Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7449 7450 7451 7452 7453 7454 7455 7456 7457 7458 7459 ... 7467 ) Next »
Red Hat alert: Updated Kerberos 5 and pam_krb5 packages available
Updated Kerberos 5 packages are now available for Red Hat Linux 6 and 7.
These packages fix a vulnerability in the handling of Kerberos IV ticket
files. Updated pam_krb5 packages are now available for Red Hat Linux 7.
Red Hat alert: Updated openssh packages available
Updated openssh packages are now available for Red Hat Linux 7. These
packages reduce the amount of information a passive attacker can deduce
from observing an encrypted session.
SuSE alert: nkitb/nkitserv
Two parts of the nkitb/nkitserv package are vulnerable to security related bugs. in.ftpd(8): A one-byte bufferoverflow was discovered in the OpenBSD port of the FTP daemon in.ftpd(8) several weeks ago. This bug could just be triggered by authenticated users, which have write access. This bug is believed to not be exploitable under Linux. However, we prefer to provide a fixed update package to make sure that the daemon is on the safe side. in.ftpd(8) will be invoked by inetd(8) and is activated by default.
SuSE alert: pop
The eMail access daemons imapd(8), ipop2d(8) and ipop3d(8) of SuSE 6.1 are vulnerable to several buffer overflows. Due to a misconfiguration these vulnerbilities could be triggered remotely after a user had been authenticated.
SuSE alert: nkitb/nkitserv
Two parts of the nkitb/nkitserv package are vulnerable to security related bugs. in.ftpd(8): A one-byte bufferoverflow was discovered in the OpenBSD port of the FTP daemon in.ftpd(8) several weeks ago. This bug could just be triggered by authenticated users, which have write access. This bug is believed to not be exploitable under Linux. However, we prefer to provide a fixed update package to make sure that the daemon is on the safe side. in.ftpd(8) will be invoked by inetd(8) and is activated by default.
SuSE alert: impad
The eMail access daemons impad(8), ipop2d(8) and ipop3d(8) of SuSE 6.1 are vulnerable to several buffer overflows. Due to a misconfiguration these vulnerbilities could be triggered remotely after a user had been authenticated.
Red Hat alert: Updated licq packages fixing security problems available
Updated Red Hat Powertools 6.2 packages fixing two security problems in
licq are available.
Red Hat alert: Updated vim packages available
Updated vim packages fixing a security problem are available.
Red Hat alert: Updated licq packages fixing security problems available
Updated Red Hat Linux 7 packages fixing two security problems in licq are
available.
Red Hat alert: Updated sudo packages fixing buffer overrun available
An overrunnable buffer exists in sudo versions prior to 1.6.3p6
Red Hat alert: rpm-4.0.2 for all Red Hat platforms and releases.
A common version of rpm for all Red Hat distributions is being released.
This version of rpm understands legacy version 3 packaging used in Red
Hat 6.x/5.x distributions as well as version 4 packaging used in Red Hat
7.x.
In addition, rpm-4.0.2 has support for both the legacy db1 format used in
Red Hat 6.x/5.x databases as well as support for the db3 format database
used in Red Hat 7.x
Red Hat alert: Updated sgml-tools packages fix insecure temporary file handling
Insecure handling of temporary file permissions could lead to other users
on a multi-user system being able to read the documents being converted.
Red Hat alert: New mutt packages fix IMAP vulnerability/incompatibility
New mutt packages are available. These packages fix an
instance of the common 'format string' vulnerability,
and correct an incompatibilty with the current errata
IMAP server.
It is recommended that all mutt users using Red Hat Linux
upgrade to the new packages. The version of mutt shipped
in Red Hat Linux 7.0 does not contain the format string
vulnerability; it is merely a bugfix update.
Users of Red Hat Linux 6.0 and 6.1 should use the
packages for Red Hat Linux 6.
Red Hat alert: buffer overflow in slrn
An overflow exists in the slrn pacakge as shipped in Red Hat Linux
7 and Red Hat Linux 6.x, which could possibly lead to remote users
executing arbitrary code as the user running slrn.
It is recommended that all users of slrn update to the fixed packages.
Users of Red Hat Linux 6.0 or 6.1 should use the packages
for Red Hat Linux 6.
Debian alert: mailx local exploit
The mail program (a simple tool to read and send email) as
distributed with Debian GNU/Linux 2.2 has a buffer overflow in the
input parsing code. Since mail is installed setgid mail by default
this allowed local users to use it to gain access to mail group.
Debian alert: New Zope packages available
This advisory covers several vulnerabilities in Zope that have been
addressed.
Debian alert: New XEmacs and gnuserv packages available
Klaus Frank has found a vulnerability in the way gnuserv handled
remote connections. Gnuserv is a remote control facility for Emacsen
which is available as standalone program as well as included in
XEmacs21. Gnuserv has a buffer for which insufficient boundary checks
were made. Unfortunately this buffer affected access control to
gnuserv which is using a MIT-MAGIC-COOCKIE based system. It is
possible to overflow the buffer containing the cookie and foozle
cookie comparison.
Debian alert: joe local attack via joerc
Christer Öberg of Wkit Security AB found a problem in joe (Joe's
Own Editor). joe will look for a configuration file in three
locations: the current directory, the users homedirectory ($HOME)
and in /etc/joe. Since the configuration file can define commands
joe will run (for example to check spelling) reading it from
the current directory can be dangerous: an attacker can leave
a .joerc file in a writable directory, which would be read when
a unsuspecting user starts joe in that directory.
Debian alert: slrn buffer overflow
Bill Nottingham reported a problem in the wrapping/unwrapping
functions of the slrn newsreader. A long header in a message
might overflow a buffer and which could result into executing
arbitraty code encoded in the message.
Debian alert: proftp runs as root, /var symlink removal
This is an update to the DSA-032-1 advisory. The powerpc package
that was listed in that advisory was unfortunately compiled on
the wrong system which caused it to not work on a Debian GNU/Linux 2.2
system.
« Previous ( 1 ... 7449 7450 7451 7452 7453 7454 7455 7456 7457 7458 7459 ... 7467 ) Next »