Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7401 7402 7403 7404 7405 7406 7407 7408 7409 7410 7411 ... 7439 ) Next »

SuSE alert: OpenSSH

  • Mailing list (Posted by dave on Jun 25, 2002 8:10 AM EDT)
  • Story Type: Security; Groups: SUSE
There's a new vulnerabilty in the OpenSSH daemon, of which we were notified yesterday.

Debian alert: Unknown OpenSSH remote vulnerability

  • Mailing list (Posted by dave on Jun 25, 2002 4:37 AM EDT)
  • Story Type: Security; Groups: Debian
This advisory is an update to DSA-134-1: some extra information is provided on broken or changed functionality in this new release and packages for Debian GNU/Linux 2.2/potato are now available.

SuSE alert: OpenSSH Vulnerability

  • Mailing list (Posted by dave on Jun 25, 2002 12:39 AM EDT)
  • Story Type: Security; Groups: SUSE
There's a new vulnerabiltiy in the OpenSSH daemon. The OpenSSH/OpenBSD team does not release any details concerning this issue, except:

Mandrake alert: openssh update

Details of an upcoming OpenSSH vulnerability will be published early next week. According to the OpenSSH team, this remote vulnerability cannot be exploited when sshd is running with privilege separation. The priv separation code is significantly improved in version 3.3 of OpenSSH which was released on June 21st. Unfortunately, there are some known problems with this release; compression does not work on all operating systems and the PAM support has not been completed. The OpenSSH team encourages everyone to upgrade to version 3.3 immediately and enable privilege separation.

Debian alert: OpenSSH remote vulnerability

  • Mailing list (Posted by dave on Jun 24, 2002 1:56 PM EDT)
  • Story Type: Security; Groups: Debian
Theo de Raadt announced that the OpenBSD team is working with ISS on a remote exploit for OpenSSH (a free implementation of the Secure SHell protocol). They are refusing to provide any details on the vulnerability but instead are advising everyone to upgrade to the latest release, version 3.3.

Mandrake alert: apache update (revised)

[ Please note that this advisory supersedes the previous MDKSA-2002:039 and MDKSA-2002:039-1 advisories. ] MandrakeSoft is urging all users of Mandrake Linux to update their Apache installations immediately. What was previously thought to have been a DoS-only condition has now been proven to be more than that; exploitable conditions have been discovered on both 32bit and 64bit platforms.

Mandrake alert: apache update

A Denial of Service attack was discovered by Mark Litchfield in the Apache webserver. As well, while investigating this problem, the Apache Software Foundation discovered that the code for handling invalid requests that use chunked encoding may also allow arbitrary code to be executed on 64bit architectures. All versions of Apache prior to 1.3.26 and 2.0.37 are vulnerable to this problem. This update provides patched versions of Apache for the remaining supported Mandrake Linux versions.

Debian alert: apache-perl chunk handling vulnerability

  • Mailing list (Posted by dave on Jun 20, 2002 6:21 PM EDT)
  • Story Type: Security; Groups: Debian
Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution.

Mandrake alert: apache update

A Denial of Service attack was discovered by Mark Litchfield in the Apache webserver. As well, while investigating this problem, the Apache Software Foundation discovered that the code for handling invalid requests that use chunked encoding may also allow arbitrary code to be executed on 64bit architectures. All versions of Apache prior to 1.3.26 and 2.0.37 are vulnerable to this problem. A patched version of Apache is currently available for Single Network Firewall 7.2, with patched versions of Apache soon to be available for the other supported Mandrake Linux versions.

Red Hat alert: Stronghold: Chunked encoding vulnerability in Apache

  • Mailing list (Posted by dave on Jun 20, 2002 5:26 AM EDT)
  • Story Type: Security; Groups: Red Hat
The Apache Web server contains a security vulnerability which can be used to launch a denial of service attack, or in some cases, allow remote code execution.

Red Hat alert: Updated Apache packages fix chunked encoding issue

  • Mailing list (Posted by dave on Jun 19, 2002 3:57 PM EDT)
  • Story Type: Security; Groups: Red Hat
The Apache Web server contains a security vulnerability which can be used to launch a denial of service attack, or in some cases, allow remote code execution.

SuSE alert: Apache

  • Mailing list (Posted by dave on Jun 19, 2002 8:26 AM EDT)
  • Story Type: Security; Groups: SUSE
There is a bug in the way the Apache web server handles HTTP requests that use "chunked mode". Chunked mode is a HTTP 1.1 feature that allows a client to send data as a sequence of chunks rather than en bloc. This is useful if it doesn't know the overall length of the content at the time it starts transmitting.

Debian alert: apache-ssl chunk handling vulnerability

  • Mailing list (Posted by dave on Jun 19, 2002 5:09 AM EDT)
  • Story Type: Security; Groups: Debian
Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures.

Debian alert: Apache chunk handling vulnerability, update

  • Mailing list (Posted by dave on Jun 19, 2002 4:22 AM EDT)
  • Story Type: Security; Groups: Debian
The DSA-131-1 advisory for the Apache chunk handling vulnerability contained an error and was missing some essential information:

Debian alert: Apache chunk handling vulnerability

  • Mailing list (Posted by dave on Jun 18, 2002 5:19 PM EDT)
  • Story Type: Security; Groups: Debian
Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures.

Red Hat alert: Relaxed LPRng job submission policy

  • Mailing list (Posted by dave on Jun 10, 2002 12:29 PM EDT)
  • Story Type: Security; Groups: Red Hat
The LPRng print spooler, as shipped in Red Hat Linux 7.x, accepts all remote print jobs by default.

Red Hat alert: Updated mailman packages available

  • Mailing list (Posted by dave on Jun 10, 2002 12:28 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated mailman packages are now available for Red Hat Linux 7.2 and 7.3. These updates resolve a cross-site scripting vulnerability present in versions of Mailman prior to

Red Hat alert: Updated mailman packages available

  • Mailing list (Posted by dave on Jun 10, 2002 12:27 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated mailman packages are now available for Red Hat Power Tools 7 and 7.1. These updates resolve a cross-site scripting vulnerability present in versions of Mailman prior to

Red Hat alert: Updated ethereal packages are available

  • Mailing list (Posted by dave on Jun 5, 2002 10:54 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated ethereal packages are available which fix several security problems.

SuSE alert: bind9/bind9-beta

  • Mailing list (Posted by dave on Jun 5, 2002 6:46 PM EDT)
  • Story Type: Security; Groups: SUSE
There is a bug in the BIND9 name server that is triggered when processing certain types of DNS replies. When this happens an assertion will fail, and named will log a message to the system log before exiting. This means a remote attacker can easily shut down the name server process.

« Previous ( 1 ... 7401 7402 7403 7404 7405 7406 7407 7408 7409 7410 7411 ... 7439 ) Next »