Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7412 7413 7414 7415 7416 7417 7418 7419 7420 7421 7422 ... 7439 ) Next »

Red Hat alert: Updated Cyrus SASL packages available

  • Mailing list (Posted by dave on Nov 29, 2001 9:58 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Cyrus-SASL packages are now available for Red Hat Power Tools 6.

SuSE alert: wuftpd

  • Mailing list (Posted by dave on Nov 28, 2001 1:55 PM EDT)
  • Story Type: Security; Groups: SUSE
The wuftpd package as shipped with SuSE Linux distributions comes with two versions of wuftpd: wuftpd-2.4.2, installed as /usr/sbin/wuftpd, and wuftpd-2.6.0, installed as /usr/sbin/wuftpd-2.6. The admin decides which version to use by the inetd/xinetd configuration.

Red Hat alert: Updated postfix packages are available

  • Mailing list (Posted by dave on Nov 28, 2001 1:14 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated postfix packages are now availble that will fix a possible denial of service attack.

Red Hat alert: Updated wu-ftpd packages are available

  • Mailing list (Posted by dave on Nov 27, 2001 2:37 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated wu-ftpd packages are available to fix an overflowable buffer.

SuSE alert: cyrus-sasl

  • Mailing list (Posted by dave on Nov 23, 2001 4:22 AM EDT)
  • Story Type: Security; Groups: SUSE
The Cyrus SASL library provides an authentication API for mail clients and servers. A format bug was found in one of the logging functions, that could be used by an attacker to gain access to a machine or to acquire higher privileges.

SuSE alert: susehelp

  • Mailing list (Posted by dave on Nov 22, 2001 2:58 AM EDT)
  • Story Type: Security; Groups: SUSE
The susehelp package contains several CGI-scripts to provide a flexible help-system to the user. Some of these scripts open files in an insecure manner, thus allowing remote attackers to execute arbitrary commands as wwwrun-user on the server running susehelp package. These bugs have been fixed in the newly available packages. Please update your susehelp package immediately if present on your system.

Debian alert: New versions of ssh-nonfree & ssh-socks fix buffer overflow

  • Mailing list (Posted by dave on Nov 13, 2001 1:58 PM EDT)
  • Story Type: Security; Groups: Debian
We have received reports that the "SSH CRC-32 compensation attack detector vulnerability" is being actively exploited. This is the same integer type error previously corrected for OpenSSH in DSA-027-1. OpenSSH (the Debian ssh package) was fixed at that time, but ssh-nonfree and ssh-socks were not.

Red Hat alert: Red Hat Linux 7.1 Korean installation program creates files with bad umask

  • Mailing list (Posted by dave on Nov 13, 2001 7:56 AM EDT)
  • Story Type: Security; Groups: Red Hat
Due to the kernel used in the Red Hat Linux 7.1 Korean installation program, some files are written by the installation program with the wrong permissions. It is recommended that all users of the Red Hat Linux 7.1 Korean installation program use the update disk image. If users have already installed, they should check their systems and fix the permissions on the affected files. They can do this by installing the updated redhat-release package.

Red Hat alert: remote exploit possible in lpd

  • Mailing list (Posted by dave on Nov 8, 2001 3:14 PM EDT)
  • Story Type: Security; Groups: Red Hat
The lpd printing daemon provided by the lpr package posses a remotely exploitable hole.

Red Hat alert: Updated iptables packages are available

  • Mailing list (Posted by dave on Nov 8, 2001 5:24 AM EDT)
  • Story Type: Security; Groups: Red Hat
A new version of iptables fixing various minor security problems and some other bugs is available.

Red Hat alert: Updated htdig packages are available

  • Mailing list (Posted by dave on Nov 8, 2001 5:22 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated ht://dig packages fix a DOS attack and a potential (yet unlikely) security problem.

Red Hat alert: New sendmail packages available which fix a local root exploit

  • Mailing list (Posted by dave on Nov 7, 2001 6:44 PM EDT)
  • Story Type: Security; Groups: Red Hat
An input validation error in the debugging functionality of all currently released versions of sendmail can enable a local user to gain root access. New packages that fix this problem are available for Red Hat Linux 5.2, 6.2, 7.0, and 7.1.

SuSE alert: webalizer

  • Mailing list (Posted by dave on Nov 6, 2001 1:32 AM EDT)
  • Story Type: Security; Groups: SUSE
The webalizer is a widely used tool for analyzing web server logs and produce statistics in HTML format. An exploitable bug was found in webalizer which allows a remote attacker to execute commands on other client machines or revealing sensitive information by placing HTML tags in the right place. This is possible due to missing sanity checks on untrusted data - hostnames and search keywords in this case - that are received by webalizer. This kind of attack is also known as "Cross-Site Scripting Vulnerability". Additionally the untrusted data will be written to files on the server running webalizer; this may lead to further problems when using this data as input for third-party software/scripts.

Red Hat alert: kernel 2.2 and 2.4: syncookie vulnerability

  • Mailing list (Posted by dave on Nov 2, 2001 11:26 AM EDT)
  • Story Type: Security; Groups: Red Hat
Syncookies are used to protect a system against certain Denial Of Service (DOS) attacks. A flaw in this mechanism has been found which can be used to circumvent certain types of firewall configurations. Note: syncookies are not enabled in the default installation of Red Hat Linux but many server administrators do enable syncookies.

SuSE alert: kernel (update)

  • Mailing list (Posted by dave on Nov 2, 2001 10:02 AM EDT)
  • Story Type: Security; Groups: SUSE
Information about the security problems fixed with the new kernel rpm packages from SuSE Security Announcement: kernel (SuSE-SA:2001:036) has been withheld in coordination with other Linux distributors/vendors. We hereby re-release SuSE-SA:2001:036 with the new announcement ID SuSE-SA:2001:039, now including additional information about the bugs fixed.

Red Hat alert: New ucd-snmp package to fix several security vulnerabilities

  • Mailing list (Posted by dave on Nov 2, 2001 1:42 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated ucd-snmp packages are now available for Red Hat Linux 6.2, 7 and 7.1. These packages include fixes for the following problems: - /tmp race and setgroups() privilege problem - Various buffer overflow and format string issues - One signedness problem in ASN handling It is recommended that all users update to the fixed packages.

Red Hat alert: Comprehensive Printing Update

  • Mailing list (Posted by dave on Oct 31, 2001 2:00 PM EDT)
  • Story Type: Security; Groups: Red Hat
A collection of security fixes, bug fixes, and functionality updates, including the Omni print drivers from IBM.

SuSE alert: uucp

  • Mailing list (Posted by dave on Oct 31, 2001 6:05 AM EDT)
  • Story Type: Security; Groups: SUSE
UUCP is a well known tool suite for copying data between unix-like systems. Zen-Parse reported that the higher privileges of uux (UID uucp) aren't dropped if long options instead of normal (short) options are used. An attacker could exploit this hole, by specifying a malicious configuration file to execute and/or access arbitrary data with the privilege of user uucp.

Red Hat alert: New teTeX packages available

  • Mailing list (Posted by dave on Oct 30, 2001 11:34 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated teTeX packages are available, fixing a temporary file handling vulnerability and an insecure invocation of dvips in a print filter.

Red Hat alert: Updated webalizer package available

  • Mailing list (Posted by dave on Oct 30, 2001 10:57 AM EDT)
  • Story Type: Security; Groups: Red Hat
These updated webalizer package fixes a security problem and some minor bugs.

« Previous ( 1 ... 7412 7413 7414 7415 7416 7417 7418 7419 7420 7421 7422 ... 7439 ) Next »