Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 7429 ... 7440 ) Next »
SuSE alert: kernel
Multiple security vulnerabilities have been found in all Linux kernels
of version 2.2 before version 2.2.19. Most of the found errors allow
a local attacker to gain root privileges. None of the found errors
in the v2.2 linux kernel make it possible for a remote attacker to
gain access to the system or to elevate privileges from the outside
of the system.
Red Hat alert: Updated Kerberos 5 packages available
Updated Kerberos 5 packages are now available for Red Hat Linux 6.2, 7,
and 7.1. These updates close a potential vulnerability present in the
gssapi-aware ftpd included in the krb5-workstation package.
Red Hat alert: Updated gnupg packages available
Updated gnupg packages are now available for Red Hat Linux 6.2, 7, and 7.1.
These updates address a potential vulnerability which could allow an
attacker to compute a user's secret key.
SuSE alert: cron
The crontab program is running setuser-id root and invokes the editor specified in the EDITOR environment variable, usually vi. If crontab discovers that the format of the edited file is incorrect, it executes the editor again but fails to drop its root privileges before. Therefore it is possible to execute arbitrary commands as root. It has been fixed by properly dropping the privileges before executing the editor. This bug was found by Sebastian Krahmer.
SuSE alert: cron
The crontab program is running setuser-id root and invokes the editor specified in the EDITOR environment variable, usually vi. If crontab discovers that the format of the edited file is incorrect, it executes the editor again but fails to drop its root privileges before. Therefore it is possible to execute arbitrary commands as root. Sebastian Krahmer has found the bug. It has been fixed by properly dropping the privileges before executing the editor.
Red Hat alert: New samba packages available to fix /tmp races
New samba packages are available; these packages fix /tmp races
in smbclient and the printing code. By exploiting these vulnerabilities,
local users could overwrite any file in the system.
It is recommended that all samba users upgrade to the fixed packages.
Please note that the packages for Red Hat Linux 6.2 require an updated
logrotate package.
Note: these packages include the security patch from Samba-
Red Hat alert: New samba packages available to fix /tmp races
New samba packages are available; these packages fix /tmp races
in smbclient and the printing code. By exploiting these vulnerabilities,
local users could overwrite any file in the system.
It is recommended that all samba users upgrade to the fixed packages.
Please note that the packages for Red Hat Linux 6.2 require an updated
logrotate package.
Note: these packages include the security patch from Samba-
Red Hat alert: New Zope packages are available
New Zope packages are available which fix a security flaw with ZClass.
Red Hat alert: New Zope packages are available
New Zope packages are available which fix a security flaw with ZClass.
Red Hat alert: Updated minicom packages available
The minicom program allows any user with local shell access to obtain
group uucp priveledges. It may also be possible for the malicious user
to obtain root priveledges as well.
Red Hat alert: Updated minicom packages available
The minicom program allows any user with local shell access to obtain
group uucp priveledges. It may also be possible for the malicious user
to obtain root priveledges as well.
Debian alert: samba security fix update
Marc Jacobsen from HP discovered that the security fixes from samba
2.0.8 did not fully fix the /tmp symlink attack problem. The samba
team released version 2.0.9 to fix that, and those fixes have been
added to version 2.0.7-3.3 of the Debian samba packages.
Red Hat alert: Updated nedit packages available
Updated nedit packages fixing a security problem are available.
Debian alert: gftp remote exploit
The gftp package as distributed with Debian GNU/Linux 2.2 has a problem
in its logging code: it logged data received from the network but it did
not protect itself from printf format attacks. An attacker can use this
by making a FTP server return special responses that exploit this.
Debian alert: man-db local exploit
Ethan Benson found a bug in man-db packages as distributed in
Debian/GNU/Linux 2.2. man-db includes a mandb tool which is used to
build an index of the manual pages installed on a system. When the -u or
- -c option were given on the command-line to tell it to write its database
to a different location it failed to properly drop privileges before
creating a temporary file. This makes it possible for an attacked to do
a standard symlink attack to trick mandb into overwriting any file that
is writable by uid man, which includes the man and mandb binaries.
Debian alert: zope remote unauthorized access
A new Zope hotfix has been released which fixes a problem in ZClasses.
The README for the 2001-05-01 hotfix describes the problem as `any user
can visit a ZClass declaration and change the ZClass permission mappings
for methods and other objects defined within the ZClass, possibly
allowing for unauthorized access within the Zope instance.'
Debian alert: cron local root exploit
A recent (fall 2000) security fix to cron introduced an error in giving
up privileges before invoking the editor. A malicious user could
easily gain root access.
SuSE alert: sgmltool
The sgmltool programs ("sgml2html" and others) are used to convert SGML-files into various other formats.
Red Hat alert: Updated mount package available
Updated mount packages fixing a potential security problem are available.
Red Hat alert: Updated kdelibs packages fixing security problem and memory leaks available
Updated kdelibs packages fixing a security problem, some memory leaks and
some minor bugs are available.
« Previous ( 1 ... 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 7429 ... 7440 ) Next »