Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7403 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 ... 7439 ) Next »
Red Hat alert: New imlib packages available
Updated imlib packages are now available for Red Hat Linux 6.2, 7,
7.1 and 7.2 which fix potential problems loading untrusted images.
Mandrake alert: tcpdump update
Several buffer overflows were found in the tcpdump package by FreeBSD developers during a code audit, in versions prior to 3.5. However, newer versions of tcpdump, including 3.6.2, are also vulnerable to another buffer overflow in the AFS RPC decoding functions, which was discovered by Nick Cleaton. These vulnerabilities could be used by a remote attacker to crash the the tcpdump process or possibly even be exploited to execute arbitrary code as the user running tcpdump, which is usually root. The newer libpcap 0.6 has also been audited to make it more safe by implementing better buffer boundary checks in several functions.
Mandrake alert: fileutils update
Wojciech Purczynski reported a race condition in some utilities in the GNU fileutils package that may cause root to delete the entire filesystem. This only affects version 4.1 stable and 4.1.6 development versions, and the authors have fixed this in the latest development version.
Red Hat alert: Updated mpg321 packages available
Updated mpg321 packages are available for Red Hat Linux 7.2, which fix
a buffer overflow in the network streaming code as well as other bugs.
SuSE alert: lukemftp, nkitb, nkitserv
Lukemftp (ftp(1), /usr/bin/ftp, /usr/bin/pftp) is a compfortable ftp client from NetBSD. A buffer overflow could be triggered by an malicious ftp server while the client parses the PASV ftp command. An attacker who control an ftp server to which a client using lukemftp is connected can gain remote access to the clients machine with the privileges of the user running lukeftp.
SuSE alert: shadow
The shadow package contains several useful programs to maintain the entries in the /etc/passwd and /etc/shadow files. The SuSE Security Team discovered a vulnerability that allows local attackers to destroy the contents of these files or to extend the group privileges of certain users. This is possible by setting evil filesize limits before invoking one of the programs modifying the system files. Depening on the permissions of the system binaries this allows a local attacker to gain root privileges in the worst case. This however is not possible in a default installation. The bug has been fixed by ensuring the integrity of the data written to temporary files before moving them to the appropriate location of the system. There is no workaround so we recommend an update in any case. It is necessary to update the shadow package as well as the pam-modules package in order to prevent the truncation attacks.
Red Hat alert: Updated Mozilla packages fix a security issue
Updated packages are available which fix a security issue in Mozilla.
Red Hat alert: Updated sharutils package fixes uudecode issue
Updated packages for sharutils are available which fix potential privilege
escalation using the uudecode utility.
Red Hat alert: perl-Digest-MD5 UTF8 bug results in incorrect MD5 sums
Updated perl-Digest-MD5 packages are available which work around a bug in
the utf8 interaction between perl-Digest-MD5 and Perl.
Mandrake alert: temporary fix for netfilter information leak
A problem was discovered with Netfilter Network Address Translation (NAT) capabilities. It was found that iptables can leak information about how port forwarding is accomplished in unfiltered ICMP packets.
Red Hat alert: Netfilter information leak
Netfilter ("iptables") can leak information about how port forwarding
is done in unfiltered ICMP packets. The older "ipchains" code is not
affected.
This bug only affects users using the Network Address Translation
features of firewalls built with netfilter ("iptables"). Red Hat
Linux's firewall configuration tools use "ipchains," and those
configurations are not vulnerable to this bug.
Red Hat alert: Updated mod_python packages available
Updated mod_python packages have been made available for Red Hat Linux 7.2
and 7.3. These updates close a security issue in mod_python which allows
the publisher handler to use modules which have only been indirectly imported.
This re-issue adds packages for Red Hat Linux 7.3.
SuSE alert: sysconfig
The ifup-dhcp script which is part of the sysconfig package is responsible for setting up network-devices using configuration data obtained from a DHCP server by the dhcpcd DHCP client. It is possible for remote attackers to feed this script with evil data via spoofed DHCP replies for example. This way ifup-dhcp could be tricked into executing arbitrary commands as root. The ifup-dhcp shellscript has been fixed to not source the file containing the possible evil data anymore. Even though the sysconfig package is installed by default, this problem only affects systems with certain dhcp network-setups so only users using DHCP should update their sysconfig package.
SuSE alert: imlib
The imlib library can be used by X11 applications to handle various kinds of image data.
Red Hat Unveils Red Hat Linux 7.3
RALEIGH, NC--May 6, 2002--Red Hat, Inc. (Nasdaq:RHAT) today released
Red Hat Linux version 7.3, a highly configurable operating system (OS)
designed for deployments ranging from games and personal productivity
to file, print and web serving. Red Hat Linux 7.3 adds new
productivity tools, personal firewall configuration at installation,
and video conferencing software to deliver everything individual
users, educational institutions and small businesses need for flexible
Internet-based computing.
Red Hat alert: Updated Nautilus for symlink vulnerability writing metadata files
The Nautilus file manager in Red Hat Linux 7.2 has a symlink vulnerability.
Red Hat alert: Updated mod_python packages available
Updated mod_python packages have been made available for Red Hat Linux 7.
Red Hat alert: Insecure DocBook stylesheet option
DocBook is a document markup language that can be transformed into
other formats using a stylesheet. The default stylesheet provided
with Red Hat Linux has an insecure option enabled.
SuSE alert: sudo
The sudo program allows local users to execute certain configured commands with root priviledges. Sudo contains a heap overflow in its prompt assembling function. The input used to create the password prompt is user controlled and not properly length-checked before copied to certain heap locations. This allows local attackers to overflow the heap of sudo, thus executing arbitrary commands as root. We would like to thank GlobalInterSec for finding and researching this vulnerability. As a temporary workaround you may remove the setuid bit from sudo by issuing the following command as root: "chmod -s /usr/bin/sudo".
SuSE alert: radiusd-cistron
The radius daemon as shipped with the radiusd-cistron package is responsible for the RADIUS authentication service in networks and therefore considered a security critical application. ZARAZA reported security releated bugs in various radius server and client software. The list of vulnerable servers includes the cistron radius package. Within the cistron package, a buffer overflow in the digest calculation function and miscalculations of attribute lengths have been fixed which could allow remote attackers to execute arbitrary commands on the system running the radius server. Beside the cistron radius package the following radius packages have been vulnerable to the same attacks and have been fixed: freeradius, radiusclient and livingston-radius. The only workaround for this bug is to disable the radius-server until the new packages have been installed.
« Previous ( 1 ... 7403 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 ... 7439 ) Next »