Red Hat has released updated vte packages for Red Hat Linux 8.0
Counting viruses is simplistic, but there is evidence that Windows is becoming more resistent, and Linux is becoming more of a target
Read more
Read more
Two new security updates are available for Gentoo Linux:
usermin
usermin
A new OpenSSL update for Debian GNU/Linux has been released
MandrakeSoft S.A. has released three new security updates for Mandrake Linux:
MDKSA-2003:019 : php
A buffer overflow was discovered in the wordwrap() function in versions of PHP greater than 4.1.2 and less than 4.3.0. Under certain circumstances, this buffer overflow can be used to overwite heap memory and could potentially lead to remote system compromise.
Read more
MDKSA-2003:020 : openssl
In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a).
Read more
MDKSA-2003:021 : krb5
A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client.
Read more
MDKSA-2003:019 : php
A buffer overflow was discovered in the wordwrap() function in versions of PHP greater than 4.1.2 and less than 4.3.0. Under certain circumstances, this buffer overflow can be used to overwite heap memory and could potentially lead to remote system compromise.
Read more
MDKSA-2003:020 : openssl
In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability (0.9.6i and 0.9.7a).
Read more
MDKSA-2003:021 : krb5
A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system() call. This could allow a malicious remote FTP server to write to files outside of the current directory or even execute arbitrary commands as the user using the FTP client.
Read more
A new security update for Debian GNU/Linux has been released
DSA-252-1 slocate -- buffer overflow
For the unstable distribution (sid) this problem has been fixed in version 2.7-1.
We recommend that you upgrade your slocate package immediately.
Read more
DSA-252-1 slocate -- buffer overflow
A problem has been discovered in slocate, a secure locate replacement. A buffer overflow in the setuid program slocate can be used to execute arbitrary code as superuser.The old stable distribution (potato) is not affected by this problem.
For the stable distribution (woody) this problem has been fixed in version 2.6-1.3.1.
For the unstable distribution (sid) this problem has been fixed in version 2.7-1.
We recommend that you upgrade your slocate package immediately.
Read more
Red Hat has released updated VNC packages for Red Hat Linux 7.0 - 8.0
New security updates for Gentoo Linux are available:
mod_php
PHP contains code for preventing direct access to the CGI binary with configure option "--enable-force-cgi-redirect" and php.ini option "cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these options useless.
Read more
NetHack
Overflowing a buffer in nethack may lead to privelige escalation to games uid.
Read more
w3m
Hironori SAKAMOTO found another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on.
Read more
SYSLINUX
Security flaws have been found in the SYSLINUX installer when running
setuid root.
Read more
Mailmain
The email variable and the default error page in mailmain 2.1 contains cross site scripting vulnerabilities.
Read more
bitchx
A denial of service vulnerability exists in BitchX. Sending a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault.
Read more
mod_php
PHP contains code for preventing direct access to the CGI binary with configure option "--enable-force-cgi-redirect" and php.ini option "cgi.force_redirect". In PHP 4.3.0 there is a bug which renders these options useless.
Read more
NetHack
Overflowing a buffer in nethack may lead to privelige escalation to games uid.
Read more
w3m
Hironori SAKAMOTO found another security vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag in img alt attribute, so malicious frame html may deceive you to access your local files, cookies and so on.
Read more
SYSLINUX
Security flaws have been found in the SYSLINUX installer when running
setuid root.
Read more
Mailmain
The email variable and the default error page in mailmain 2.1 contains cross site scripting vulnerabilities.
Read more
bitchx
A denial of service vulnerability exists in BitchX. Sending a malformed RPL_NAMREPLY numeric 353 causes BitchX to segfault.
Read more
Red Hat has released updated shadow-utils packages for Red Hat Linux 7.2 - 8.0
SuSE has released two new security updates for SuSE Linux:
- mod_php4: remote system compromise
- imp: remote system compromise
- mod_php4: remote system compromise
- imp: remote system compromise
MandrakeSoft has released two new security updates for Mandrake Linux
MDKSA-2003:018 : apcupsd
A remote root vulnerability in slave setups and some buffer overflows in the network information server code were discovered by the apcupsd developers. They have been fixed in the latest unstable version, 3.10.5 which contains additional enhancements like USB support, and the latest stable version, 3.8.6.
There are a few changes that need to be noted, such as the port has changed from port 7000 to post 3551 for NIS, and the new config only allows access from the localhost. Users may need to modify their configuration files appropriately, depending upon their configuration.
Read more
MDKSA-2003:017 : pam
Andreas Beck discovered that the pam_xauth module would forward authorization information from the root account to unprivileged users. This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to somehow get the root user to su to the account belonging to the attacker.
Read more
MDKSA-2003:018 : apcupsd
A remote root vulnerability in slave setups and some buffer overflows in the network information server code were discovered by the apcupsd developers. They have been fixed in the latest unstable version, 3.10.5 which contains additional enhancements like USB support, and the latest stable version, 3.8.6.
There are a few changes that need to be noted, such as the port has changed from port 7000 to post 3551 for NIS, and the new config only allows access from the localhost. Users may need to modify their configuration files appropriately, depending upon their configuration.
Read more
MDKSA-2003:017 : pam
Andreas Beck discovered that the pam_xauth module would forward authorization information from the root account to unprivileged users. This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to somehow get the root user to su to the account belonging to the attacker.
Read more
For the new software, called VirusSafe, Lindows.com took Central Command's Vexira Antivirus for Linux Workstation software and adjusted it to integrate it with the LindowsOS operating system, said John Bromhead, Lindows.com's marketing vice president.
Read more
Read more
MandrakeSoft has released an update for util-linux
A new security update for Debian GNU/Linux has been released:
DSA-250-1 w3mmee-ssl -- missing HTML quoting
Hironori Sakamoto, one of the w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send his local cookies which are used for configuration. The information is not leaked automatically, though.
Read more
DSA-250-1 w3mmee-ssl -- missing HTML quoting
Hironori Sakamoto, one of the w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send his local cookies which are used for configuration. The information is not leaked automatically, though.
Read more
Red Hat has released the follow security patches:
- Updated python packages fix predictable temporary file
- Updated fileutils package fixes race condition in recursive operations
- Updated lynx packages fix CRLF injection vulnerability
- Updated PAM packages fix bug in pam_xauth module
- Updated python packages fix predictable temporary file
- Updated fileutils package fixes race condition in recursive operations
- Updated lynx packages fix CRLF injection vulnerability
- Updated PAM packages fix bug in pam_xauth module
A new security update for Debian GNU/Linux is available:
w3mmee
w3mmee
Hironori Sakamoto, one of w3m developers, found two security vulnerabilities in w3m and associated programs.Read more
MandrakeSoft has released a security update for postgresql
Updated apache and httpd packages which fix a number of security issues are now available for Red Hat Linux 6.2 - 8.0
Cheeta Technologies has released MySQL 3.23.55 RPMS for Red Hat 7.2 and Ensim WEBpplance 3.x
Red Hat has released the follow security updates:
- Updated Xpdf packages fix security vulnerability
- Updated w3m packages fix cross-site scripting issues
- Updated openldap packages available
- Updated WindowMaker packages fix vulnerability in theme-loading
- Updated Xpdf packages fix security vulnerability
- Updated w3m packages fix cross-site scripting issues
- Updated openldap packages available
- Updated WindowMaker packages fix vulnerability in theme-loading
