Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 7429 ... 7440 ) Next »

SuSE alert: kernel

  • Mailing list (Posted by dave on May 17, 2001 6:41 AM EDT)
  • Story Type: Security; Groups: SUSE
Multiple security vulnerabilities have been found in all Linux kernels of version 2.2 before version 2.2.19. Most of the found errors allow a local attacker to gain root privileges. None of the found errors in the v2.2 linux kernel make it possible for a remote attacker to gain access to the system or to elevate privileges from the outside of the system.

Red Hat alert: Updated Kerberos 5 packages available

  • Mailing list (Posted by dave on May 16, 2001 5:35 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated Kerberos 5 packages are now available for Red Hat Linux 6.2, 7, and 7.1. These updates close a potential vulnerability present in the gssapi-aware ftpd included in the krb5-workstation package.

Red Hat alert: Updated gnupg packages available

  • Mailing list (Posted by dave on May 16, 2001 5:35 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated gnupg packages are now available for Red Hat Linux 6.2, 7, and 7.1. These updates address a potential vulnerability which could allow an attacker to compute a user's secret key.

SuSE alert: cron

  • Mailing list (Posted by dave on May 15, 2001 5:50 AM EDT)
  • Story Type: Security; Groups: SUSE
The crontab program is running setuser-id root and invokes the editor specified in the EDITOR environment variable, usually vi. If crontab discovers that the format of the edited file is incorrect, it executes the editor again but fails to drop its root privileges before. Therefore it is possible to execute arbitrary commands as root. It has been fixed by properly dropping the privileges before executing the editor. This bug was found by Sebastian Krahmer.

SuSE alert: cron

  • Mailing list (Posted by dave on May 15, 2001 4:48 AM EDT)
  • Story Type: Security; Groups: SUSE
The crontab program is running setuser-id root and invokes the editor specified in the EDITOR environment variable, usually vi. If crontab discovers that the format of the edited file is incorrect, it executes the editor again but fails to drop its root privileges before. Therefore it is possible to execute arbitrary commands as root. Sebastian Krahmer has found the bug. It has been fixed by properly dropping the privileges before executing the editor.

Red Hat alert: New samba packages available to fix /tmp races

  • Mailing list (Posted by dave on May 14, 2001 6:20 PM EDT)
  • Story Type: Security; Groups: Red Hat
New samba packages are available; these packages fix /tmp races in smbclient and the printing code. By exploiting these vulnerabilities, local users could overwrite any file in the system. It is recommended that all samba users upgrade to the fixed packages. Please note that the packages for Red Hat Linux 6.2 require an updated logrotate package. Note: these packages include the security patch from Samba-

Red Hat alert: New samba packages available to fix /tmp races

  • Mailing list (Posted by dave on May 14, 2001 6:20 PM EDT)
  • Story Type: Security; Groups: Red Hat
New samba packages are available; these packages fix /tmp races in smbclient and the printing code. By exploiting these vulnerabilities, local users could overwrite any file in the system. It is recommended that all samba users upgrade to the fixed packages. Please note that the packages for Red Hat Linux 6.2 require an updated logrotate package. Note: these packages include the security patch from Samba-

Red Hat alert: New Zope packages are available

  • Mailing list (Posted by dave on May 14, 2001 3:41 PM EDT)
  • Story Type: Security; Groups: Red Hat
New Zope packages are available which fix a security flaw with ZClass.

Red Hat alert: New Zope packages are available

  • Mailing list (Posted by dave on May 14, 2001 3:41 PM EDT)
  • Story Type: Security; Groups: Red Hat
New Zope packages are available which fix a security flaw with ZClass.

Red Hat alert: Updated minicom packages available

  • Mailing list (Posted by dave on May 10, 2001 11:19 AM EDT)
  • Story Type: Security; Groups: Red Hat
The minicom program allows any user with local shell access to obtain group uucp priveledges. It may also be possible for the malicious user to obtain root priveledges as well.

Red Hat alert: Updated minicom packages available

  • Mailing list (Posted by dave on May 10, 2001 11:19 AM EDT)
  • Story Type: Security; Groups: Red Hat
The minicom program allows any user with local shell access to obtain group uucp priveledges. It may also be possible for the malicious user to obtain root priveledges as well.

Debian alert: samba security fix update

  • Mailing list (Posted by dave on May 9, 2001 6:06 AM EDT)
  • Story Type: Security; Groups: Debian
Marc Jacobsen from HP discovered that the security fixes from samba 2.0.8 did not fully fix the /tmp symlink attack problem. The samba team released version 2.0.9 to fix that, and those fixes have been added to version 2.0.7-3.3 of the Debian samba packages.

Red Hat alert: Updated nedit packages available

  • Mailing list (Posted by dave on May 8, 2001 6:08 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated nedit packages fixing a security problem are available.

Debian alert: gftp remote exploit

  • Mailing list (Posted by dave on May 8, 2001 5:55 AM EDT)
  • Story Type: Security; Groups: Debian
The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making a FTP server return special responses that exploit this.

Debian alert: man-db local exploit

  • Mailing list (Posted by dave on May 8, 2001 5:55 AM EDT)
  • Story Type: Security; Groups: Debian
Ethan Benson found a bug in man-db packages as distributed in Debian/GNU/Linux 2.2. man-db includes a mandb tool which is used to build an index of the manual pages installed on a system. When the -u or - -c option were given on the command-line to tell it to write its database to a different location it failed to properly drop privileges before creating a temporary file. This makes it possible for an attacked to do a standard symlink attack to trick mandb into overwriting any file that is writable by uid man, which includes the man and mandb binaries.

Debian alert: zope remote unauthorized access

  • Mailing list (Posted by dave on May 7, 2001 7:01 AM EDT)
  • Story Type: Security; Groups: Debian
A new Zope hotfix has been released which fixes a problem in ZClasses. The README for the 2001-05-01 hotfix describes the problem as `any user can visit a ZClass declaration and change the ZClass permission mappings for methods and other objects defined within the ZClass, possibly allowing for unauthorized access within the Zope instance.'

Debian alert: cron local root exploit

  • Mailing list (Posted by dave on May 7, 2001 4:11 AM EDT)
  • Story Type: Security; Groups: Debian
A recent (fall 2000) security fix to cron introduced an error in giving up privileges before invoking the editor. A malicious user could easily gain root access.

SuSE alert: sgmltool

  • Mailing list (Posted by dave on May 4, 2001 4:54 AM EDT)
  • Story Type: Security; Groups: SUSE
The sgmltool programs ("sgml2html" and others) are used to convert SGML-files into various other formats.

Red Hat alert: Updated mount package available

  • Mailing list (Posted by dave on May 2, 2001 12:51 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated mount packages fixing a potential security problem are available.

Red Hat alert: Updated kdelibs packages fixing security problem and memory leaks available

  • Mailing list (Posted by dave on Apr 30, 2001 9:35 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated kdelibs packages fixing a security problem, some memory leaks and some minor bugs are available.

« Previous ( 1 ... 7419 7420 7421 7422 7423 7424 7425 7426 7427 7428 7429 ... 7440 ) Next »