Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7424 7425 7426 7427 7428 7429 ) Next »

SuSE alert: makewhatis bug

  • Mailing list (Posted by dave on Jul 10, 2000 7:50 AM EDT)
  • Story Type: Security; Groups: SUSE
a few days ago a /tmp race condition bug in the makewhatis program was posted on bugtraq. We are NOT vulnerable by this bug, because we use different code, which doesn't touch /tmp in a unsecure way.

Red Hat alert: man package's 'makewhatis' uses insecure handling of files in /tmp

  • Mailing list (Posted by dave on Jul 3, 2000 3:03 PM EDT)
  • Story Type: Security; Groups: Red Hat
The makewhatis portion of the man package used files in /tmp in an insecure fashion. It was possible for local users to exploit this vulnerability to modify files that they normally could not and gain elevated privilege.

Debian alert: New version of canna released.

  • Mailing list (Posted by dave on Jul 2, 2000 5:34 AM EDT)
  • Story Type: Security; Groups: Debian
The canna package as distributed in Debian GNU/Linux 2.1 can be remotely exploited to gain access. This could be done by overflowing a buffer by sending a SR_INIT command with a very long usernamd or groupname.

Debian alert: New verion of dhcp released

  • Mailing list (Posted by dave on Jun 28, 2000 8:18 AM EDT)
  • Story Type: Security; Groups: Debian
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2 (potato) are vulnerable to a root exploit. The OpenBSD team reports that the client inappropriately executes commands embedded in replies sent from a dhcp server. This means that a malicious dhcp server can execute commands on the client with root privilages.

SuSE alert: Problems after Kernel Update

  • Mailing list (Posted by dave on Jun 28, 2000 5:43 AM EDT)
  • Story Type: Security; Groups: SUSE
alot of customers report problems after updateing the kernel. Please, execute 'mk_initrd' and 'lilo' after upgrading the kernel.

Slackware alert: wu-ftpd remote exploit patched

A remote exploit has been found in the FTP daemon, wu-ftpd. This can allow an attacker full access to your machine.

SuSE alert: kernel-2.2.x

  • Mailing list (Posted by dave on Jun 27, 2000 8:42 AM EDT)
  • Story Type: Security; Groups: SUSE
The implementation of the capability feature of the kernel

SuSE alert: wuftpd-2.6

  • Mailing list (Posted by dave on Jun 27, 2000 8:27 AM EDT)
  • Story Type: Security; Groups: SUSE
The wu-ftp FTP server does not do proper bounds checking while processing the SITE EXEC command.

Red Hat alert: remote root exploit (SITE EXEC) fixed

  • Mailing list (Posted by dave on Jun 23, 2000 2:29 PM EDT)
  • Story Type: Security; Groups: Red Hat
A security bug in wu-ftpd can permit remote users, even without an account, to gain root access. The new version closes the hole.

Debian alert: New Debian wu-ftpd packages released

  • Mailing list (Posted by dave on Jun 22, 2000 11:17 PM EDT)
  • Story Type: Security; Groups: Debian
The version of wu-ftpd distributed in Debian GNU/Linux 2.1 (a.k.a. slink), as well as in the frozen (potato) and unstable (woody) distributions, is vulnerable to a remote root compromise. The default configuration in all current Debian packages prevents the currently available exploits in the case of anonymous access, although local users could still possibly compromise the server.

Red Hat alert: Zope update

  • Mailing list (Posted by dave on Jun 22, 2000 1:33 PM EDT)
  • Story Type: Security; Groups: Red Hat
Remote vulnerabilities exist with all Zope-

Red Hat alert: New Linux kernel fixes security bug

  • Mailing list (Posted by dave on Jun 21, 2000 12:35 PM EDT)
  • Story Type: Security; Groups: Red Hat
This new kernel release fixes a security hole that could affect any setuid program on the system. In addition, several accumulated fixes are included.

Red Hat alert: New Linux kernel fixes security bug

  • Mailing list (Posted by dave on Jun 21, 2000 8:38 AM EDT)
  • Story Type: Security; Groups: Red Hat
This new kernel release fixes a security hole that could affect any setuid program on the system. In addition, several accumulated fixes are included.

Red Hat alert: Updated Kerberos 5 packages are now available for Red Hat Linux.

  • Mailing list (Posted by dave on Jun 16, 2000 12:23 AM EDT)
  • Story Type: Security; Groups: Red Hat
Security vulnerabilities have been found in the Kerberos 5 implementation shipped with Red Hat Linux 6.

Red Hat alert: Updated Kerberos 5 packages are now available for Red Hat Linux.

  • Mailing list (Posted by dave on Jun 15, 2000 3:00 PM EDT)
  • Story Type: Security; Groups: Red Hat
Security vulnerabilities have been found in the Kerberos 5 implementation shipped with Red Hat Linux 6.

Red Hat alert: New emacs packages available

  • Mailing list (Posted by dave on Jun 15, 2000 1:30 PM EDT)
  • Story Type: Security; Groups: Red Hat
With emacs < 20.7, unprivileged local users can eavesdrop the communication between Emacs and its subprocesses.

Slackware alert: Kernel 2.2.16 and /usr/bin/Mail

The 2.2.16 release of the Linux kernel is available and includes a number of security fixes. The following list of fixes comes from the kernel release notes:

Red Hat alert: kdelibs vulnerability for suid-root KDE applications

  • Mailing list (Posted by dave on Jun 7, 2000 7:04 AM EDT)
  • Story Type: Security; Groups: Red Hat
In kdelibs 1.1.2 there are security issues for some applications when they are run suid root.

Red Hat alert: New majordomo packages available

  • Mailing list (Posted by dave on May 31, 2000 7:11 AM EDT)
  • Story Type: Security; Groups: Red Hat
New majordomo packages are available to fix local security problems in majordomo.

Red Hat alert: Updated mailman packages are available.

  • Mailing list (Posted by dave on May 24, 2000 12:24 PM EDT)
  • Story Type: Security; Groups: Red Hat
New mailman packages are available which close security holes present in earlier versions of mailman.

« Previous ( 1 ... 7424 7425 7426 7427 7428 7429 ) Next »