Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7441 7442 7443 7444 7445 7446 7447 7448 7449 7450 7451 ... 7467 ) Next »
Red Hat alert: kernel 2.2 and 2.4: syncookie vulnerability
Syncookies are used to protect a system against certain Denial Of Service
(DOS) attacks. A flaw in this mechanism has been found which can be used to
circumvent certain types of firewall configurations.
Note: syncookies are not enabled in the default installation of Red Hat
Linux but many server administrators do enable syncookies.
SuSE alert: kernel (update)
Information about the security problems fixed with the new kernel rpm packages from SuSE Security Announcement: kernel (SuSE-SA:2001:036) has been withheld in coordination with other Linux distributors/vendors. We hereby re-release SuSE-SA:2001:036 with the new announcement ID SuSE-SA:2001:039, now including additional information about the bugs fixed.
Red Hat alert: New ucd-snmp package to fix several security vulnerabilities
Updated ucd-snmp packages are now available for Red Hat Linux 6.2, 7 and
7.1. These packages include fixes for the following problems:
- /tmp race and setgroups() privilege problem
- Various buffer overflow and format string issues
- One signedness problem in ASN handling
It is recommended that all users update to the fixed packages.
Red Hat alert: Comprehensive Printing Update
A collection of security fixes, bug fixes, and functionality updates,
including the Omni print drivers from IBM.
SuSE alert: uucp
UUCP is a well known tool suite for copying data between unix-like systems. Zen-Parse reported that the higher privileges of uux (UID uucp) aren't dropped if long options instead of normal (short) options are used. An attacker could exploit this hole, by specifying a malicious configuration file to execute and/or access arbitrary data with the privilege of user uucp.
Red Hat alert: New teTeX packages available
Updated teTeX packages are available, fixing a temporary file handling
vulnerability and an insecure invocation of dvips in a print filter.
Red Hat alert: Updated webalizer package available
These updated webalizer package fixes a security problem and some minor bugs.
Red Hat alert: Updated webalizer packages available
Updated webalizer packages are available which fix a security problem and
some minor bugs.
Red Hat alert: Updated webalizer packages available
Updated webalizer packages are available which fix a security problem and
some minor bugs.
SuSE alert: squid
The squid proxy server can be crashed with a malformed request, resulting in a denial of service attack. After the crash, the squid proxy must be restarted. The weakness can only be triggered from an address that is allowed to send requests, as configured in the squid configuration file.
Red Hat alert: Printing exposes system files to reading.
When used in a spooling environment, it is inappropriate to allow programs
to read arbitrary files as a result of print requests. Ghostscript, a
postscript interpreter, can read arbitrary system files with the same
permissions as the print spooler, potentially exposing the system to an
information compromise.
SuSE alert: kernel
Two security related problems have been found in both the 2.2 and
2.4 series kernels:
Red Hat alert: Updated mod_auth_pgsql packages available
Updated mod_auth_pgsql packages are now available for Red Hat Linux 7.
Red Hat alert: Updated mod_auth_pgsql packages available
Updated mod_auth_pgsql packages are now available for Red Hat Linux 7.
SuSE alert: htdig
ht://Dig is a powerfull indexing and information gathering tool for the web. ht://Dig's search engine htsearch could be run by a http server as CGI program or standalone as commandline tool. Due to insufficient checking of the running environment it is possible to use commandline options via CGI. An remote attacker could use the -c option to specify /dev/zero as an alternate config file to causes a denial of service for some minutes. To read files with the privilege of the http server by abusing the -c option an attacker needs write access to the server running htsearch.
SuSE alert: shadow/login
Multiple Linux vendors have issued security announcements about failures of the /bin/login program to properly initialize the privileges of an authenticated user if the PAM module pam_limits is enabled. The bug has been categorized as a sequence bug, and is located in the code of the login program itself: A call to getpwnam(3) returns a pointer to a struct passwd, and the data is being used. Then, a call to PAM routines cause getpwnam(3) to be called again, but beyond the programmer's control or knowledge. The pointer as returned by the first getpwnam(3) remains the same, but the data may be different. By consequence, the data is in an undefined state. The error appears with the pam_limits PAM module only because other PAM modules do not call getpwnam(3).
Red Hat alert: New kernel 2.4 packages are available
A vulnerability has been found in the ptrace code of the kernel (ptrace is
the part that allows program debuggers to run) that could be abused by
local users to gain root privileges.
2001-10-22: Kernel updates are now available for Red Hat Linux 7.
Announcing the availability of Red Hat Linux 7.2 (Enigma)
Red Hat, Inc. (NASDAQ:RHAT)
today announced that Red Hat Linux 7.2 and Red Hat Linux Professional are
now available in stores, through computer resellers and direct from Red Hat.
The latest version of the market leading Linux distribution adds significant
new capabilities, both for use as a workstation and use as a server. Red Hat
Linux 7.2 and Red Hat Linux Professional will also be available through
hardware partners in the coming weeks.
Red Hat alert: New squid packages available to fix FTP-based DoS
New squid packages are available that fix a potential DoS in Squid's FTP
handling code. It is recommened that squid users update to the fixed
packages.
The packages for Red Hat Linux 6.2 also fix the problem described in
RHSA-2001:097-04; it was later discovered that Red Hat Linux 6.2 is
vulnerable to the same problem in accelerator-only mode.
2001-10-22: Packages are now available for Red Hat Linux 7.
Red Hat alert: New squid packages available to fix FTP-based DoS
New squid packages are available that fix a potential DoS in Squid's FTP
handling code. It is recommened that squid users update to the fixed
packages.
The packages for Red Hat Linux 6.2 also fix the problem described in
RHSA-2001:097-04; it was later discovered that Red Hat Linux 6.2 is
vulnerable to the same problem in accelerator-only mode.
2001-10-22: Packages are now available for Red Hat Linux 7.
« Previous ( 1 ... 7441 7442 7443 7444 7445 7446 7447 7448 7449 7450 7451 ... 7467 ) Next »