Showing all newswire headlines

Two parts of the nkitb/nkitserv package are vulnerable to security related bugs. in.ftpd(8): A one-byte bufferoverflow was discovered in the OpenBSD port of the FTP daemon in.ftpd(8) several weeks ago. This bug could just be triggered by authenticated users, which have write access. This bug is believed to not be exploitable under Linux. However, we prefer to provide a fixed update package to make sure that the daemon is on the safe side. in.ftpd(8) will be invoked by inetd(8) and is activated by default.

The eMail access daemons imapd(8), ipop2d(8) and ipop3d(8) of SuSE 6.1 are vulnerable to several buffer overflows. Due to a misconfiguration these vulnerbilities could be triggered remotely after a user had been authenticated.

Two parts of the nkitb/nkitserv package are vulnerable to security related bugs. in.ftpd(8): A one-byte bufferoverflow was discovered in the OpenBSD port of the FTP daemon in.ftpd(8) several weeks ago. This bug could just be triggered by authenticated users, which have write access. This bug is believed to not be exploitable under Linux. However, we prefer to provide a fixed update package to make sure that the daemon is on the safe side. in.ftpd(8) will be invoked by inetd(8) and is activated by default.

The eMail access daemons impad(8), ipop2d(8) and ipop3d(8) of SuSE 6.1 are vulnerable to several buffer overflows. Due to a misconfiguration these vulnerbilities could be triggered remotely after a user had been authenticated.

Updated Red Hat Powertools 6.2 packages fixing two security problems in licq are available.

Updated vim packages fixing a security problem are available.

Updated Red Hat Linux 7 packages fixing two security problems in licq are available.

An overrunnable buffer exists in sudo versions prior to 1.6.3p6

A common version of rpm for all Red Hat distributions is being released. This version of rpm understands legacy version 3 packaging used in Red Hat 6.x/5.x distributions as well as version 4 packaging used in Red Hat 7.x. In addition, rpm-4.0.2 has support for both the legacy db1 format used in Red Hat 6.x/5.x databases as well as support for the db3 format database used in Red Hat 7.x

Insecure handling of temporary file permissions could lead to other users on a multi-user system being able to read the documents being converted.

New mutt packages are available. These packages fix an instance of the common 'format string' vulnerability, and correct an incompatibilty with the current errata IMAP server. It is recommended that all mutt users using Red Hat Linux upgrade to the new packages. The version of mutt shipped in Red Hat Linux 7.0 does not contain the format string vulnerability; it is merely a bugfix update. Users of Red Hat Linux 6.0 and 6.1 should use the packages for Red Hat Linux 6.

An overflow exists in the slrn pacakge as shipped in Red Hat Linux 7 and Red Hat Linux 6.x, which could possibly lead to remote users executing arbitrary code as the user running slrn. It is recommended that all users of slrn update to the fixed packages. Users of Red Hat Linux 6.0 or 6.1 should use the packages for Red Hat Linux 6.

The mail program (a simple tool to read and send email) as distributed with Debian GNU/Linux 2.2 has a buffer overflow in the input parsing code. Since mail is installed setgid mail by default this allowed local users to use it to gain access to mail group.

This advisory covers several vulnerabilities in Zope that have been addressed.

Klaus Frank has found a vulnerability in the way gnuserv handled remote connections. Gnuserv is a remote control facility for Emacsen which is available as standalone program as well as included in XEmacs21. Gnuserv has a buffer for which insufficient boundary checks were made. Unfortunately this buffer affected access control to gnuserv which is using a MIT-MAGIC-COOCKIE based system. It is possible to overflow the buffer containing the cookie and foozle cookie comparison.

Christer Öberg of Wkit Security AB found a problem in joe (Joe's Own Editor). joe will look for a configuration file in three locations: the current directory, the users homedirectory ($HOME) and in /etc/joe. Since the configuration file can define commands joe will run (for example to check spelling) reading it from the current directory can be dangerous: an attacker can leave a .joerc file in a writable directory, which would be read when a unsuspecting user starts joe in that directory.

Bill Nottingham reported a problem in the wrapping/unwrapping functions of the slrn newsreader. A long header in a message might overflow a buffer and which could result into executing arbitraty code encoded in the message.

This is an update to the DSA-032-1 advisory. The powerpc package that was listed in that advisory was unfortunately compiled on the wrong system which caused it to not work on a Debian GNU/Linux 2.2 system.

The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems:

Former versions of sgml-tools created temporary files directly in /tmp in an insecure fashion. Version 1.0.9-15 and higher create a subdirectory first and open temporary files within that directory.