Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7411 7412 7413 7414 7415 7416 7417 7418 7419 7420 7421 ... 7439 ) Next »

Debian alert: mailman cross-site scripting problem

  • Mailing list (Posted by dave on Dec 15, 2001 4:42 PM EDT)
  • Story Type: Security; Groups: Debian
Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables.

Red Hat alert: Updated glibc packages are available

  • Mailing list (Posted by dave on Dec 14, 2001 1:05 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated glibc packages are available to fix an overflowable buffer and for 7.x to fix a couple of non-security related bugs.

Mandrake alert: openssh update

The new OpenSSH 3.0.2 fixes a vulnerability in the UseLogin option. By default, Mandrake Linux does not enable UseLogin, but if the administrator enables it, local users are able to pass environment variables to the login process. This update also fixes a security hole in the KerberosV support that is present in versions 2.9.9 and 3.0.0.

Mandrake alert: passwd update

The default pam files for the passwd program did not include support for md5 passwords, thus any password changes or post-install added users would not have md5 passwords.

Debian alert: postfix memory exhaustion

  • Mailing list (Posted by dave on Dec 12, 2001 7:23 AM EDT)
  • Story Type: Security; Groups: Debian
Wietse Venema reported he found a denial of service vulnerability in postfix. The SMTP session log that postfix keeps for debugging purposes could grow to an unreasonable size.

Red Hat alert: Updated secureweb packages available

  • Mailing list (Posted by dave on Dec 7, 2001 12:36 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages are now available for Red Hat Secure Web Server 3.2 (U.S.). These updates close a potential security hole which would present clients with a listing of the contents of a directory instead of the contents of an index file or the proper error message. The previous revision of this errata advisory included incorrect URLs. This revision lists the correct location of the updated packages.

Red Hat alert: Updated secureweb packages available

  • Mailing list (Posted by dave on Dec 7, 2001 6:33 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages are now available for Red Hat Secure Web Server 3.2 (U.S.). These updates close a potential security hole which would present clients with a listing of the contents of a directory instead of the contents of an index file or the proper error message.

SuSE alert: openssh

  • Mailing list (Posted by dave on Dec 6, 2001 11:56 AM EDT)
  • Story Type: Security; Groups: SUSE
This is a re-release of the SuSE Security Announcement SuSE-SA:2001:044, adding another bugfix for the openssh package as well as more detailed information about the vulnerabilities to prevent misunderstandings.

Debian alert: local root in wmtv

  • Mailing list (Posted by dave on Dec 5, 2001 4:14 PM EDT)
  • Story Type: Security; Groups: Debian
Nicolas Boullis found a nasty security problem in the wmtv (a dockable video4linux tv player for windowmaker) package as distributed in Debian GNU/Linux 2.2.

Debian alert: OpenSSH UseLogin vulnerability

  • Mailing list (Posted by dave on Dec 5, 2001 5:33 AM EDT)
  • Story Type: Security; Groups: Debian
If the UseLogin feature is enabled in for ssh local users could pass environment variables (including variables like LD_PRELOAD) to the login process. This has been fixed by not copying the environment of UseLogin is enabled.

Debian alert: xtel symlink vulnerabilities

  • Mailing list (Posted by dave on Dec 5, 2001 4:21 AM EDT)
  • Story Type: Security; Groups: Debian
The xtel (a X emulator for minitel) package as distributed with Debian GNU/Linux 2.2 has two possible symlink attacks:

Debian alert: several problems in icecast-server

  • Mailing list (Posted by dave on Dec 5, 2001 2:32 AM EDT)
  • Story Type: Security; Groups: Debian
The icecast-server (a streaming music server) package as distributed in Debian GNU/Linux 2.2 has several security problems:

Debian alert: improper character escaping in fml

  • Mailing list (Posted by dave on Dec 5, 2001 2:30 AM EDT)
  • Story Type: Security; Groups: Debian
The fml (a mailing list package) as distributed in Debian GNU/Linux 2.2 suffers from a cross-site scripting problem. When generating index pages for list archives the `<' and `>' characters were not properly escaped for subjects.

Red Hat alert: Updated OpenSSH packages available

  • Mailing list (Posted by dave on Dec 4, 2001 4:16 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated OpenSSH packages are now available for Red Hat Linux 7, 7.1, and 7.

Red Hat alert: Updated apache packages available

  • Mailing list (Posted by dave on Dec 4, 2001 1:50 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Apache packages are now available for Red Hat Linux 6.2, 7, 7.1, and 7.

SuSE alert: OpenSSH

  • Mailing list (Posted by dave on Dec 3, 2001 5:22 AM EDT)
  • Story Type: Security; Groups: SUSE
The OpenSSH daemon shipped with SuSE distributions contains various minor bugs which allows bypassing of IP-access control in some circumstances or the deletion of files named "cookies" if X11 forwarding is enabled. It has also been verified that the recent remotely exploitable crc32 bug as well as the logging-bug has been fixed in our latest ssh packages. We strongly recommend to update to OpenSSH version 2.9.9p2. Please download and update the packages as described in section 3. Then invoke

Debian alert: wu-ftpd buffer overflow in glob code

  • Mailing list (Posted by dave on Dec 2, 2001 4:08 PM EDT)
  • Story Type: Security; Groups: Debian
CORE ST reports that an exploit has been found for a bug in the wu-ftpd glob code (this is the code that handles filename wildcard expansion). Any logged in user (including anonymous ftp users) can exploit the bug to gain root privilege on the server.

Red Hat alert: Updated OpenSSH packages available

  • Mailing list (Posted by dave on Nov 30, 2001 8:14 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated OpenSSH packages are now available for Red Hat Linux 7, 7.1, and 7.

Red Hat alert: Updated Cyrus SASL packages available

  • Mailing list (Posted by dave on Nov 29, 2001 9:58 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Cyrus-SASL packages are now available for Red Hat Linux 7, 7.1, and 7.

Red Hat alert: Updated Cyrus SASL packages available

  • Mailing list (Posted by dave on Nov 29, 2001 9:58 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Cyrus-SASL packages are now available for Red Hat Power Tools 6.

« Previous ( 1 ... 7411 7412 7413 7414 7415 7416 7417 7418 7419 7420 7421 ... 7439 ) Next »