Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7440 7441 7442 7443 7444 7445 7446 ... 7447 ) Next »
Debian alert: new version of zope released (updated)
On versions of Zope prior to 2.2.1 it was possible for a user with the
ability to edit DTML to gain unauthorized access to extra roles during a
request. A fix was previously announced in the Debian zope package
2.1.6-5.1, but that package did not fully address the issue and has been
superseded by this announcement. More information is available at
http://www.zope.org/Products/Zope/Hotfix_2000-08-17/security_alert
Red Hat alert: New Netscape packages fix Java security hole
New Netscape packages are available to fix a serious security
problem with Java. It is recommended that all netscape users
update to the new packages. Users of Red Hat Linux 6.0 and 6.1
should use the packages for Red Hat Linux 6.
Red Hat alert: Updated mailx and perl packages are now available.
Updated perl and mailx package are now available which fix a potential
exploit made possible by incorrect assumptions made in suidperl.
This advisory contains additional instructions for installing the necessary
updates.
Red Hat alert: Zope update
Vulnerabilities exist with all Zope-
Debian alert: New version of xlockmore/xlockmore-gl released
There is a format string bug in all versions of xlockmore/xlockmore-gl.
Debian 2.1 (slink) installs xlock setgid by default, and this exploit
can be used to gain read access to the shadow file. We recommend
upgrading immediately.
Debian alert: new version of zope released
On versions of Zope prior to 2.2beta1 it was possible for a user with the
ability to edit DTML can gain unauthorized access to extra roles during a
request.
Red Hat alert: Updated usermode packages.
Updated usermode packages are now available for Red Hat Linux 6.0, 6.1, and
6.
Red Hat alert: Zope update
Vulnerabilities exist with all Zope-
SuSE alert: suidperl (perl)
suidperl is the perl interpreter for suid perl scripts, a part of the perl package. A maliciously implemented feature causes the interpreter to spawn the /bin/mail program to inform the superuser of its usage, thereby passing on untrusted environment that causes /bin/mail to execute arbitrary commands as user root.
SuSE alert: rpc.kstatd (knfsd)
Due to incorrect string parsing in the code, a remote attacker could gain root priviledges on the machine running the vulnerable rpc.kstatd.
Red Hat alert: Updated mailx and perl packages are now available.
Updated perl and mailx package are now available which fix a potential
exploit made possible by incorrect assumptions made in suidperl.
This advisory contains additional instructions for installing the necessary
updates.
Debian alert: New version of mailx released
mailx is a often used by other programs to send email. Unfortunately
mailx as distributed in Debian GNU/Linux 2.1 has some features that
made it possible to execute system commands if a user can trick a
privileged program to send email using /usr/bin/mail.
Red Hat alert: mopd-linux buffer overflow
A buffer overflow has been discovered in all releases of mopd-linux
included in the 6.0, 6.1, and 6.2 releases of Powertools.
Red Hat alert: Remote file access vulnerability in ntop
The version of ntop which was included in Red Hat Powertools 6.2 has a
remote exploit in which arbitrary files can be read on the host machine.
Red Hat alert: New umb-scheme packages are available.
New umb-scheme packages are available for Red Hat Linux 6.2 that fix a
problem with file permissions.
Red Hat alert: Updated mailx and perl packages are now available.
Updated perl and mailx package are now available which fix a potential
exploit made possible by incorrect assumptions made in suidperl.
SuSE alert: SuSE Security: miscellaneous
This notice addresses the latest security advisories from various
Linux Vendors as well as private contributors.
Debian alert: New verion of dhcp released (updated)
The versions of the ISC DHCP client in debian 2.1 (slink) and debian 2.2
(potato) are vulnerable to a root exploit. The OpenBSD team reports that
the client inappropriately executes commands embedded in replies sent
from a dhcp server. This means that a malicious dhcp server can execute
commands on the client with root privilages. A previous Debian security
advisory addressed this issue with package versions 2.0b1pl6-0.3 and
2.0-3potato1, but ISC has released a newer patch since the original
advisory. You should install the latest packages even if you upgraded
when the last advisory was released.
Debian alert: New version of userv released
The version of userv that was distributed with Debian GNU/Linux 2.1 / slink
had a problem in the fd swapping algorithm: it could sometimes make an
out-of-bounds array reference. It might be possible for local users
to abuse this to carry out unauthorised actions or be able to take
control for service user accounts.
Red Hat alert: Revised advisory: Updated package for nfs-utils available
This is an updated of RHSA-2000:043 that contains further
upgrade instructions.
The rpc.statd daemon in the nfs-utils package shipped in Red Hat
Linux 6.0, 6.1, and 6.2 contains a flaw that could lead to a
remote root break-in.
« Previous ( 1 ... 7440 7441 7442 7443 7444 7445 7446 ... 7447 ) Next »