Showing all newswire headlines

A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence.

mozart, a development platform based on the Oz language, includes MIME configuration data which specifies that Oz applications should be passed to the Oz interpreter for execution. This means that file managers, web browsers, and other programs which honor the mailcap file could automatically execute Oz programs downloaded from untrusted sources. Thus, a malicious Oz program could execute arbitrary code under the uid of a user running a MIME-aware client program if the user selected a file (for example, choosing a link in a web browser).

liece, an IRC client for Emacs, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and liece, potentially with contents supplied by the attacker.

NOTE: due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-338-1". DSA-338-1 correctly refers to an earlier advisory regarding proftpd.

NOTE: due to a combination of administrative problems, this advisory was erroneously released with the identifier "DSA-337-1". DSA-337-1 correctly refers to an earlier advisory regarding gtksee.

x-face-el, a decoder for images included inline in X-Face email headers, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and x-face-el, potentially with contents supplied by the attacker.

semi, a MIME library for GNU Emacs, does not take appropriate security precautions when creating temporary files. This bug could potentially be exploited to overwrite arbitrary files with the privileges of the user running Emacs and semi, potentially with contents supplied by the attacker.

Updated Ethereal packages available to fix a number of remotely exploitable security issues

Updated PHP packages for Red Hat Linux 8.0 and 9 are available that fix a number of bugs, as well as a minor security problem in the transparent session ID functionality.

New XFree86 packages for Red Hat Linux 8.0 are now available which include several security fixes, bug fixes, enhancements, and driver updates. [Updated: June 30, 2003] The XFree86 4.

Updated unzip packages resolving a vulnerability allowing arbitrary files to be overwritten are now available.

NOTE: This advisory is being released as a factual correction to DSA-336-1. In an administrative error, DSA-336-1 listed several CVE names which did not, in fact, apply to Linux 2.2.20, and omitted one vulnerability which was fixed in the updated packages. The packages are (and were) correct, and remain unchanged. The package changelog contains the correct information. This advisory provides updated information only.

Viliam Holub discovered a bug in gtksee whereby, when loading PNG images of certain color depths, gtksee would overflow a heap-allocated buffer. This vulnerability could be exploited by an attacker using a carefully constructed PNG image to execute arbitrary code when the victim loads the file in gtksee.

runlevel [runlevel@raregazz.org] reported that ProFTPD's PostgreSQL authentication module is vulnerable to a SQL injection attack. This vulnerability could be exploited by a remote, unauthenticated attacker to execute arbitrary SQL statements, potentially exposing the passwords of other users, or to connect to ProFTPD as an arbitrary user without supplying the correct password.

A number of vulnerabilities have been discovered in the Linux kernel.

mantis, a PHP/MySQL web based bug tracking system, stores the password used to access its database in a configuration file which is world-readable. This could allow a local attacker to read the password and gain read/write access to the database.

Steve Kemp discovered several buffer overflows in xgalaga, a game, which can be triggered by a long HOME environment variable. This vulnerability could be exploited by a local attacker to gain gid 'games'.

acm, a multi-player aerial combat simulation, uses a network protocol based on the same RPC implementation used in many C libraries. This implementation was found to contain an integer overflow vulnerability which could be exploited to execute arbitrary code.

A number of vulnerabilities have been discovered in the Linux kernel.

imagemagick's libmagick library, under certain circumstances, creates temporary files without taking appropriate security precautions. This vulnerability could be exploited by a local user to create or overwrite files with the privileges of another user who is invoking a program using this library.