Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7252 7253 7254 7255 7256 7257 7258 7259 7260 7261 7262 ... 7264 ) Next »
SuSE alert: openssh/ssh
openssh is an implementation of the secure shell protocol, available under the BSD license, primarily maintained by the OpenBSD Project.
Red Hat alert: New ncurses packages fixing buffer overrun available
If you are any setuid applications that use ncurses and its cursor movement
functionality, local users may gain access to the program's privileges.
Debian alert: New version of ghostscript released
ghostscript uses temporary files to do some of its work. Unfortunately
the method used to create those files wasn't secure: mktemp was used
to create a name for a temporary file, but the file was not opened
safely. A second problem is that during build the LD_RUN_PATH environment
variable was set to the empty string, which causes the dynamic linker
to look in the current directory for shared libraries.
Red Hat alert: new modutils release addresses more local root compromise possibilities
A new modutils-
Red Hat alert: ghostscript uses mktemp instead of mkstemp, and uses an improper LD_RUN_PATH
ghostscript makes use of mktemp instead of mkstemp to create temp files;
and also uses improper LD_RUN_PATH values, causing it to search for
libraries in the current directory.
Debian alert: New version of modutils released
Sebastian Krahmer raised an issue in modutils. In an ideal world
modprobe should trust the kernel to only pass valid parameters to
modprobe. However he has found at least one local root exploit
because high level kernel code passed unverified parameters direct
from the user to modprobe. So modprobe no longer trusts kernel input
and switches to a safemode.
Debian alert: No koules vulnerability
Guido Bakker has reported a local root vulnerability that can result
in local users gaining root permission on a host running
koules.sndsrv.linux using a buffer overflow.
Debian alert: New version of elvis-tiny released
Topi Miettinen audited elvis-tiny and raised an issue covering the use
and creation of temporary files. Those files are created with a
predictable pattern and O_EXCL flag is not used when opening. This
makes users of elvis-tiny vulnerable to race conditions and/or data
lossage.
Debian alert: New Debian xmcd packages released
The Debian GNU/Linux xmcd package has historically installed two setuid
helpers for accessing cddb databases and SCSI cdrom drives. More recently,
the package offered the administrator the chance to remove these setuid
flags, but did so incorrectly.
Debian alert: New Debian ncurses packages released
The version of the ncurses display library shipped with Debian GNU/Linux 2.2
is vulnerable to several buffer overflows in the parsing of terminfo
database files. This problem was discovered by Jouko Pynnönen
<jouko@solutions.fi>. The problems are only exploitable in the presence of
setuid binaries linked to ncurses which use these particular functions,
including xmcd versions before 2.5pl1-7.1.
Debian alert: New version of ethereal released
hacksware reported a buffer overflow in the AFS packet parsing code in
ethereal. Gerald Combs then found more overflows in the netbios and ntp
decoding logic as well. An attacker can exploit those overflows by
sending carefully crafted packets to a network that is being monitored
by ethereal.
Debian alert: New version of joe released
When joe (Joe's Own Editor) dies due to a signal instead of a normal
exit it saves a list of the files it is editing to a file called `DEADJOE'
in its current directory. Unfortunately this wasn't done safely which made
joe vulnerable to a symlink attack.
Red Hat alert: Updated openssh packages available for Red Hat Linux 7
Updated openssh packages are now available for Red Hat Linux 7.
Red Hat alert: Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7
Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.
Debian alert: New version of tcpdump released
During internal source code auditing by FreeBSD several buffer overflows
were found which allow an attacker to make tcpdump crash by sending
carefully crafted packets to a network that is being monitored with
tcpdump.
Debian alert: New version of modutils released
Sebastian Krahmer found a problem in the modprobe utility that could be
exploited by local users to run arbitrary commands as root if the
machine is running a kernel with kmod enabled.
Debian alert: New version of cupsys released
Mandrake has recently released a security advisory against CUPS
raising two issues:
Debian alert: New Debian cron packages released
The version of Vixie Cron shipped with Debian GNU/Linux 2.2 is vulnerable to
a local attack, discovered by Michal Zalewski. Several problems, including
insecure permissions on temporary files and race conditions in their
deletion, allowed attacks from a denial of service (preventing the editing
of crontabs) to an escalation of priviledge (when another user edited their
crontab).
Debian alert: New version of openssh released
The adv.fwd security advisory from OpenBSD reported a problem
with openssh that Jacob Langseth <jwl@pobox.com> found: when
the connection is established the remote ssh server can force
the ssh client to enable agent and X11 forwarding.
Red Hat alert: Updated modutils fixing local root security bug available
A local root exploit in modutils has been fixed.
2000-11-17: New packages available for Red Hat Linux 6.2 to
fix an error in the previous packages.
« Previous ( 1 ... 7252 7253 7254 7255 7256 7257 7258 7259 7260 7261 7262 ... 7264 ) Next »