Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 7436 ... 7439 ) Next »

Red Hat alert: Ethereal vulnerable to buffer overflows

  • Mailing list (Posted by dave on Nov 29, 2000 12:53 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Ethereal packages are available.

Debian alert: ed symlink attack

  • Mailing list (Posted by dave on Nov 28, 2000 4:14 PM EDT)
  • Story Type: Security; Groups: Debian
Alan Cox discovered that GNU ed (a classed line editor tool) created temporary files unsafely. This has been fixed in version 0.2-18.1.

Red Hat alert: Updated bind packages fixing DoS attack available

  • Mailing list (Posted by dave on Nov 27, 2000 6:15 PM EDT)
  • Story Type: Security; Groups: Red Hat
A remote DoS (denial of service) attack is possible with bind versions prior to 8.

Red Hat alert: Updated nss_ldap packages are now available.

  • Mailing list (Posted by dave on Nov 27, 2000 10:52 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated nss_ldap packages are now available for Red Hat Linux 6.1, 6.2, and 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha.

Red Hat alert: Updated cyrus-sasl packages available for Red Hat Linux 7

  • Mailing list (Posted by dave on Nov 27, 2000 10:52 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated cyrus-sasl packages are now available for Red Hat Linux 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Red Hat alert: Updated usermode packages available

  • Mailing list (Posted by dave on Nov 27, 2000 10:51 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated usermode packages are now available for Red Hat Linux 6.x and 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Red Hat alert: Updated apache, php, mod_perl, and auth_ldap packages available.

  • Mailing list (Posted by dave on Nov 27, 2000 10:51 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated apache, php, mod_perl, and auth_ldap packages are now available for Red Hat Linux 5.2, 6.0, 6.1, 6.2, and 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Red Hat alert: Updated gnorpm packages are available for Red Hat Linux 6.1, 6.2, and 7.0

  • Mailing list (Posted by dave on Nov 27, 2000 10:51 AM EDT)
  • Story Type: Security; Groups: Red Hat
(This is a re-release of the previous errata caused by a missing patch). A locally-exploitable security hole was found where a normal user could trick root running GnoRPM into writing to arbitrary files due to a bug in the gnorpm tmp file handling. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Red Hat alert: Updated openssh packages available for Red Hat Linux 7

  • Mailing list (Posted by dave on Nov 27, 2000 10:50 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated openssh packages are now available for Red Hat Linux 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Red Hat alert: Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7

  • Mailing list (Posted by dave on Nov 27, 2000 10:50 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.

Red Hat alert: Updated pine and imap packages are available for Red Hat Linux 5.2, 6.x and 7

  • Mailing list (Posted by dave on Nov 27, 2000 10:49 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated pine and imap packages are available for Red Hat Linux 5.2, 6.x and 7. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Red Hat alert: new modutils release addresses more local root compromise possibilities

  • Mailing list (Posted by dave on Nov 27, 2000 10:49 AM EDT)
  • Story Type: Security; Groups: Red Hat
A new modutils-

Red Hat alert: ghostscript uses mktemp instead of mkstemp, and uses an improper LD_RUN_PATH

  • Mailing list (Posted by dave on Nov 27, 2000 10:47 AM EDT)
  • Story Type: Security; Groups: Red Hat
ghostscript makes use of mktemp instead of mkstemp to create temp files; and also uses improper LD_RUN_PATH values, causing it to search for libraries in the current directory. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Red Hat alert: New ncurses packages fixing buffer overrun available

  • Mailing list (Posted by dave on Nov 27, 2000 10:46 AM EDT)
  • Story Type: Security; Groups: Red Hat
If you are any setuid applications that use ncurses and its cursor movement functionality, local users may gain access to the program's privileges. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Red Hat alert: Updated bash (1.x) packages for Red Hat Linux 5.x, 6.x available

  • Mailing list (Posted by dave on Nov 27, 2000 10:11 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated bash (1.x) packages for Red Hat Linux 5.x and 6.x, fixing a security problem, are available.

Red Hat alert: New Netscape packages available

  • Mailing list (Posted by dave on Nov 27, 2000 7:18 AM EDT)
  • Story Type: Security; Groups: Red Hat
New Netscape packages are available that fix a buffer overflow in parsing HTML. It is recommended that all Netscape users update to the fixed packages. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

Debian alert: New version of mc released

  • Mailing list (Posted by dave on Nov 24, 2000 4:42 PM EDT)
  • Story Type: Security; Groups: Debian
Maurycy Prodeus found a problem in cons.saver, a screensaver for the console that is included in the mc package. cons.saver does not check if it is started with a valid stdout, which combined with a bug in its check to see if its argument is a tty (it forgot to close the file-descriptor after opening the supposed tty) causes it to write a NUL character to the file given as its parameter.

SuSE alert: openssh/ssh

  • Mailing list (Posted by dave on Nov 24, 2000 6:51 AM EDT)
  • Story Type: Security; Groups: SUSE
openssh is an implementation of the secure shell protocol, available under the BSD license, primarily maintained by the OpenBSD Project.

Red Hat alert: New ncurses packages fixing buffer overrun available

  • Mailing list (Posted by dave on Nov 23, 2000 7:28 AM EDT)
  • Story Type: Security; Groups: Red Hat
If you are any setuid applications that use ncurses and its cursor movement functionality, local users may gain access to the program's privileges.

Debian alert: New version of ghostscript released

  • Mailing list (Posted by dave on Nov 22, 2000 4:33 PM EDT)
  • Story Type: Security; Groups: Debian
ghostscript uses temporary files to do some of its work. Unfortunately the method used to create those files wasn't secure: mktemp was used to create a name for a temporary file, but the file was not opened safely. A second problem is that during build the LD_RUN_PATH environment variable was set to the empty string, which causes the dynamic linker to look in the current directory for shared libraries.

« Previous ( 1 ... 7426 7427 7428 7429 7430 7431 7432 7433 7434 7435 7436 ... 7439 ) Next »