A group of four Polish hackers published code to an open security mailing list on Tuesday that can take advantage of a major vulnerability in the Sendmail mail server.
Read more
Read more
To install the Sendmail update under SoL - Server optimized Linux:
wget http://update.sol-linux.com/SoLrus
sh SoLrus
wget http://update.sol-linux.com/SoLrus
sh SoLrus
An update Sendmail package is now available for Debian GNU/Linux
Another Sendmail update, this time for Gentoo Linux
A Sendmail update for SuSE Linux has been released
Solarspeed has released a Sendmail updates for RaQ 3/4/XTR/550 and Qube 3
A critical flaw in Sendmail, the Internet's most popular e-mail server, has become the first test for the newly minted Department of Homeland Security and its cyberdefense arm.
Read more
Read more
WEBpplance.info has published an inofficial sendmail update for Ensim WEBpplance 3.1
PkgMaster has released a Sendmail update for Cobalt RaQ4 servers.
MandrakeSoft has released two new updates for Mandrake Linux:
MDKSA-2003:028 : sendmail
MDKSA-2003:028 : sendmail
Two security patches for Debian GNU/Linux has been released:
DSA-255-1 tcpdump -- infinite loop
Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop.
In addition to the above problem the tcpdump developers discovered a potential infinite loop when parsing malformed BGP packets. They also discovered a buffer overflow that can be exploited with certain malformed NFS packets.
For the stable distribution (woody) these problems have been fixed in version 3.6.2-2.3.
For the old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) these problems have been fixed in version 3.7.1-1.2.
Read more
DSA-256-1 mhc -- insecure temporary file
DSA-255-1 tcpdump -- infinite loop
Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop.
In addition to the above problem the tcpdump developers discovered a potential infinite loop when parsing malformed BGP packets. They also discovered a buffer overflow that can be exploited with certain malformed NFS packets.
For the stable distribution (woody) these problems have been fixed in version 3.6.2-2.3.
For the old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) these problems have been fixed in version 3.7.1-1.2.
Read more
DSA-256-1 mhc -- insecure temporary file
Ensim has released WEBppliance 3.1.6 LS for Linux
MandrakeSoft has released the following security updates for Mandrake Linux:
MDKSA-2003:026 : shadow-utils
MDKSA-2003:026 : shadow-utils
A new security update for Debian GNU/Linux is available:
DSA-254-1 traceroute-nanog -- buffer overflow
A vulnerability has been discovered in NANOG traceroute, an enhanced version of the Van Jacobson/BSD traceroute program. A buffer overflow occurs in the 'get_origin()' function. Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack. This vulnerability can be exploited by a remote attacker to gain root privileges on a target host. Though, most probably not in Debian.
Read more
DSA-254-1 traceroute-nanog -- buffer overflow
A vulnerability has been discovered in NANOG traceroute, an enhanced version of the Van Jacobson/BSD traceroute program. A buffer overflow occurs in the 'get_origin()' function. Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack. This vulnerability can be exploited by a remote attacker to gain root privileges on a target host. Though, most probably not in Debian.
Read more
vnc/tightvnc security updates are available for Gentoo Linux:
MandrakeSoft has released new security updates for Mandrake Linux:
MDKSA-2003:022 : vnc
A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server.
Read more
MDKSA-2003:023 : lynx
A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWW_HOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be inserted into the request because of this, which can cause scripts that use lynx to fetch data from the wrong site from servers that use virtual hosting.
Read more
MDKSA-2003:024 : MNF8.2
The following packages are now available for Multi Network Firewall 8.2 and bring it up to the same errata level as Mandrake Linux 8.2 with all patches and updates available to date applied. In order to bring your MNF8.2 configuration up to date, you will have to follow a few steps.
Read more
MDKSA-2003:022 : vnc
A vulnerability was discovered in the VNC server script that generates an X cookie, used by X authentication. The script generated a cookie that was not strong enough and allow an attacker to more easily guess the authentication cookie, thus obtaining unauthorized access to the VNC server.
Read more
MDKSA-2003:023 : lynx
A vulnerability was discovered in lynx, a text-mode web browser. The HTTP queries that lynx constructs are from arguments on the command line or the $WWW_HOME environment variable, but lynx does not properly sanitize special characters such as carriage returns or linefeeds. Extra headers can be inserted into the request because of this, which can cause scripts that use lynx to fetch data from the wrong site from servers that use virtual hosting.
Read more
MDKSA-2003:024 : MNF8.2
The following packages are now available for Multi Network Firewall 8.2 and bring it up to the same errata level as Mandrake Linux 8.2 with all patches and updates available to date applied. In order to bring your MNF8.2 configuration up to date, you will have to follow a few steps.
Read more
Red Hat has released updated vte packages for Red Hat Linux 8.0
Counting viruses is simplistic, but there is evidence that Windows is becoming more resistent, and Linux is becoming more of a target
Read more
Read more
Two new security updates are available for Gentoo Linux:
usermin
usermin
A new OpenSSL update for Debian GNU/Linux has been released
