, discovered a bug in the handling of some invalid proxy requests. Under some circumstances, an invalid request may result in a allocated memory being freed twice. This can potentially result in the execution of arbitrary code.

Red Hat alert: Updated secureweb packages fix temporary file handling

  • Mailing list (Posted by dave on Aug 6, 2002 9:51 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated secureweb packages are now available for Red Hat Secure Web Server 3.

Debian alert: New wwwoffle packages fix security related problems

  • Mailing list (Posted by dave on Aug 6, 2002 1:07 AM EDT)
  • Story Type: Security; Groups: Debian
A problem with wwwoffle has been discovered. The web proxy didn't handle input data with negative Content-Length settings properly which causes the processing child to crash. It is at this time not obvious how this can lead to an exploitable vulnerability; however, it's better to be safe than sorry, so here's an update.

Red Hat alert: Updated openssl packages fix protocol parsing bugs

  • Mailing list (Posted by dave on Aug 5, 2002 11:35 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated OpenSSL packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3. These updates fix multiple protocol parsing bugs which may be used in a denial of service (DoS) attack or cause SSL-enabled applications to crash.

Red Hat alert: Updated gaim client fixes Jabber plug-in vulnerability

  • Mailing list (Posted by dave on Aug 5, 2002 11:19 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated gaim packages are now available for Red Hat Linux 7.1, 7.2, and 7.3. These updates fix a buffer overflow in the Jabber plug-in module.

Red Hat alert: Updated gaim client fixes Jabber plug-in vulnerability (Powertools)

  • Mailing list (Posted by dave on Aug 5, 2002 11:12 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated gaim packages are now available for Red Hat Powertools 7. These updates fix a buffer overflow in the Jabber plug-in module.

Debian alert: New krb5 packages fix integer overflow bug

  • Mailing list (Posted by dave on Aug 5, 2002 1:37 PM EDT)
  • Story Type: Security; Groups: Debian
An integer overflow bug has been discovered in the RPC library used by the Kerberos 5 administration system, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to a KDC host. It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful. No exploits are known to exist yet.

Debian alert: New OpenAFS packages fix integer overflow bug

  • Mailing list (Posted by dave on Aug 5, 2002 2:16 AM EDT)
  • Story Type: Security; Groups: Debian
An integer overflow bug has been discovered in the RPC library used by the OpenAFS database server, which is derived from the SunRPC library. This bug could be exploited to crash certain OpenAFS servers (volserver, vlserver, ptserver, buserver) or to obtain unauthorized root access to a host running one of these processes. No exploits are known to exist yet.

Debian alert: New libpng packages fix potential buffer overflow

  • Mailing list (Posted by dave on Aug 5, 2002 1:26 AM EDT)
  • Story Type: Security; Groups: Debian
In addition to the advisory DSA 140-1 the packages below fix another potential buffer overflow. The PNG libraries implement a safety margin which is also included in a newer upstream release. Thanks to Glenn Randers-Pehrson for informing us.

Debian alert: New mpack packages fix buffer overflow

  • Mailing list (Posted by dave on Aug 2, 2002 1:57 AM EDT)
  • Story Type: Security; Groups: Debian
Eckehard Berns discovered a buffer overflow in the munpack program which is used for decoding (respectively) binary files in MIME (Multipurpose Internet Mail Extensions) format mail messages. If munpack is run on an appropriately malformed email (or news article) then it will crash, and perhaps can be made to run arbitrary code.

Debian alert: New libpng packages fix buffer overflow

  • Mailing list (Posted by dave on Aug 1, 2002 5:31 AM EDT)
  • Story Type: Security; Groups: Debian
Developers of the PNG library have fixed a buffer overflow in the progressive reader when the PNG datastream contains more IDAT data than indicated by the IHDR chunk. Such deliberately malformed datastreams would crash applications which could potentially allow an attacker to execute malicious code. Programs such as Galeon, Konquerer and various others make use of these libraries.

Debian alert: New super packages fix local root exploit

  • Mailing list (Posted by dave on Aug 1, 2002 5:23 AM EDT)
  • Story Type: Security; Groups: Debian
GOBBLES found an insecure use of format strings in the super package. The included program super is intended to provide access to certain system users for particular users and programs, similar to the program super. Exploiting this format string vulnerability a local user can gain unauthorized root accesss.

SuSE alert: Not affected: openssh trojan from ftp.openbsd.org

  • Mailing list (Posted by dave on Aug 1, 2002 4:51 AM EDT)
  • Story Type: Security; Groups: SUSE
The openssh source tarball openssh-3.4p1.tar.gz from the openbsd ftp server http://ftp.openbsd.org has been trojaned with code that opens network connections to a server in the internet (203.62.158.32:6667) at compile time. The backdoor does not have any influence on the runtime behaviour of the package to our current knowlege. As of now, the package on the openbsd ftp server has not been removed/cleaned.

SuSE alert: wwwoffle

  • Mailing list (Posted by dave on Aug 1, 2002 3:42 AM EDT)
  • Story Type: Security; Groups: SUSE
The WWWOFFLE, World Wide Web Offline Explorer, program suite acts as a HTTP, FTP and Finger proxy to allow users with dial-up access to the internet to do offline WWW browsing.

Debian alert: Remote execution exploit in gallery

  • Mailing list (Posted by dave on Jul 31, 2002 3:47 PM EDT)
  • Story Type: Security; Groups: Debian
A problem was found in gallery (a web-based photo album toolkit): it was possible to pass in the GALLERY_BASEDIR variable remotely. This made it possible to execute commands under the uid of web-server.

« Previous ( 1 ... 7399 7400 7401 7402 7403 7404 7405 7406 7407 7408 7409 ... 7439 ) Next »