Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7425 7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 ... 7469 ) Next »

SuSE alert: hylafax

  • Mailing list (Posted by dave on Oct 7, 2002 1:15 AM EDT)
  • Story Type: Security; Groups: SUSE
HylaFAX is a client-server architecture for receiving and sending facsimiles.

Debian alert: New tomcat packages fix unintended source code disclosure

  • Mailing list (Posted by dave on Oct 4, 2002 5:08 AM EDT)
  • Story Type: Security; Groups: Debian
A security vulnerability has been found in all Tomcat 4.x releases. This problem allows an attacker to use a specially crafted URL to return the unprocessed source code of a JSP page, or, under special circumstances, a static resource which would otherwise have been protected by security constraints, without the need for being properly authenticated.

Red Hat alert: Updated packages fix PostScript and PDF security issue

  • Mailing list (Posted by dave on Oct 3, 2002 11:25 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated packages for ggv fix a local buffer overflow when reading malformed PDF or PostScript files.

Red Hat alert: Updated tcpdump packages fix buffer overflow

  • Mailing list (Posted by dave on Oct 3, 2002 11:22 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated tcpdump, libpcap, and arpwatch packages are available for Red Hat Linux 6.2 and 7.x. These updates close a buffer overflow when handling NFS packets. [Update 3 October 2002] Replacement packages have been added for Red Hat Linux 6.2 as the previous packages could not be installed with the version of RPM that shipped with Red Hat Linux 6.

Red Hat alert: Updated nss_ldap packages fix buffer overflow

  • Mailing list (Posted by dave on Oct 3, 2002 11:19 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7, 7.1, 7.2, and 7.3. These updates fix a potential buffer overflow which can occur when nss_ldap is set to configure itself using information stored in DNS, a format string bug in logging functions used in pam_ldap, and to properly handle truncated DNS responses.

Red Hat alert: Updated glibc packages fix vulnerabilities in resolver

  • Mailing list (Posted by dave on Oct 3, 2002 10:23 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated glibc packages are available to fix a buffer overflow in the resolver.

Mandrake alert: fetchmail update

Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done with the same privilege as the user running fetchmail.

Mandrake alert: postgresql update

Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS.

SuSE alert: heimdal

  • Mailing list (Posted by dave on Sep 30, 2002 7:33 AM EDT)
  • Story Type: Security; Groups: SUSE
The Heimdal package is a free Kerberos implementation offering flexible authentication mechanisms based on the Kerberos 5 and Kerberos 4 scheme. The SuSE Security Team has reviewed critical parts of the Heimdal package such as the kadmind and kdc server. While doing so several possible buffer overflows and other bugs have been uncovered and fixed. Remote attackers can probably gain remote root access on unpatched systems. Since these services run usually on authentication servers we consider these bugs to be very serious. An update is strongly recommended if you are using the Heimdal package.

Red Hat releases Red Hat Linux 8.0

RALEIGH, NC-September 30, 2002-Red Hat, Inc. (Nasdaq:RHAT) today released Red Hat Linux 8.0, a highly versatile operating system designed for personal and small business computing. Red Hat Linux 8.0 combines leading-edge Linux technologies with a new graphical look and feel that offers users a polished, easy-to-use operating environment.

Red Hat alert: Updated unzip and tar packages fix vulnerabilities

  • Mailing list (Posted by dave on Sep 29, 2002 12:55 AM EDT)
  • Story Type: Security; Groups: Red Hat
The unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction.

Debian alert: New glibc packages fix

  • Mailing list (Posted by dave on Sep 26, 2002 9:01 AM EDT)
  • Story Type: Security; Groups: Debian
Wolfram Gloger discovered that the bugfix from DSA 149-1 unintentially replaced potential integer overflows in connection with malloc() with more likely divisions by zero. This called for an update. For completeness the original security advisory said:

Red Hat alert: Updated Zope packages are available

  • Mailing list (Posted by dave on Sep 25, 2002 7:14 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Zope packages are available which fix a number of security issues

Mandrake alert: glibc update

A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability.

Mandrake alert: tcltk update

Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library.

SuSE alert: Slapper worm

  • Mailing list (Posted by dave on Sep 19, 2002 11:45 PM EDT)
  • Story Type: Security; Groups: SUSE
This advisory is issued in an attempt to clarify any issues surrounding the recently discovered Apache/mod_ssl worm.

SuSE alert: Slapper worm

  • Mailing list (Posted by dave on Sep 19, 2002 10:48 AM EDT)
  • Story Type: Security; Groups: SUSE
This advisory is issued in an attempt to clarify any issues surrounding the recently discovered Apache/mod_ssl worm.

Debian alert: New PHP packages fix several vulnerabilities

  • Mailing list (Posted by dave on Sep 18, 2002 5:40 AM EDT)
  • Story Type: Security; Groups: Debian
Wojciech Purczynski found out that it is possible for scripts to pass arbitrary text to sendmail as commandline extension when sending a mail through PHP even when safe_mode is turned on. Passing 5th argument should be disabled if PHP is configured in safe_mode, which is the case for newer PHP versions and for the versions below. This does not affect PHP3, though.

SuSE alert: xf86

  • Mailing list (Posted by dave on Sep 18, 2002 2:53 AM EDT)
  • Story Type: Security; Groups: SUSE
The xf86 package contains various libraries and programs which are fundamental for the X server to function. The libX11.so library from this package dynamically loads other libraries where the pathname is controlled by the user invoking the program linked against libX11.so. Unfortunately, libX11.so also behaves the same way when linked against setuid programs. This behavior allows local users to execute arbitrary code under a different UID which can be the root-UID in the worst case. libX11.so has been fixed to check for calls from setuid programs. It denies loading of user controlled libraries in this case. We recommend an update in any case since there is no easy workaround possible except removing the setuid bit from any program linked against libX11.so.

Debian alert: Multiple OpenSSL problems (update)

  • Mailing list (Posted by dave on Sep 17, 2002 6:16 AM EDT)
  • Story Type: Security; Groups: Debian
There was an error in the original openssl094 packages, resulting in an incomplete fix. This error has been corrected in 0.9.4-6.potato.2 and 0.9.4-6.woody.2. We recommend that you upgrade your openssl094 packages immediately. i386 packages are available at this time, and packages will be available shortly for other architectures. Note that the openssl 0.9.5a and 0.9.6 updates were not affected by this error.

« Previous ( 1 ... 7425 7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 ... 7469 ) Next »