Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7407 7408 7409 7410 7411 7412 7413 7414 7415 7416 7417 ... 7439 ) Next »
Debian alert: Update for SNMP security fix
Some of the changes made in the DSA-111-1 security fix for SNMP
changed the API and ABI for the SNMP library which broke some
other applications.
SuSE alert: Resend: cups
We re-release SuSE Security Announcement SuSE-SA:2002:005 with the new announcement ID SuSE-SA:2002:006 due to minor packaging errors that can result in a malfunction of the printing subsystem. The erroneous packages have been removed from the ftp server. The new packages are in place as announced in the URL list below.
Red Hat alert: Updated 2.4 kernel available
The Linux Netfilter team has found a problem in the "IRC connection
tracking" component of the firewall within the linux kernel. This problem
affects Red Hat Linux versions 7.1 and 7.
Mandrake alert: squid update
Three security issues were found in the 2.x versions of the Squid proxy server up to and including 2.4.STABLE3.
Red Hat alert: New squid packages available
New squid packages are available that fix various vulnerabilities. Some of
these vulnerabilities could be used to perform a denial of service (DoS)
attack or allow remote users to execute code as the user squid.
SuSE alert: Re: cups
We have retracted the security update packages for cups as announced
by SuSE Security announcement SuSE-SA:2002:005 due to errors in the
binary packages.
SuSE alert: cups
The well known Common Unix Printing System (CUPS) was found vulnerable to a buffer overflow in the Internet Printing Protocol (IPP) handling code. The buffer overflow could be exploited by a remote attacker as long as their IP address is allowed to connect to the CUPS server.
Mandrake alert: squid update
Three security issues were found in the 2.x versions of the Squid proxy server up to and including 2.4.STABLE3. The first is a memory leak in the optional SNMP interface to Squid which could allow a malicious user who can send packets to the Squid SNMP port to possibly perform a Denial of Service attack on ther server if the SNMP interface is enabled. The next is a buffer overflow in the implementation of ftp:// URLs where allowed users could possibly perform a DoS on the server, and may be able to trigger remote execution of code (which the authors have not yet confirmed). The final issue is with the HTCP interface which cannot be properly disabled from squid.conf; HTCP is enabled by default on Mandrake Linux systems.
Red Hat alert: Updated ncurses4 compat packages are available
Updated ncurses4 compatability packages which fix a potential security
problem are available.
Debian alert: New GNUJSP packages fix directory and script source disclosure
Thomas Springer found a vulnerability in GNUJSP, a Java servlet that
allows you to insert Java source code into HTML files. The problem
can be used to bypass access restrictions in the web server. An
attacker can view the contents of directories and download files
directly rather then receiving their HTML output. This means that the
source code of scripts could also be revealed.
Debian alert: New ncurses packages available
Several buffer overflows were fixed in the "ncurses" library in November
2000. Unfortunately, one was missed. This can lead to crashes when using
ncurses applications in large windows.
Debian alert: New hanterm packages fix buffer overflow
A set of buffer overflow problems have been found in hanterm, a Hangul
terminal for X11 derived from xterm, that will read and display Korean
characters in its terminal window. The font handling code in hanterm
uses hard limited string variables but didn't check for boundaries.
Mandrake alert: cups update
There is a potential buffer overflow vulnerability in CUPS when reading the names of attributes. This bug affects all versions of CUPS and is fixed upstream in version 1.1.14.
Mandrake alert: ucd-snmp update
The Oulu University Secure Programming Group (OUSPG) has identified numerous vulnerabilities in multiple vendor SNMPv1 implementations. These vulnerabilities may allow unauthorized privileged access, denial of service attacks, or unstable behaviour.
Debian alert: Multiple SNMP vulnerabilities
The Secure Programming Group of the Oulu University did a study on
SNMP implementations and uncovered multiple problems which can
cause problems ranging from Denial of Service attacks to remote
exploits.
Debian alert: New CUPS packages fix buffer overflow
The authors of CUPS, the Common UNIX Printing System, have found a
potential buffer overflow bug in the code of the CUPS daemon where it
reads the names of attributes. This affects all versions of CUPS.
Debian alert: New Faq-O-Matic packages fix cross-site scripting vulnerability
Due to unescaped HTML code Faq-O-Matic returned unverified scripting
code to the browser. With some tweaking this enables an attacker to
steal cookies from one of the Faq-O-Matic moderators or the admin.
Red Hat alert: Updated ucd-snmp packages available
Updated ucd-snmp packages are now available for Red Hat Linux 6.2, 7, 7.1,
and 7.
Mandrake alert: openldap update
A problem exists in all versions of OpenLDAP from 2.0.0 through 2.0.19 where permissions are not properly checked using access control lists when a user tries to remove an attribute from an object in the directory by replacing it's values with an empty list. Schema checking is still enforced, so a user can only remove attributes that the schema does not require the object to possess.
Debian alert: New UUCP packages finally fix uucp uid/gid access
Zenith Parsec discovered a security hole in Taylor UUCP 1.06.1. It
permits a local user to copy any file to anywhere which is writable by
the uucp uid, which effectively means that a local user can completely
subvert the UUCP subsystem, including stealing mail, etc.
« Previous ( 1 ... 7407 7408 7409 7410 7411 7412 7413 7414 7415 7416 7417 ... 7439 ) Next »