Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7403 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 ... 7417 ) Next »
Debian alert: New version of wu-ftpd released
Security people at WireX have noticed a temp file creation bug and the
WU-FTPD development team has found a possible format string bug in
wu-ftpd. Both could be remotely exploited, though no such exploit
exists currently.
Debian alert: New version of sash released
Versions of sash prior to 3.4-4 did not clone /etc/shadow properly
which lead into readable files for anybody. This was fixed by the
Debian maintainer.
Debian alert: New version of splitvt released
It was reported recently that splitvt is vulnerable to numerous buffer
overflow attack and a format string attack. An attacker was able to
gain access to the tty group.
Debian alert: New version of MySQL released
Nicolas Gregoire has reported a buffer overflow in the mysql server
that leads to a remote exploit. An attacker could gain mysqld
privileges (and thus gaining access to all the databases).
Debian alert: New version of micq released
PkC has reported that there is a buffer overflow in sprintf() in micq
versions 0.4.6, that allows to a remote attacker able to sniff packets
to the ICQ server to execute arbitrary code on the victim system.
Red Hat alert: glibc local write access vulnerability
A bug in GNU C Library allows unprivileged user to preload libraries
located in /lib or /usr/lib directories into SUID programs even if those
libraries have not been marked as such by system administrator.
Red Hat alert: glibc file read or write access local vulnerability
A couple of bugs in GNU C library
Red Hat alert: glibc file read or write access local vulnerability
A couple of bugs in GNU C library
Slackware alert: glibc 2.2 local vulnerability on setuid binaries
glibc-2.2 contains a local vulnerability that affects all setuid root
binaries. Any user on affected systems will be able to read any file on
the system through a simple process: The user sets the RESOLV_HOST_CONF
environment variable to the name of the file that they wish to read, then
runs any setuid root program that makes use of that variable. The file is
then written to stderr.
Debian alert: New version of mgetty released
Immunix reports that mgetty does not create temporary files in a secure
manner, which could lead to a symlink attack. This has been corrected
in mgetty 1.1.21-3potato1
Debian alert: two gpg problems
Two bugs in GnuPG have recently been found:
Debian alert: multiple stunnel vulnerabilities
Lez discovered a format string problem in stunnel (a tool to create
Universal SSL tunnel for other network daemons). Brian Hatch
responded by stating he was already preparing a new release with
multiple security fixes:
Debian alert: dialog symlink attack
Matt Kraai reported that he found a problem in the way dialog
creates lock-files: it did not create them safely which made it
susceptible to a symlink attack.
Red Hat alert: Updated stunnel packages available for Red Hat Linux 7
Updated stunnel packages are available for Red Hat Linux 7.
Red Hat alert: Zope Hotfix package available
A new Zope Hotfix package is available.
Red Hat alert: Updated rp-pppoe packages fixing denial of service attack are available.
Updated rp-pppoe packages fixing a denial of service attack are
available.(Patch from the rp-pppoe author, David F. Skoll
)
Debian alert: insufficient protection for zope Image and File objects
A busy week for the Zope team: on Monday another security alert was
released revealing a potential problem found by Peter Kelly. This
problem involved incorrect protection of data updating for Image and
File objects: any user with DTML editing privileges could update the
File or Image object data directly.
Red Hat alert: Updated gnupg packages now available
Updated gnupg packages are now available for Red Hat Linux 6.x and 7.
Red Hat alert: Updated stunnel packages available.
Updated stunnel packages are now available for Red Hat Linux 7.
Red Hat alert: New slocate packages available to fix local group slocate compromise
New slocate packages are availble for Red Hat Linux 6.x and Red Hat
Linux 7. These fix a problem with the database parsing code in slocate.
(slocate was not shipped with Red Hat Linux prior to version 6.0, so
earlier versions are not affected.)
« Previous ( 1 ... 7403 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 ... 7417 ) Next »