Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7357 7358 7359 7360 7361 7362 7363 7364 7365 7366 7367 ... 7439 ) Next »
Mandrake alert: Updated proftpd packages fix remote root vulnerability
A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell.
Debian alert: New xsok packages fix local group games exploit
Steve Kemp discovered a problem in xsok, a single player strategy game
for X11, related to the Sokoban game, which leads a user to execute
arbitrary commands under the GID of games.
Mozilla Links Newsletter - 9 - December 23, 2003
We are glad to announce that the next Mozilla Links issue (due
January 2004) will be available as a subscription in Dutch, joining
current English and Polish editions. Expect Japanese and German coming
very soon. So now you can subscribe to Mozilla Links and have it
delivered every two weeks in your prefered language.
Interview with Michael Phipps, Project Leader of OpenBeOS
Koki from the japanese site jpbe recently interviewed Michael Phipps the project leader of OpenBeOS. The original interview in japanese can be found here. Read more for the english version of the interview.
Desktop row threatens unified Linux effort
The latest project aimed at simplifying the complexity of the Linux world has met an early roadblock - the fractious relationship between the two biggest user interface systems
Mandrake alert: Updated XFree86 packages fix xdm vulnerability
A vulnerability was discovered in the XDM display manager that ships with XFree86. XDM does not check for successful completion of the pam_setcred() call and in the case of error conditions in the installed PAM modules, XDM may grant local root access to any user with valid login credentials. It has been reported that a certain configuration of the MIT pam_krb5 module can result in a failing pam_setcred() call which leaves the session alive and would provide root access to any regular user. It is also possible that this vulnerability can likewise be exploited with other PAM modules in a similar manner.
Mini Interview with Ximian's Robert Love
Robert Love, well known figure for his kernel hacking, preemptive patch and his recent book (review), joined Ximian recently in an effort to improve the Linux desktop experience via kernel development. Today we feature a mini-Q&A with Robert about this new project.
Interview: Red Hat's Owen Taylor on GTK+
Today we are very happy to feature an interview with Red Hat engineer Owen Taylor. Owen is the project leader of the GTK+ multi-platform toolkit, also known for his contributions on Pango. It is also important to note that a few days ago he received the highest number of votes for the Gnome Board of Directors elections. In the following Q&A we discuss about the features on GTK+ 2.6 and beyond, RAD tools, performance, GL and other widgets, GTK# and lots more!
Mandrake alert: Updated irssi packages fix remote crash
A vulnerability in versions of irssi prior to 0.8.9 would allow a remote user to crash another user's irssi client provided that the client was on a non-x86 architecture or if the "gui print text" signal is being used by some script or plugin.
Mandrake alert: Updated lftp packages fix buffer overflow vulnerability
A buffer overflow vulnerability was discovered by Ulf Harnhammar in the lftp FTP client when connecting to a web server using HTTP or HTTPS and using the "ls" or "rels" command on specially prepared directory. This vulnerability exists in lftp versions 2.3.0 through 2.6.9 and is corrected upstream in 2.6.10.
SuSE alert: lftp
The the flexible and powerful FTP command-line client lftp is vulnerable to two remote buffer overflows. When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels' specially prepared directories on the server can trigger a buffer overflow in the HTTP handling functions of lftp to possibly execute arbitrary code on the client-side. Please note, to exploit these bugs an attacker has to control the server- side of the context and the attacker will only gain access to the account of the user that is executing lftp.
Mandrake alert: Updated net-snmp packages fix vulnerability
A vulnerability in Net-SNMP versions prior to 5.0.9 could allow an existing user/community to gain access to data in MIB objects that were explicitly excluded from their view.
Slackware alert: cvs security update (SSA:2003-345-01)
CVS is a client/server version control system. As a server, it
is used to host source code repositories. As a client, it is
used to access such repositories. This advisory deals with the
use of CVS as a server.
Mandrake alert: Updated ethereal packages fix multiple remotely exploitable vulnerabilities
A number of vulnerabilities were discovered in ethereal that, if exploited, could be used to make ethereal crash or run arbitrary code by injecting malicious malformed packets onto the wire or by convincing someone to read a malformed packet trace file.
Red Hat alert: Updated gnupg packages disable ElGamal keys
Updated gnupg packages are now available for Red Hat Linux. These updates
disable the ability to generate ElGamal keys (used for both signing and
encrypting) and disable the ability to use ElGamal public keys for
encrypting data.
Mandrake alert: Updated cvs packages fix malformed module request vulnerability
A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository.
Mozilla Links Newsletter - 8 - December 9, 2003
As you may know, currently in-development Mozilla Firebird and
Mozilla Thunderbird, are expected to become the main browser and
e-mail applications at some time during the first half of 2004. So you
may want to know that Mozilla Thunderbird 0.4 was just released. It
features bug (errors) fixes and welcome improvements like address
book Palm synchronization.
Mandrake alert: Updated screen packages fix buffer overflow vulnerability
A vulnerability was discovered and fixed in screen by Timo Sirainen who found an exploitable buffer overflow that allowed privilege escalation. This vulnerability also has the potential to allow attackers to gain control of another user's screen session. The ability to exploit is not trivial and requires approximately 2GB of data to be transferred in order to do so.
Mandrake alert: Updated cvs packages fix malformed module request vulnerability
A vulnerability was discovered in the CVS server < 1.11.10 where a malformed module request could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository.
« Previous ( 1 ... 7357 7358 7359 7360 7361 7362 7363 7364 7365 7366 7367 ... 7439 ) Next »