Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
Mandrake Security Updates
Posted by philipp on: 02/21/2003 07:14 PM [ Print | 0 comment(s) ]
MandrakeSoft S.A. has released three new security updates for Mandrake Linux:
MDKSA-2003:019 : php
A buffer overflow was discovered in the wordwrap() function in versions of PHP greater than 4.1.2 and less than 4.3.0. Under certain circumstances, this buffer overflow can be used to overwite heap memory and could potentially lead to remote system compromise.
Read more
MDKSA-2003:020 : openssl
In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a).
Read more
MDKSA-2003:021 : krb5
A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client.
Read more
MDKSA-2003:019 : php
A buffer overflow was discovered in the wordwrap() function in versions of PHP greater than 4.1.2 and less than 4.3.0. Under certain circumstances, this buffer overflow can be used to overwite heap memory and could potentially lead to remote system compromise.
Read more
MDKSA-2003:020 : openssl
In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a).
Read more
MDKSA-2003:021 : krb5
A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client.
Read more
Related Threads
02/14/2007 03:14 AM: Problem booting Mandrake 2006 (3) by Ap3x07
10/19/2006 10:39 PM: Installing mandrake linux 07 (11) by danleff
06/09/2006 06:50 PM: Windows installation Fails in a Mandrake machine (3) by danleff
03/21/2006 06:09 AM: how to install fedora core 4 alongwith mandrake 10 and winxp (3) by danleff
02/06/2006 12:05 PM: Triple Boot XP x64, Mandriva(Mandrake 10.2) and Fedora Core 4 x64 (4) by wolvram
03/13/2006 01:01 PM: Installing Mandrake 10.1 (7) by infodon
02/10/2006 03:49 PM: Installing Mandrake 10.0 on ext. Harddrive for dual boot with winxp without cd (11) by LivnLarge
01/17/2006 06:22 PM: Windows XP & Mandrake 7.2 desktop dual boot installation (11) by cruicent
01/04/2006 07:51 PM: Installing Mandrake 10.1 (0) by a80photos
11/26/2005 08:21 AM: blank screen with mandrake 10.0 (2) by Bisho
10/19/2006 10:39 PM: Installing mandrake linux 07 (11) by danleff
06/09/2006 06:50 PM: Windows installation Fails in a Mandrake machine (3) by danleff
03/21/2006 06:09 AM: how to install fedora core 4 alongwith mandrake 10 and winxp (3) by danleff
02/06/2006 12:05 PM: Triple Boot XP x64, Mandriva(Mandrake 10.2) and Fedora Core 4 x64 (4) by wolvram
03/13/2006 01:01 PM: Installing Mandrake 10.1 (7) by infodon
02/10/2006 03:49 PM: Installing Mandrake 10.0 on ext. Harddrive for dual boot with winxp without cd (11) by LivnLarge
01/17/2006 06:22 PM: Windows XP & Mandrake 7.2 desktop dual boot installation (11) by cruicent
01/04/2006 07:51 PM: Installing Mandrake 10.1 (0) by a80photos
11/26/2005 08:21 AM: blank screen with mandrake 10.0 (2) by Bisho