Snort update for Gentoo

Security 10943 Published by Philipp Esselbach 0

A new security update for Gentoo Linux has been released

PACKAGE : snort

Remote attackers may exploit the buffer overflow condition to run arbitrary code on a Snort sensor with the privileges of the Snort IDS process, which typically runs as the superuser. The vulnerable preprocessor is enabled by default. It is not necessary to establish an actual connection to a RPC portmapper service to exploit this vulnerability.

Read more

OpenSSL/IM Updates for Red Hat

Security 10943 Published by Philipp Esselbach 0

Red Hat has released the following two security updates:

Updated im packages fix insecure handling of temporary files

Internet Message (IM) is a series of user interface commands and backend Perl5 libraries that integrate email and the NetNews user interface. They are designed to be used from both the Mew mail reader for Emacs and the command line.

Read more

Updated OpenSSL packages fix timing attack

OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Read more

tcpdump Update for Gentoo

Security 10943 Published by Philipp Esselbach 0

A new security update for Gentoo Linux is available

PACKAGE : tcpdump

A vulnerability exists in the parsing of ISAKMP packets (UDP port 500) that allows an attacker to force TCPDUMP into an infinite loop upon receipt of a specially crafted packet.

Read more

mhc/tcpdump Updates for Debian

Security 10943 Published by Philipp Esselbach 0

Two security patches for Debian GNU/Linux has been released:

DSA-255-1 tcpdump -- infinite loop

Andrew Griffiths and iDEFENSE Labs discovered a problem in tcpdump, a powerful tool for network monitoring and data acquisition. An attacker is able to send a specially crafted network packet which causes tcpdump to enter an infinite loop.

In addition to the above problem the tcpdump developers discovered a potential infinite loop when parsing malformed BGP packets. They also discovered a buffer overflow that can be exploited with certain malformed NFS packets.

For the stable distribution (woody) these problems have been fixed in version 3.6.2-2.3.

For the old stable distribution (potato) does not seem to be affected by this problem.

For the unstable distribution (sid) these problems have been fixed in version 3.7.1-1.2.

Read more

DSA-256-1 mhc -- insecure temporary file

Traceroute-nanog Update for Debian

Security 10943 Published by Philipp Esselbach 0

A new security update for Debian GNU/Linux is available:

DSA-254-1 traceroute-nanog -- buffer overflow

A vulnerability has been discovered in NANOG traceroute, an enhanced version of the Van Jacobson/BSD traceroute program. A buffer overflow occurs in the 'get_origin()' function. Due to insufficient bounds checking performed by the whois parser, it may be possible to corrupt memory on the system stack. This vulnerability can be exploited by a remote attacker to gain root privileges on a target host. Though, most probably not in Debian.

Read more

Previous Page

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...