Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7399 7400 7401 7402 7403 7404 7405 7406 7407 7408 7409 ... 7439 ) Next »
Debian alert: New hylafax packages fix security related problems
A set of problems have been discovered in Hylafax, a flexible
client/server fax software distributed with many GNU/Linux
distributions. Quoting SecurityFocus the problems are in detail:
Red Hat alert: Updated bind packages fix buffer overflow in resolver library
Various versions of the ISC BIND resolver libraries are vulnerable to a
buffer overflow attack. Updated BIND packages are now available to fix
this issue.
Debian alert: New mailman packages fix cross-site scripting problem
A cross-site scripting vulnerability was discovered in mailman, a
software to manage electronic mailing lists. When a properly crafted
URL is accessed with Internet Explorer (other browsers don't seem to
be affected), the resulting webpage is rendered similar to the real
one, but the javascript component is executed as well, which could be
used by an attacker to get access to sensitive information. The new
version for Debian 2.2 also includes backports of security related
patches from mailman 2.0.11.
Debian alert: New dietlibc packages fix integer overflows
The upstream author of dietlibc, Felix von Leitner, discovered a
potential division by zero chance in the fwrite and calloc integer
overflow checks, which are fixed in the version below.
Debian alert: New dietlibc packages fix integer overflows
An integer overflow bug has been discovered in the RPC library used by
dietlibc, a libc optimized for small size, which is derived from the
SunRPC library. This bug could be exploited to gain unauthorized root
access to software linking to this code. The packages below also fix
integer overflows in the calloc, fread and fwrite code. They are also
more strict regarding hostile DNS packets that could lead to a
vulnerability otherwise.
Debian alert: New tinyproxy packages fix security vulnerability
The authors of tinyproxy, a lightweight HTTP proxy, discovered a bug
in the handling of some invalid proxy requests. Under some
circumstances, an invalid request may result in a allocated memory
being freed twice. This can potentially result in the execution of
arbitrary code.
Red Hat alert: Updated secureweb packages fix temporary file handling
Updated secureweb packages are now available for Red Hat Secure Web Server
3.
Debian alert: New wwwoffle packages fix security related problems
A problem with wwwoffle has been discovered. The web proxy didn't
handle input data with negative Content-Length settings properly which
causes the processing child to crash. It is at this time not obvious
how this can lead to an exploitable vulnerability; however, it's better
to be safe than sorry, so here's an update.
Red Hat alert: Updated openssl packages fix protocol parsing bugs
Updated OpenSSL packages are available for Red Hat Linux 6.2, 7, 7.1, 7.2,
and 7.3. These updates fix multiple protocol parsing bugs which may be used
in a denial of service (DoS) attack or cause SSL-enabled applications to crash.
Red Hat alert: Updated gaim client fixes Jabber plug-in vulnerability
Updated gaim packages are now available for Red Hat Linux 7.1, 7.2, and
7.3. These updates fix a buffer overflow in the Jabber plug-in module.
Red Hat alert: Updated gaim client fixes Jabber plug-in vulnerability (Powertools)
Updated gaim packages are now available for Red Hat Powertools 7.
These updates fix a buffer overflow in the Jabber plug-in module.
Debian alert: New krb5 packages fix integer overflow bug
An integer overflow bug has been discovered in the RPC library used by
the Kerberos 5 administration system, which is derived from the SunRPC
library. This bug could be exploited to gain unauthorized root access
to a KDC host. It is believed that the attacker needs to be able to
authenticate to the kadmin daemon for this attack to be successful.
No exploits are known to exist yet.
Debian alert: New OpenAFS packages fix integer overflow bug
An integer overflow bug has been discovered in the RPC library used by
the OpenAFS database server, which is derived from the SunRPC library.
This bug could be exploited to crash certain OpenAFS servers
(volserver, vlserver, ptserver, buserver) or to obtain unauthorized
root access to a host running one of these processes. No exploits are
known to exist yet.
Debian alert: New libpng packages fix potential buffer overflow
In addition to the advisory DSA 140-1 the packages below fix another
potential buffer overflow. The PNG libraries implement a safety
margin which is also included in a newer upstream release. Thanks to
Glenn Randers-Pehrson for informing us.
Debian alert: New mpack packages fix buffer overflow
Eckehard Berns discovered a buffer overflow in the munpack program
which is used for decoding (respectively) binary files in MIME
(Multipurpose Internet Mail Extensions) format mail messages. If
munpack is run on an appropriately malformed email (or news article)
then it will crash, and perhaps can be made to run arbitrary code.
Debian alert: New libpng packages fix buffer overflow
Developers of the PNG library have fixed a buffer overflow in the
progressive reader when the PNG datastream contains more IDAT data
than indicated by the IHDR chunk. Such deliberately malformed
datastreams would crash applications which could potentially allow an
attacker to execute malicious code. Programs such as Galeon,
Konquerer and various others make use of these libraries.
Debian alert: New super packages fix local root exploit
GOBBLES found an insecure use of format strings in the super package.
The included program super is intended to provide access to certain
system users for particular users and programs, similar to the program
super. Exploiting this format string vulnerability a local user can
gain unauthorized root accesss.
SuSE alert: Not affected: openssh trojan from ftp.openbsd.org
The openssh source tarball openssh-3.4p1.tar.gz from the openbsd ftp
server http://ftp.openbsd.org has been trojaned with code that opens network
connections to a server in the internet (203.62.158.32:6667) at compile
time. The backdoor does not have any influence on the runtime behaviour of
the package to our current knowlege. As of now, the package on the openbsd
ftp server has not been removed/cleaned.
SuSE alert: wwwoffle
The WWWOFFLE, World Wide Web Offline Explorer, program suite acts as a HTTP, FTP and Finger proxy to allow users with dial-up access to the internet to do offline WWW browsing.
Debian alert: Remote execution exploit in gallery
A problem was found in gallery (a web-based photo album toolkit): it
was possible to pass in the GALLERY_BASEDIR variable remotely. This
made it possible to execute commands under the uid of web-server.
« Previous ( 1 ... 7399 7400 7401 7402 7403 7404 7405 7406 7407 7408 7409 ... 7439 ) Next »