Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7448 7449 7450 7451 7452 7453 7454 7455 7456 7457 7458 ... 7467 ) Next »

Debian alert: samba for sparc was incorrectly built

  • Mailing list (Posted by dave on Apr 19, 2001 12:48 AM EDT)
  • Story Type: Security; Groups: Debian
The updated samba packages that were mentioned in DSA-048-1 were unfortunately compiled incorrectly: the stable chroot we used turned out to be running unstable instead.

Debian alert: remote cfingerd exploit

  • Mailing list (Posted by dave on Apr 18, 2001 5:02 PM EDT)
  • Story Type: Security; Groups: Debian
Megyer Laszlo report on Bugtraq that the cfingerd Debian as distributed with Debian GNU/Linux 2.2 was not careful in its logging code. By combining this with an off-by-one error in the code that copied the username from an ident response cfingerd could exploited by a remote user. Since cfingerd does not drop its root privileges until after it has determined which user to finger an attacker can gain root privileges.

Debian alert: samba symlink attacks

  • Mailing list (Posted by dave on Apr 17, 2001 4:14 PM EDT)
  • Story Type: Security; Groups: Debian
Marcus Meissner discovered that samba was not creating temporary files safely in two places:

Announcing availability of Red Hat Linux 7.1 (Seawolf)

2001-- Red Hat, Inc. (Nasdaq:RHAT - news), the leader in developing, deploying and managing open source solutions, announced today the availability of Red Hat Linux 7.1, the latest version of the world's most popular open source server operating environment. Red Hat Linux 7.1 includes the new 2.4 kernel with improved SMP support for superior performance on Intel multi-processor platforms. Red Hat Linux 7.1 also delivers new configuration tools that enable users to effortlessly set up and administer DNS, Web and print servers. This release features Red Hat Network connectivity, including software manager.

Red Hat alert: Linux kernel 2.2.19 now available, provides security fixes, enhancements

  • Mailing list (Posted by dave on Apr 16, 2001 11:29 AM EDT)
  • Story Type: Security; Groups: Red Hat
A local denial of service attack and root compromise of the kernel have been corrected, drivers have been updated, and NFS version 3 has been integrated.

Red Hat alert: New netscape packages available (Red Hat Linux 7.1 added)

  • Mailing list (Posted by dave on Apr 16, 2001 10:27 AM EDT)
  • Story Type: Security; Groups: Red Hat
New netscape packages are availabe to fix a problem with the handling of JavaScript in certain situations. By exploiting this flaw, a remote site could gain access to the browser history, and possibly other data. It is recommended that all users upgrade to the fixed packages. 2001-04-16: netscape-4.77-1 packages are now available for Red Hat Linux 7.1 for Intel.

Debian alert: multiple kernel problems

  • Mailing list (Posted by dave on Apr 15, 2001 4:08 PM EDT)
  • Story Type: Security; Groups: Debian
The kernels used in Debian GNU/Linux 2.2 have been found to have multiple security problems. This is a list of problems based on the 2.2.19 release notes as found on http://www.linux.org.uk/ :

Debian alert: exuberant-ctags uses insecure temporary files

  • Mailing list (Posted by dave on Apr 15, 2001 4:23 AM EDT)
  • Story Type: Security; Groups: Debian
Colin Phipps discovered that the exuberant-ctags packages as distributed with Debian GNU/Linux 2.2 creates temporary files insecurely. This has been fixed in version 1:3.2.4-0.1 of the Debian package, and upstream version 3.5.

Red Hat alert: New netscape packages available

  • Mailing list (Posted by dave on Apr 10, 2001 6:32 PM EDT)
  • Story Type: Security; Groups: Red Hat
New netscape packages are availabe to fix a problem with the handling of JavaScript in certain situations. By exploiting this flaw, a remote site could gain access to the browser history, and possibly other data. It is recommended that all users upgrade to the fixed packages.

Red Hat alert: Updated pine packages available

  • Mailing list (Posted by dave on Apr 10, 2001 2:31 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated pine packages are now available for Red Hat Linux 7.0, 6.2, and 5.

