Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7424 7425 7426 7427 7428 7429 7430 7431 7432 7433 7434 ... 7469 ) Next »
Mandrake alert: apache update
A number of vulnerabilities were discovered in Apache versions prior to 1.3.27.
Mandrake alert: Status of 7.1/Corporate Server 1.0.1 updates
With the release of Mandrake Linux 9.0, we will no longer be supporting some older distributions, particularly versions 7.1 and Corporate Server 1.0.1. If you are still using one of these distributions, we suggest you upgrade to a more recent version of Mandrake Linux.
Red Hat alert: Updated xinetd packages fix denial of service vulnerability
Xinetd contains a denial-of-service (DoS) vulnerability.
Debian alert: New syslog-ng packages fix buffer overflow
Péter Höltzl discovered a problem in the way syslog-ng handles macro
expansion. When a macro is expanded a static length buffer is used
accompanied by a counter. However, when constant chharacters are
appended, the counter is not updated properly, leading to incorrect
boundary checking. An attacker may be able to use specially crafted
log messages inserted via UDP which overflows the buffer.
SuSE alert: Heartbeat
Heartbeat is a monitoring service that is used to implement failover in high-availablity environments. It can be configured to monitor other systems via serial connections, or via UDP/IP.
Red Hat alert: Command execution vulnerability in dvips
dvips contains a vulnerability allowing print users to execute arbitrary
commands
Debian alert: New heartbeat packages fix buffer overflows
Nathan Wallwork discovered a buffer overflow in heartbeat, a subsystem
for High-Availability Linux. A remote attacker could send a specially
crafted TCP packet that overflows a buffer, leaving heartbeat to
execute arbitrary code as root.
Red Hat alert: Updated squirrelmail packages close cross-site scripting vulnerabilities
Updated squirrelmail packages are now available for Red Hat Linux.
Mandrake alert: tar update
A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename.
Mandrake alert: unzip update
A directory traversal vulnerability was discovered in unzip version 5.42 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a ".." (dot dot) in an extracted filename, as well as prefixing filenames in the archive with "/" (slash).
Red Hat alert: Updated packages fix PostScript and PDF security issue
Updated packages for gv and ggv fix a local buffer overflow
when reading malformed PDF or PostScript(R) files.
Red Hat alert: Updated analog packages are available
Updated packages for analog are available which fix a cross-site
scripting problem and a denial of service problem.
Mandrake alert: kdelibs update
A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, javascript may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine. This is fixed in KDE 3.0.3a, and the KDE team provided a patch for KDE 2.2.2. This patch has been applied to the following packages. After upgrading kdelibs, you must restart KDE in order for the fix to work.
Debian alert: New bugzilla packages fix privilege escalation
The developers of Bugzilla, a web-based bug tracking system,
discovered a problem in the handling of more than 47 groups. When a
new product is added to an installation with 47 groups or more and
"usebuggroups" is enabled, the new group will be assigned a groupset
bit using Perl math that is not exact beyond 2^48. This results in
the new group being defined with a "bit" that has several bits set.
As users are given access to the new group, those users will also gain
access to spurious lower group privileges. Also, group bits were not
always reused when groups were deleted.
Debian alert: New fetchmail packages fix buffer overflows
Package : fetchmail, fetchmail-ssl
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
Debian alert: New ht://Check packages fix cross site scripting problem
Package : htcheck
Vulnerability : cross site scripting
Problem-Type : remote
Debian-specific: no
Debian alert: New tkmail packages fix insecure temporary file creation
It has been discovered that tkmail creates temporary files insecurely.
Exploiting this an attacker with local access can easily create and
overwrite files as another user.
Red Hat alert: Updated fetchmail packages fix vulnerabilities
Updated fetchmail packages are available for Red Hat Linux 6.2, 7, 7.1,
7.2, 7.3, and 8.0 which close a remotely-exploitable vulnerability in
unpatched versions of fetchmail prior to 6.1.0.
SuSE alert: mod_php4
PHP is a well known and widely used web programming language. If a PHP script runs in "safe mode" several restrictions are applied to it including limits on execution of external programs.
SuSE alert: hylafax
HylaFAX is a client-server architecture for receiving and sending facsimiles.
« Previous ( 1 ... 7424 7425 7426 7427 7428 7429 7430 7431 7432 7433 7434 ... 7469 ) Next »