Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7425 7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 ... 7469 ) Next »
SuSE alert: hylafax
HylaFAX is a client-server architecture for receiving and sending facsimiles.
Debian alert: New tomcat packages fix unintended source code disclosure
A security vulnerability has been found in all Tomcat 4.x releases.
This problem allows an attacker to use a specially crafted URL to
return the unprocessed source code of a JSP page, or, under special
circumstances, a static resource which would otherwise have been
protected by security constraints, without the need for being properly
authenticated.
Red Hat alert: Updated packages fix PostScript and PDF security issue
Updated packages for ggv fix a local buffer overflow
when reading malformed PDF or PostScript files.
Red Hat alert: Updated tcpdump packages fix buffer overflow
Updated tcpdump, libpcap, and arpwatch packages are available for Red
Hat Linux 6.2 and 7.x. These updates close a buffer overflow when handling
NFS packets.
[Update 3 October 2002]
Replacement packages have been added for Red Hat Linux 6.2 as the previous
packages could not be installed with the version of RPM that shipped with
Red Hat Linux 6.
Red Hat alert: Updated nss_ldap packages fix buffer overflow
Updated nss_ldap packages are now available for Red Hat Linux 6.2, 7, 7.1,
7.2, and 7.3. These updates fix a potential buffer overflow which can occur
when nss_ldap is set to configure itself using information stored in DNS,
a format string bug in logging functions used in pam_ldap, and to properly
handle truncated DNS responses.
Red Hat alert: Updated glibc packages fix vulnerabilities in resolver
Updated glibc packages are available to fix a buffer overflow in the
resolver.
Mandrake alert: fetchmail update
Several buffer overflows and a boundary check error were discovered in all fetchmail versions prior to 6.1.0 by e-matters GmbH. These problems are vulnerable to crashes and/or arbitrary code execution by remote attackers if fetchmail is running in multidrop mode. The code execution would be done with the same privilege as the user running fetchmail.
Mandrake alert: postgresql update
Vulnerabilities were discovered in the Postgresql relational database by Mordred Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(), repeat(), and cash_words() functions. The Postgresql developers also fixed a buffer overflow in functions that deal with time/date and timezone. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2 release that are currently only fixed in CVS.
SuSE alert: heimdal
The Heimdal package is a free Kerberos implementation offering flexible authentication mechanisms based on the Kerberos 5 and Kerberos 4 scheme. The SuSE Security Team has reviewed critical parts of the Heimdal package such as the kadmind and kdc server. While doing so several possible buffer overflows and other bugs have been uncovered and fixed. Remote attackers can probably gain remote root access on unpatched systems. Since these services run usually on authentication servers we consider these bugs to be very serious. An update is strongly recommended if you are using the Heimdal package.
Red Hat releases Red Hat Linux 8.0
RALEIGH, NC-September 30, 2002-Red Hat, Inc. (Nasdaq:RHAT) today
released Red Hat Linux 8.0, a highly versatile operating system
designed for personal and small business computing. Red Hat Linux 8.0
combines leading-edge Linux technologies with a new graphical look and
feel that offers users a polished, easy-to-use operating environment.
Red Hat alert: Updated unzip and tar packages fix vulnerabilities
The unzip and tar utilities contain vulnerabilities which can allow
arbitrary files to be overwritten during archive extraction.
Debian alert: New glibc packages fix
Wolfram Gloger discovered that the bugfix from DSA 149-1 unintentially
replaced potential integer overflows in connection with malloc() with
more likely divisions by zero. This called for an update. For
completeness the original security advisory said:
Red Hat alert: Updated Zope packages are available
Updated Zope packages are available which fix a number of security issues
Mandrake alert: glibc update
A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability.
Mandrake alert: tcltk update
Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library.
SuSE alert: Slapper worm
This advisory is issued in an attempt to clarify any issues surrounding the recently discovered Apache/mod_ssl worm.
SuSE alert: Slapper worm
This advisory is issued in an attempt to clarify any issues surrounding the recently discovered Apache/mod_ssl worm.
Debian alert: New PHP packages fix several vulnerabilities
Wojciech Purczynski found out that it is possible for scripts to pass
arbitrary text to sendmail as commandline extension when sending a
mail through PHP even when safe_mode is turned on. Passing 5th
argument should be disabled if PHP is configured in safe_mode, which
is the case for newer PHP versions and for the versions below. This
does not affect PHP3, though.
SuSE alert: xf86
The xf86 package contains various libraries and programs which are fundamental for the X server to function. The libX11.so library from this package dynamically loads other libraries where the pathname is controlled by the user invoking the program linked against libX11.so. Unfortunately, libX11.so also behaves the same way when linked against setuid programs. This behavior allows local users to execute arbitrary code under a different UID which can be the root-UID in the worst case. libX11.so has been fixed to check for calls from setuid programs. It denies loading of user controlled libraries in this case. We recommend an update in any case since there is no easy workaround possible except removing the setuid bit from any program linked against libX11.so.
Debian alert: Multiple OpenSSL problems (update)
There was an error in the original openssl094 packages, resulting in an
incomplete fix. This error has been corrected in 0.9.4-6.potato.2 and
0.9.4-6.woody.2. We recommend that you upgrade your openssl094 packages
immediately. i386 packages are available at this time, and packages will
be available shortly for other architectures. Note that the openssl
0.9.5a and 0.9.6 updates were not affected by this error.
« Previous ( 1 ... 7425 7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 ... 7469 ) Next »