Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 7414 ... 7417 ) Next »
Red Hat alert: New slocate packages available to fix local group slocate compromise
New slocate packages are availble for Red Hat Linux 6.x and Red Hat
Linux 7. These fix a problem with the database parsing code in slocate.
(slocate was not shipped with Red Hat Linux prior to version 6.0, so
earlier versions are not affected.)
Debian alert: zope privilege escalation
Last week a Zope (security advisory was released which indicated
Erik Enge found a problem in the way Zope calculates roles. In some
situations Zope checked the wrong folder hierarchy which could
cause it to grant local roles when it should not. In other words:
users with privileges in one folder could gain privileges in
another folder.
Red Hat alert: new Zope-Hotfix package available
A new Zope-Hotfix package is availble which fixes issues with computation
of local roles.
Debian alert: slocate local exploit
Michel Kaempf reported a security problem in slocate (a secure version
of locate, a tool to quickly locate files on a filesystem) on bugtraq
which was originally discovered by zorgon. He discovered there was
a bug in the database reading code which made it overwrite a internal
structure with some input. He then showed this could be exploited
to trick slocate into executing arbitrary code by pointing it to a
carefully crafted database.
Debian alert: nano symlink attack
The problem that was previously reported for joe also occurs with
other editors. When nano (a free pico clone) unexpectedly dies
it tries a warning message to a new file with a predictable name
(the name of the file being edited with ".save" appended). Unfortunately
that file was not created safely which made nano vulnerable to a
symlink attack.
Red Hat alert: New BitchX packages are available
New BitchX packages are available which fix the problem with processing
malformed DNS answers.
Red Hat alert: New Zope packages are available.
Vulnerability in legacy names allows calling those contructors without the
correct permissions.
Red Hat alert: New ed packages available
The ed editor used files in /tmp in an insecure fashion.
It was possible for local users to exploit this vulnerability
to modify files that they normally could not and gain elevated privilege.
Red Hat alert: race condition exists in diskcheck
A race vulnerability exists in the diskcheck package.
Red Hat alert: race condition exists in diskcheck
A race vulnerability exists in the diskcheck package.
Debian alert: Revised security fix for joe
The security fix for joe released on November 22, 2000 had a problem:
it created the DEADJOE file securily but didn't write anything to it.
This has been fixed in version 2.8.15.2 .
SuSE alert: netscape
Michal Zalewski <lcamtuf@DIONE.IDS.PL> has found a buffer overflow in the html parser code of the Netscape Navigator in all versions before and including 4.75. html code of the form
Debian alert: fsh symlink attack
Colin Phipps found an interesting symlink attack problem in fsh (a
tool to quickly run remote commands over rsh/ssh/lsh). When fshd
starts it creates a directory in /tmp to hold its sockets. It tries
to do that securely by checking of it can chown that directory if
it already exists to check if it is owner by the user invoking it.
However an attacker can circumvent this check by inserting a
symlink to a file that is owner by the user who runs fhsd and
replacing that with a directory just before fshd creates the
socket.
Red Hat alert: Ethereal vulnerable to buffer overflows
Updated Ethereal packages are available.
Debian alert: ed symlink attack
Alan Cox discovered that GNU ed (a classed line editor tool)
created temporary files unsafely. This has been fixed in version
0.2-18.1.
Red Hat alert: Updated bind packages fixing DoS attack available
A remote DoS (denial of service) attack is possible with bind versions
prior to 8.
Red Hat alert: Updated nss_ldap packages are now available.
Updated nss_ldap packages are now available for Red Hat Linux 6.1, 6.2, and
7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha.
Red Hat alert: Updated cyrus-sasl packages available for Red Hat Linux 7
Updated cyrus-sasl packages are now available for Red Hat Linux 7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Red Hat alert: Updated usermode packages available
Updated usermode packages are now available for Red Hat Linux 6.x and 7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Red Hat alert: Updated apache, php, mod_perl, and auth_ldap packages available.
Updated apache, php, mod_perl, and auth_ldap packages are now available for
Red Hat Linux 5.2, 6.0, 6.1, 6.2, and 7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
« Previous ( 1 ... 7404 7405 7406 7407 7408 7409 7410 7411 7412 7413 7414 ... 7417 ) Next »