Showing all newswire headlines

Paul Szabo discovered that znew, a script included in the gzip package, creates its temporary files without taking precautions to avoid a symlink attack (CAN-2003-0367).

The PPTP daemon contains a remotely exploitable buffer overflow which was introduced due to a integer overflow in the third argument passed to the read() library call. This bug has been fixed. Since there is no workaround other than shutting down the PPTP daemon an update is strongly recommended if you need a PPTP server running.

The well known Common Unix Printing System (CUPS) was found vulnerable to a remote Denial of Service attack. The CUPS daemon will stop serving clients if the second carriage return in a request is not sent to complete the header. Since the vulnerability occurs before any authorization or address verification there is no other workaround than shutting down the CUPS server.

Updated hanterm packages fix two security issues.

A vulnerability was discovered in kon2, a Kanji emulator for the console. A buffer overflow in the command line parsing can be exploited, leading to local users being able to gain root privileges.

Updated KDE packages that resolve a vulnerability in KDE's SSL implementation are now available.

A buffer overflow in kon2 allows local users to obtain root privileges.

Updated kernel packages are now available that contain fixes for security vulnerabilities as well as fixes for bugs in the audigy, cmd640 IDE, and USB drivers.

Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.

Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now available. These packages fix a ptrace-related vulnerability that can lead to elevated (root) privileges. [Updated 30 March 2003] Updated kernel packages for Red Hat Linux 7.2 ia64 have been added. [Updated 28 May 2003] Replacement kernel packages for Red Hat Linux 7.2 ia64 have been added; the previous packages did not contain the fix for the ptrace vulnerability.

Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.

New ghostscript packages fixing a command execution vulnerability are now available.

A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default).

Upgraded CUPS packages are available for Slackware 8.1, 9.0, and -current to fix a denial of service attack vulnerability.

gPS is a graphical application to watch system processes. In release 1.1.0 of the gps package, several security vulnerabilities were fixed, as detailed in the changelog:

Updated httpd packages that fix two security issues are now available for Red Hat Linux 8.0 and 9.

Another integer overflow was found in glibc' XDR code. This bug is equal to the one described in advisory SuSE-SA:2002:031. The overflow occurs in the function xdrmem_getbytes() and can be used by external attackers to execute arbitrary code.

Updated CUPS packages that fix a denial of service vulnerability are now available.

A bug was discovered in GnuPG versions 1.2.1 and earlier. When gpg evaluates trust values for different UIDs assigned to a key, it would incorrectly associate the trust value of the UID with the highest trust value with every other UID assigned to that key. This prevents a warning message from being given when attempting to encrypt to an invalid UID, but due to the bug, is accepted as valid.

NOTE: The original advisory quotes a section of the Slackware ChangeLog which had inadvertently reversed the options to quotacheck. The correct option to use is 'm'. A corrected advisory follows: