Showing all newswire headlines

View by date, instead?

« Previous ( 1 ... 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 7462 ... 7467 ) Next »

Debian alert: New version of tinyproxy released

  • Mailing list (Posted by dave on Jan 23, 2001 12:40 PM EDT)
  • Story Type: Security; Groups: Debian
PkC have found a heap overflow in tinyproxy that could be remotely exploited. An attacker could gain a shell (user nobody) remotely.

Debian alert: Correction: New version of splitvt released

  • Mailing list (Posted by dave on Jan 23, 2001 10:04 AM EDT)
  • Story Type: Security; Groups: Debian
This advisory is only a corrected security advisory for DSA 014-1 since I wasn't careful enough last night and files from an older advisory back from June 2000 slipped through. To keep confusion to a minimum this advisory contains all relevant URLs - and only these.

Red Hat alert: Updated mysql packages available for Red Hat Linux 7

  • Mailing list (Posted by dave on Jan 23, 2001 8:00 AM EDT)
  • Story Type: Security; Groups: Red Hat
The MySQL database that shipped with Red Hat Linux 7 and the updates for it have been reported by the MySQL authors to have security problems.

Debian alert: New version of jazip released

  • Mailing list (Posted by dave on Jan 23, 2001 3:30 AM EDT)
  • Story Type: Security; Groups: Debian
With older versions of jazip a user could gain root access for members of the floppy group to the local machine. The interface doesn't run as root anymore and this very exploit was prevented. The program now also truncates DISPLAY to 256 characters if it is bigger, which closes the buffer overflow (within xforms).

Debian alert: New version of wu-ftpd released

  • Mailing list (Posted by dave on Jan 22, 2001 11:50 PM EDT)
  • Story Type: Security; Groups: Debian
Security people at WireX have noticed a temp file creation bug and the WU-FTPD development team has found a possible format string bug in wu-ftpd. Both could be remotely exploited, though no such exploit exists currently.

Debian alert: New version of sash released

  • Mailing list (Posted by dave on Jan 22, 2001 5:57 PM EDT)
  • Story Type: Security; Groups: Debian
Versions of sash prior to 3.4-4 did not clone /etc/shadow properly which lead into readable files for anybody. This was fixed by the Debian maintainer.

Debian alert: New version of splitvt released

  • Mailing list (Posted by dave on Jan 22, 2001 5:57 PM EDT)
  • Story Type: Security; Groups: Debian
It was reported recently that splitvt is vulnerable to numerous buffer overflow attack and a format string attack. An attacker was able to gain access to the tty group.

Debian alert: New version of MySQL released

  • Mailing list (Posted by dave on Jan 22, 2001 5:57 PM EDT)
  • Story Type: Security; Groups: Debian
Nicolas Gregoire has reported a buffer overflow in the mysql server that leads to a remote exploit. An attacker could gain mysqld privileges (and thus gaining access to all the databases).

Debian alert: New version of micq released

  • Mailing list (Posted by dave on Jan 22, 2001 1:05 PM EDT)
  • Story Type: Security; Groups: Debian
PkC has reported that there is a buffer overflow in sprintf() in micq versions 0.4.6, that allows to a remote attacker able to sniff packets to the ICQ server to execute arbitrary code on the victim system.

Red Hat alert: glibc local write access vulnerability

  • Mailing list (Posted by dave on Jan 16, 2001 11:04 AM EDT)
  • Story Type: Security; Groups: Red Hat
A bug in GNU C Library allows unprivileged user to preload libraries located in /lib or /usr/lib directories into SUID programs even if those libraries have not been marked as such by system administrator.

Red Hat alert: glibc file read or write access local vulnerability

  • Mailing list (Posted by dave on Jan 11, 2001 2:20 PM EDT)
  • Story Type: Security; Groups: Red Hat
A couple of bugs in GNU C library

Red Hat alert: glibc file read or write access local vulnerability

  • Mailing list (Posted by dave on Jan 11, 2001 1:33 PM EDT)
  • Story Type: Security; Groups: Red Hat
A couple of bugs in GNU C library

Slackware alert: glibc 2.2 local vulnerability on setuid binaries

glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLV_HOST_CONF environment variable to the name of the file that they wish to read, then runs any setuid root program that makes use of that variable. The file is then written to stderr.

Debian alert: New version of mgetty released

  • Mailing list (Posted by dave on Jan 10, 2001 11:54 AM EDT)
  • Story Type: Security; Groups: Debian
Immunix reports that mgetty does not create temporary files in a secure manner, which could lead to a symlink attack. This has been corrected in mgetty 1.1.21-3potato1

Debian alert: two gpg problems

  • Mailing list (Posted by dave on Dec 24, 2000 7:34 PM EDT)
  • Story Type: Security; Groups: Debian
Two bugs in GnuPG have recently been found:

Debian alert: multiple stunnel vulnerabilities

  • Mailing list (Posted by dave on Dec 24, 2000 5:21 PM EDT)
  • Story Type: Security; Groups: Debian
Lez discovered a format string problem in stunnel (a tool to create Universal SSL tunnel for other network daemons). Brian Hatch responded by stating he was already preparing a new release with multiple security fixes:

Debian alert: dialog symlink attack

  • Mailing list (Posted by dave on Dec 24, 2000 4:13 PM EDT)
  • Story Type: Security; Groups: Debian
Matt Kraai reported that he found a problem in the way dialog creates lock-files: it did not create them safely which made it susceptible to a symlink attack.

Red Hat alert: Updated stunnel packages available for Red Hat Linux 7

  • Mailing list (Posted by dave on Dec 21, 2000 12:38 PM EDT)
  • Story Type: Security; Groups: Red Hat
Updated stunnel packages are available for Red Hat Linux 7.

Red Hat alert: Zope Hotfix package available

  • Mailing list (Posted by dave on Dec 20, 2000 12:33 PM EDT)
  • Story Type: Security; Groups: Red Hat
A new Zope Hotfix package is available.

Red Hat alert: Updated rp-pppoe packages fixing denial of service attack are available.

  • Mailing list (Posted by dave on Dec 20, 2000 3:34 AM EDT)
  • Story Type: Security; Groups: Red Hat
Updated rp-pppoe packages fixing a denial of service attack are available.(Patch from the rp-pppoe author, David F. Skoll )

« Previous ( 1 ... 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 7462 ... 7467 ) Next »