SuSE alert: vim/gvim

  • Mailing list (Posted by dave on Apr 10, 2001 5:48 AM EDT)
  • Story Type: Security; Groups: SUSE
The text editor vim, Vi IMproved, was found vulnerable to two security bugs. 1.) a tmp race condition 2.) vim commands in regular files will be executed if the status line of vim is enabled in vimrc Both vulnerabilities could be used to gain unauthorized access to more privileges.

SuSE alert: mc

  • Mailing list (Posted by dave on Apr 10, 2001 5:46 AM EDT)
  • Story Type: Security; Groups: SUSE
The Midnight Commander, mc(1), is a ncurses-based file manager. A local attacker could trick mc(1) into executing commands with the privileges of the user running mc(1) by creating malicious directory names. This attack leads to local privilege escalation.

Debian alert: New version of ntp released

  • Mailing list (Posted by dave on Apr 9, 2001 2:59 PM EDT)
  • Story Type: Security; Groups: Debian
Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit. A previous advisory (DSA-045-1) partially addressed this issue, but introduced a potential denial of service attack. This has been corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato2.

SuSE alert: xntp

  • Mailing list (Posted by dave on Apr 9, 2001 12:36 PM EDT)
  • Story Type: Security; Groups: SUSE
xntp is the network time protocol package widely used with many unix and linux systems for system time synchronization over a network. An exploit published by Przemyslaw Frasunek demonstrates a buffer overflow in the control request parsing code. The exploit allows a remote attacker to execute arbitrary commands as root. All versions as shipped with SuSE Linux are affected by the buffer overflow problem.

Slackware alert: buffer overflow fix for NTP

The version of xntp3 that shipped with Slackware 7.1 as well as the version that was in Slackware -current contains a buffer overflow bug that could lead to a root compromise. Slackware 7.1 and Slackware -current users are urged to upgrade to the new packages available for their release.

Red Hat alert: Network Time Daemon (ntpd) has potential remote root exploit

  • Mailing list (Posted by dave on Apr 8, 2001 1:25 PM EDT)
  • Story Type: Security; Groups: Red Hat
The Network Time Daemon (ntpd) supplied with all releases of Red Hat Linux is vulnerable to a buffer overflow, allowing a remote attacker to potentially gain root level access to a machine. All users of ntpd are strongly encouraged to upgrade.

Debian alert: ntp remote root exploit fixed

  • Mailing list (Posted by dave on Apr 5, 2001 6:48 AM EDT)
  • Story Type: Security; Groups: Debian
Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL> reported that ntp daemons such as that released with Debian GNU/Linux are vulnerable to a buffer overflow that can lead to a remote root exploit. This has been corrected for Debian 2.2 (potato) in ntp version 4.0.99g-2potato1.

Red Hat alert: Updated openssh packages available

  • Mailing list (Posted by dave on Apr 2, 2001 12:59 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated openssh packages are now available for Red Hat Linux 7. These packages fix an error in the supplied init script and PAM configuration file.

SuSE alert: joe

  • Mailing list (Posted by dave on Mar 28, 2001 1:28 AM EDT)
  • Story Type: Security; Groups: SUSE
A bug in joe(1), a userfriendly text editor, was found by Christer Öberg of Wkit Security AB a few weeks ago. After starting joe(1) it tries to open its configuration file joerc in the current directory, the users home directory and some other locations. joe(1) doesn't check the ownership of joerc when trying the current directory. An attacker could place a malicious joerc file in a public writeable directory, like /tmp, to execute commands with the privilege of any user (including root), which runs joe while being in this directory.

SuSE alert: eperl

  • Mailing list (Posted by dave on Mar 28, 2001 1:27 AM EDT)
  • Story Type: Security; Groups: SUSE
The ePerl program is a interpreter for the Embedded Perl 5 Language. It's main purpose is to serve as Webserver scripting language for dynamic HTML page programming. Besides this it could also serve as a standalone Unix filter. Fumitoshi Ukai and Denis Barbier have found several potential buffer overflows, which could lead to local privilege escalation if installed setuid (note: it's not installed setuid per default) or to remote compromise.

« Previous ( 1 ... 7448 7449 7450 7451 7452 7453 7454 7455 7456 7457 7458 ... 7467 ) Next »