Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 7462 ... 7467 ) Next »
Debian alert: New version of tinyproxy released
PkC have found a heap overflow in tinyproxy that could be remotely
exploited. An attacker could gain a shell (user nobody) remotely.
Debian alert: Correction: New version of splitvt released
This advisory is only a corrected security advisory for DSA 014-1
since I wasn't careful enough last night and files from an older
advisory back from June 2000 slipped through. To keep confusion to a
minimum this advisory contains all relevant URLs - and only these.
Red Hat alert: Updated mysql packages available for Red Hat Linux 7
The MySQL database that shipped with Red Hat Linux 7 and the updates for it
have been reported by the MySQL authors to have security problems.
Debian alert: New version of jazip released
With older versions of jazip a user could gain root access for members
of the floppy group to the local machine. The interface doesn't run
as root anymore and this very exploit was prevented. The program now
also truncates DISPLAY to 256 characters if it is bigger, which closes
the buffer overflow (within xforms).
Debian alert: New version of wu-ftpd released
Security people at WireX have noticed a temp file creation bug and the
WU-FTPD development team has found a possible format string bug in
wu-ftpd. Both could be remotely exploited, though no such exploit
exists currently.
Debian alert: New version of sash released
Versions of sash prior to 3.4-4 did not clone /etc/shadow properly
which lead into readable files for anybody. This was fixed by the
Debian maintainer.
Debian alert: New version of splitvt released
It was reported recently that splitvt is vulnerable to numerous buffer
overflow attack and a format string attack. An attacker was able to
gain access to the tty group.
Debian alert: New version of MySQL released
Nicolas Gregoire has reported a buffer overflow in the mysql server
that leads to a remote exploit. An attacker could gain mysqld
privileges (and thus gaining access to all the databases).
Debian alert: New version of micq released
PkC has reported that there is a buffer overflow in sprintf() in micq
versions 0.4.6, that allows to a remote attacker able to sniff packets
to the ICQ server to execute arbitrary code on the victim system.
Red Hat alert: glibc local write access vulnerability
A bug in GNU C Library allows unprivileged user to preload libraries
located in /lib or /usr/lib directories into SUID programs even if those
libraries have not been marked as such by system administrator.
Red Hat alert: glibc file read or write access local vulnerability
A couple of bugs in GNU C library
Red Hat alert: glibc file read or write access local vulnerability
A couple of bugs in GNU C library
Slackware alert: glibc 2.2 local vulnerability on setuid binaries
glibc-2.2 contains a local vulnerability that affects all setuid root
binaries. Any user on affected systems will be able to read any file on
the system through a simple process: The user sets the RESOLV_HOST_CONF
environment variable to the name of the file that they wish to read, then
runs any setuid root program that makes use of that variable. The file is
then written to stderr.
Debian alert: New version of mgetty released
Immunix reports that mgetty does not create temporary files in a secure
manner, which could lead to a symlink attack. This has been corrected
in mgetty 1.1.21-3potato1
Debian alert: two gpg problems
Two bugs in GnuPG have recently been found:
Debian alert: multiple stunnel vulnerabilities
Lez discovered a format string problem in stunnel (a tool to create
Universal SSL tunnel for other network daemons). Brian Hatch
responded by stating he was already preparing a new release with
multiple security fixes:
Debian alert: dialog symlink attack
Matt Kraai reported that he found a problem in the way dialog
creates lock-files: it did not create them safely which made it
susceptible to a symlink attack.
Red Hat alert: Updated stunnel packages available for Red Hat Linux 7
Updated stunnel packages are available for Red Hat Linux 7.
Red Hat alert: Zope Hotfix package available
A new Zope Hotfix package is available.
Red Hat alert: Updated rp-pppoe packages fixing denial of service attack are available.
Updated rp-pppoe packages fixing a denial of service attack are
available.(Patch from the rp-pppoe author, David F. Skoll
)
« Previous ( 1 ... 7452 7453 7454 7455 7456 7457 7458 7459 7460 7461 7462 ... 7467 ) Next »