Showing all newswire headlines

Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the "manual" browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable.

Updated ethereal packages are available which fix various security issues.

Zack Weinberg discovered an insecure use of a temporary file in os._execvpe from os.py. It uses a predictable name which could lead execution of arbitrary code.

Updated mailman packages are now available for Red Hat Secure Web Server 3.2 (U.S.). These updates close a cross-site scripting vulnerability present in mailman versions prior to version

The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code. The 'Manual' browser command passes an untrusted string to the shell without escaping or reliable quoting, permitting an attacker to execute arbitrary commands on the users machine. Unfortunately, Gaim doesn't display the hyperlink before the user clicks on it. Users who use other inbuilt browser commands aren't vulnerable.

A vulnerability was discovered by Solar Designer in xinetd. File descriptors for the signal pipe that were introduced in version 2.3.4 are leaked into services started by xinetd, which can then be used to talk to xinetd, resulting in a crash of xinetd.

Quoting DSA 147-1:

Updated mailman packages are now available for Red Hat Power Tools 7 and 7.1. These updates close a cross-site scripting vulnerability present in mailman versions prior to version

Updated mailman packages are now available for Red Hat Linux 7.2 and 7.3. These updates close a cross-site scripting vulnerability present in mailman versions prior to version

The IRC client irssi is vulnerable to a denial of service condition. The problem occurs when a user attempts to join a channel that has an overly long topic description. When a certain string is appended to the topic, irssi will crash.

All versions of the EPIC script Light prior to 2.7.30p5 (on the 2.7 branch) and prior to 2.8pre10 (on the 2.8 branch) running on any platform are vulnerable to a remotely-exploitable bug, which can lead to nearly arbitrary code execution.

Updated kernel packages are now available which fix an oops in the i810 3D kernel code. This kernel update also fixes a difficult to trigger race in the dcache (filesystem cache) code, as well as some potential security holes, although we are not currently aware of any exploits.

Due to a security engineering oversight, the SSL library from KDE, which Konqueror uses, doesn't check whether an intermediate certificate for a connection is signed by the certificate authority as safe for the purpose, but accepts it when it is signed. This makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, and abuse Konqueror users.

A number of security-related bugs have been found in Bugzilla version

PHP versions earlier than 4.1.0 contain a vulnerability that could allow arbitrary commands to be executed.

Jeroen Latour pointed out that we missed one uninitialized variable in DSA 153-1, which was insecurely used with file inclusions in the Mantis package, a php based bug tracking system. When such occasions are exploited, a remote user is able to execute arbitrary code under the webserver user id on the web server hosting the mantis system.

Updated libpng packages are available that fix a buffer overflow vulnerability.

A flaw was discovered in FAM's group handling. In the effect users are unable to FAM directories they have group read and execute permissions on. However, also unprivileged users can potentially learn names of files that only users in root's group should be able to view.

Updated Kerberos 5 packages are now available for Red Hat LInux 6.2, 7, 7.1, 7.2, and 7.3. These updates fix a buffer overflow in the XDR decoder.

A vulnerability was discovered in the BIND9 DNS server in versions prior to 9.2.1.