LXer Weekly Security Roundup - 2/2/2004 - 2/9/2004

Posted by dave on Feb 9, 2004 5:36 AM EDT
LXer
Mail this story
Print this story

There were 13 security alerts issued last week: 5 from Red Hat, 5 from Debian, 1 from Fedora, 1 from Mandrake, and 1 from Conectiva.

Conectiva alert: libtool
Feb 5, 2004 9:29 PM
Joseph S. Myers and Stefan Nordhausen independently found[1,2] a vulnerability[3] in the way the ltmain.sh script (which is part of the libtool package) creates temporary directories for its use.



Debian alert: New crawl packages fix potential local games exploit
Feb 3, 2004 5:42 PM
"Steve Kemp from the GNU/Linux audit project discovered a problem in crawl, another console based dungeon exploration game, in the vein of nethack and rogue. The program uses several environment variables as inputs but doesn't apply a size check before copying one of them into a fixed size buffer."



Debian alert: New gaim packages fix several vulnerabilities
Feb 5, 2004 3:27 PM
"Stefan Esser discovered several security related problems in Gaim, a multi-protocol instant messaging client. Not all of them are applicable for the version in Debian stable, but affected the version in the unstable distribution at least."



Debian alert: New Linux 2.4.17 packages fix local root exploit (mips+mipsel)
Feb 4, 2004 1:37 PM
"RedHat and SuSE kernel and security teams revealed an integer overflow in the do_brk() function of the Linux kernel allows local users to gain root privileges."



Debian alert: New mailman packages fix several vulnerabilities
Feb 9, 2004 2:45 AM
The cross-site scripting vulnerabilities could allow an attacker to perform administrative operations without authorization, by stealing a session cookie.



Debian alert: New mpg123 packages fix heap overflow
Feb 6, 2004 8:27 PM
"A vulnerability was discovered in mpg123, a command-line mp3 player, whereby a response from a remote HTTP server could overflow a buffer allocated on the heap, potentially permitting execution of arbitrary code with the privileges of the user invoking mpg123. In order for this vulnerability to be exploited, mpg321 would need to request an mp3 stream from a malicious remote server via HTTP."



Fedora Security Update Notification netpbm-9.24-12.1.1
Feb 6, 2004 5:09 PM
This update of the netpbm package fixes some security holes found by the Debian group. An update to the latest version these packages provide is recommended to every user of the netpbm programs and toosl.



Mandrake security alert: Updated glibc packages fix resolver vulnerabilities
Feb 5, 2004 3:08 AM
"A read buffer overflow vulnerability exists in the resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes, which can cause an application to crash."



Red Hat alert: Updated kernel packages resolve minor security vulnerabilities
Feb 3, 2004 11:16 PM
"Updated kernel packages are now available that fix a few security issues, an NFS performance issue, and an e1000 driver loading issue introduced in Update 3."



Red Hat alert: Updated mailman packages close cross-site scripting vulnerabilities
Feb 7, 2004 1:38 AM
"Updated mailman packages that close various cross-site scripting vulnerabilities are now available."



Red Hat alert: Updated mc packages resolve buffer overflow vulnerability
Feb 3, 2004 2:18 PM
"Updated mc packages that resolve a buffer overflow vulnerability are now available."



Red Hat alert: Updated NetPBM packages fix multiple temporary file vulnerabilities
Feb 3, 2004 2:18 PM
"Updated NetPBM packages are available that fix a number of temporary file vulnerabilities in the netpbm libraries."



Red Hat alert: Updated util-linux packages fix information leak
Feb 3, 2004 2:18 PM
"In some situations, the login program could use a pointer that had been freed and reallocated. This could cause unintentional data leakage."



  Nav
» Read more about: Groups: Kernel, Conectiva, Debian, LXer, Fedora, Red Hat, SUSE, GNU; Story Type: News Story

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.