Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7360 7361 7362 7363 7364 7365 7366 7367 7368 7369 7370 ... 7439 ) Next »
Red Hat alert: Updated Ethereal packages fix security issues
Updated Ethereal packages that fix a number of exploitable security issues
are now available.
SuSE alert: hylafax
Hylafax is an Open Source fax server which allows sharing of fax equipment among computers by offering its service to clients by a protocol similar to http://FTP. The SuSE Security Team found a format bug condition during a code review of the hfaxd server. It allows remote attackers to execute arbitrary code as root. However, the bug can not be triggered in hylafax' default configuration.
Debian alert: New epic4 packages fix denial of service
Jeremy Nelson discovered a remotely exploitable buffer overflow in
EPIC4, a popular client for Internet Relay Chat (IRC). A malicious
server could craft a reply which triggers the client to allocate a
negative amount of memory. This could lead to a denial of service if
the client only crashes, but may also lead to executing of arbitrary
code under the user id of the chatting user.
Debian alert: New conquest packages fix local conquest exploit
Steve Kemp discovered a buffer overflow in the environment variable
handling of conquest, a curses based, real-time, multi-player space
warfare game, which could lead a local attacker to gain unauthorised
access to the group conquest.
Debian alert: New PostgreSQL packages fix buffer overflow
Tom Lane discovered a buffer overflow in the to_ascii function in
PostgreSQL. This allows remote attackers to execute arbitrary code on
the host running the database.
Announcing Fedora Core 1
The Fedora Project is a Red Hat-sponsored and community-supported open
source project that promotes rapid development of innovative open
source software through a collaborative, community effort.
Mandrake alert: Updated CUPS packages fix denial of service vulnerability
A bug in versions of CUPS prior to 1.1.19 was reported by Paul Mitcheson in the Internet Printing Protocol (IPP) implementation would result in CUPS going into a busy loop, which could result in a Denial of Service (DoS) condition. To be able to exploit this problem, an attacker would need to be able to make a TCP connection to the IPP port (port 631 by default).
Slackware alert: apache security update (SSA:2003-308-01)
Upgraded Apache packages are available for Slackware 8.1, 9.0, 9.1,
and -current. These fix local vulnerabilities that could allow users
who can create or edit Apache config files to gain additional
privileges. Sites running Apache should upgrade to the new packages.
Mandrake alert: Updated apache packages fix vulnerabilities
A buffer overflow in mod_alias and mod_rewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file (.htaccess or httpd.conf) in order to exploit these problems.
Mandrake alert: Updated postgresql packages fix buffer overflow vulnerability
Two bugs were discovered that lead to a buffer overflow in PostgreSQL versions 7.2.x and 7.3.x prior to 7.3.4, in the abstract data type (ADT) to ASCII conversion functions. It is believed that, under the right circumstances, an attacker may use this vulnerability to execute arbitrary instructions on the PostgreSQL server.
Red Hat alert: Updated CUPS packages fix denial of service
Updated CUPS packages that fix a problem where CUPS can hang are now available.
Red Hat alert: Updated fileutils/coreutils package fix ls vulnerabilities
Updated fileutils and coreutils packages that close a potential denial of
service vulnerability are now available.
Red Hat alert: Updated CUPS packages fix denial of service
Updated CUPS packages that fix a problem where CUPS can hang are now available.
SuSE alert: thttpd
Two vulnerabilities were found in the "tiny" web-server thttpd. The first bug is a buffer overflow that can be exploited remotely to overwrite the EBP register of the stack. Due to memory-alignment of the stack done by gcc 3.x this bug can not be exploited. All thttpd versions mentioned in this advisory are compiled with gcc 3.x and are therefore not exploitable. The other bug occurs in the virtual-hosting code of thttpd. A remote attacker can bypass the virtual-hosting mechanism to read arbitrary files.
Debian alert: New thttpd packages fix information leak, DoS and arbitrary code execution
Several vulnerabilities have been discovered in thttpd, a tiny HTTP
server.
Mozilla Links Newsletter - 5 - October 28, 2003
Past couple of weeks have been pretty interesting.
Slackware alert: fetchmail security update (SSA:2003-300-02)
Upgraded fetchmail packages are available for Slackware 8.1, 9.0,
9.1, and -current. These fix a vulnerability where a specially
crafted email could crash fetchmail, preventing the user from
downloading or forwarding their email.
Slackware alert: gdm security update (SSA:2003-300-01)
GDM is the GNOME Display Manager, and is commonly used to provide
a graphical login for local users.
Mandrake alert: Updated apache2 packages fix CGI scripting deadlock
A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in mod_cgi.
Mandrake alert: Updated fetchmail packages fix DoS vulnerability
A bug was discovered in fetchmail 6.2.4 where a specially crafted email message can cause fetchmail to crash.
« Previous ( 1 ... 7360 7361 7362 7363 7364 7365 7366 7367 7368 7369 7370 ... 7439 ) Next »