Security 10748 Published by

MandrakeSoft has released new security updates for Mandrake Linux:

MDKSA-2003:022 : vnc

A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server.

Read more

MDKSA-2003:023 : lynx

A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWW_HOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be inserted into the request because of this, which can cause scripts that use lynx to fetch data from the wrong site from servers that use virtual hosting.

Read more

MDKSA-2003:024 : MNF8.2

The following packages are now available for Multi Network Firewall 8.2 and bring it up to the same errata level as Mandrake Linux 8.2 with all patches and updates available to date applied. In order to bring your MNF8.2 configuration up to date, you will have to follow a few steps.

Read more