Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7413 7414 7415 7416 7417 7418 7419 7420 7421 7422 7423 ... 7439 ) Next »
Red Hat alert: Updated webalizer packages available
Updated webalizer packages are available which fix a security problem and
some minor bugs.
SuSE alert: squid
The squid proxy server can be crashed with a malformed request, resulting in a denial of service attack. After the crash, the squid proxy must be restarted. The weakness can only be triggered from an address that is allowed to send requests, as configured in the squid configuration file.
Red Hat alert: Printing exposes system files to reading.
When used in a spooling environment, it is inappropriate to allow programs
to read arbitrary files as a result of print requests. Ghostscript, a
postscript interpreter, can read arbitrary system files with the same
permissions as the print spooler, potentially exposing the system to an
information compromise.
SuSE alert: kernel
Two security related problems have been found in both the 2.2 and
2.4 series kernels:
Red Hat alert: Updated mod_auth_pgsql packages available
Updated mod_auth_pgsql packages are now available for Red Hat Linux 7.
Red Hat alert: Updated mod_auth_pgsql packages available
Updated mod_auth_pgsql packages are now available for Red Hat Linux 7.
SuSE alert: htdig
ht://Dig is a powerfull indexing and information gathering tool for the web. ht://Dig's search engine htsearch could be run by a http server as CGI program or standalone as commandline tool. Due to insufficient checking of the running environment it is possible to use commandline options via CGI. An remote attacker could use the -c option to specify /dev/zero as an alternate config file to causes a denial of service for some minutes. To read files with the privilege of the http server by abusing the -c option an attacker needs write access to the server running htsearch.
SuSE alert: shadow/login
Multiple Linux vendors have issued security announcements about failures of the /bin/login program to properly initialize the privileges of an authenticated user if the PAM module pam_limits is enabled. The bug has been categorized as a sequence bug, and is located in the code of the login program itself: A call to getpwnam(3) returns a pointer to a struct passwd, and the data is being used. Then, a call to PAM routines cause getpwnam(3) to be called again, but beyond the programmer's control or knowledge. The pointer as returned by the first getpwnam(3) remains the same, but the data may be different. By consequence, the data is in an undefined state. The error appears with the pam_limits PAM module only because other PAM modules do not call getpwnam(3).
Red Hat alert: New kernel 2.4 packages are available
A vulnerability has been found in the ptrace code of the kernel (ptrace is
the part that allows program debuggers to run) that could be abused by
local users to gain root privileges.
2001-10-22: Kernel updates are now available for Red Hat Linux 7.
Announcing the availability of Red Hat Linux 7.2 (Enigma)
Red Hat, Inc. (NASDAQ:RHAT)
today announced that Red Hat Linux 7.2 and Red Hat Linux Professional are
now available in stores, through computer resellers and direct from Red Hat.
The latest version of the market leading Linux distribution adds significant
new capabilities, both for use as a workstation and use as a server. Red Hat
Linux 7.2 and Red Hat Linux Professional will also be available through
hardware partners in the coming weeks.
Red Hat alert: New squid packages available to fix FTP-based DoS
New squid packages are available that fix a potential DoS in Squid's FTP
handling code. It is recommened that squid users update to the fixed
packages.
The packages for Red Hat Linux 6.2 also fix the problem described in
RHSA-2001:097-04; it was later discovered that Red Hat Linux 6.2 is
vulnerable to the same problem in accelerator-only mode.
2001-10-22: Packages are now available for Red Hat Linux 7.
Red Hat alert: New squid packages available to fix FTP-based DoS
New squid packages are available that fix a potential DoS in Squid's FTP
handling code. It is recommened that squid users update to the fixed
packages.
The packages for Red Hat Linux 6.2 also fix the problem described in
RHSA-2001:097-04; it was later discovered that Red Hat Linux 6.2 is
vulnerable to the same problem in accelerator-only mode.
2001-10-22: Packages are now available for Red Hat Linux 7.
Red Hat alert: New util-linux packages available to fix /bin/login pam problem
New util-linux packages are available that fix a problem with /bin/login's
PAM implementation. This could, in some non-default setups, cause users to
receive credentials of other users. It is recommended that all users
update to the fixed packages.
2001-10-22: Packages are now available for Red Hat Linux 7.
Red Hat alert: Updated openssh packages available
Updated openssh packages are now available for Red Hat Linux 7 and 7.1.
These packages fix a vulnerability which may allow unauthorized users to
log in from hosts that have been denied access.
2001-10-22: Pacakges are now available for Red Hat Linux 7.
Red Hat alert: New util-linux packages available to fix /bin/login pam problem
New util-linux packages are available that fix a problem with /bin/login's
PAM implementation. This could, in some non-default setups, cause users to
receive credentials of other users. It is recommended that all users
update to the fixed packages.
2001-10-22: Packages are now available for Red Hat Linux 7.
Red Hat alert: Updated openssh packages available
Updated openssh packages are now available for Red Hat Linux 7 and 7.1.
These packages fix a vulnerability which may allow unauthorized users to
log in from hosts that have been denied access.
2001-10-22: Pacakges are now available for Red Hat Linux 7.
Debian alert: New nvi packages fix format string vulnerability
Takeshi Uno found a very stupid format string vulnerability in all
versions of nvi (in both, the plain and the multilingualized version).
When a filename is saved, it ought to get displayed on the screen.
The routine handling this didn't escape format strings.
Red Hat alert: Updated diffutils packages available
Updated diffutils packages are now available, fixing a temporary file
handling vulnerability in the sdiff program.
Red Hat alert: New kernel 2.2 packages are available
A vulnerability has been found in the ptrace code of the kernel (ptrace is
the part that allows program debuggers to run) that could be abused by
local users to gain root privileges.
Red Hat alert: New kernel 2.4 packages are available
A vulnerability has been found in the ptrace code of the kernel (ptrace is
the part that allows program debuggers to run) that could be abused by
local users to gain root privileges.
« Previous ( 1 ... 7413 7414 7415 7416 7417 7418 7419 7420 7421 7422 7423 ... 7439 ) Next »