3 new security updates for Gentoo Linux are available:
GLSA: bitchx (200303-21)
GLSA: openssl (200303-20)
GLSA: mutt (200303-19)
Read more
GLSA: bitchx (200303-21)
GLSA: openssl (200303-20)
GLSA: mutt (200303-19)
Read more
A new security update for Debian GNU/Linux has been released
Ensim WEBppliance LS 3.1.8 has been released
3 new security updates for SuSE are available:
- ethereal: local privilege escalation
- qpopper: remote system compromise
- file: remote system compromise
- ethereal: local privilege escalation
- qpopper: remote system compromise
- file: remote system compromise
Two security updates for Gentoo Linux has been released
PACKAGE : evolution
Three vulnerabilities were found that could lead to various forms of exploitation ranging from denying to users the ability to read email, provoke system unstability, bypassing security context checks for email content and possibly execution of arbitrary commands on vulnerable systems.
Read more
PACKAGE : kernel
The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows local users to obtain full privileges. Remote exploitation of this hole is not possible. Linux 2.5 is not believed to be vulnerable.
Read more
PACKAGE : evolution
Three vulnerabilities were found that could lead to various forms of exploitation ranging from denying to users the ability to read email, provoke system unstability, bypassing security context checks for email content and possibly execution of arbitrary commands on vulnerable systems.
Read more
PACKAGE : kernel
The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows local users to obtain full privileges. Remote exploitation of this hole is not possible. Linux 2.5 is not believed to be vulnerable.
Read more
A new security update for bonsai under Debian GNU/Linux has been released
Red Hat has released updated Evolution packages for Red Hat Linux 7.3 and 8.0
The following security updates has been released for Gentoo Linux:
PACKAGE : mysql
This issue has been adressed in 3.23.56 (release build is started today), and some steps were taken to alleviate the threat.
Read more
PACKAGE : man
man 1.5l was released today, fixing a bug which results in arbitrary code execution upon reading a specially formatted man file.
Read more
PACKAGE : openssl
Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on.
Read more
PACKAGE : rxvt
Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen.
Read more
PACKAGE : mysql
This issue has been adressed in 3.23.56 (release build is started today), and some steps were taken to alleviate the threat.
Read more
PACKAGE : man
man 1.5l was released today, fixing a bug which results in arbitrary code execution upon reading a specially formatted man file.
Read more
PACKAGE : openssl
Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on.
Read more
PACKAGE : rxvt
Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen.
Read more
Red Hat has released updated glibc packages for Red Hat Linux 6.2 - 8.0
A new security update for Debian GNU/Linux is available
DSA-264-1 lxr -- missing filename sanitizing
Upstream developers of lxr, a general hypertext cross-referencing tool, have been alerted of a vulnerability that allows a remote attacker to read arbitrary files on the host system as user www-data. This could disclose local files that were not meant to be shared with the public.
For the stable distribution (woody) this problem has been fixed in version 0.3-3.
The old stable distribution (potato) is not affected since it does not contain an lxr package.
For the unstable distribution (sid) this problem has been fixed in version 0.3-4.
Read more
DSA-264-1 lxr -- missing filename sanitizing
Upstream developers of lxr, a general hypertext cross-referencing tool, have been alerted of a vulnerability that allows a remote attacker to read arbitrary files on the host system as user www-data. This could disclose local files that were not meant to be shared with the public.
For the stable distribution (woody) this problem has been fixed in version 0.3-3.
The old stable distribution (potato) is not affected since it does not contain an lxr package.
For the unstable distribution (sid) this problem has been fixed in version 0.3-4.
Read more
MandrakeSoft has released zlib update for Mandrake Linux 7.2 - 9.0
Red Hat has released updated samba packages for Red Hat Linux 7.2 - 8.0
A new security update for Debian GNU/Linux has been released
DSA-263-1 netpbm-free -- math overflow errors
Al Viro and Alan Cox discovered several maths overflow errors in NetPBM, a set of graphics conversion tools. These programs are not installed setuid root but are often installed to prepare data for processing. These vulnerabilities may allow remote attackers to cause a denial of service or execute arbitrary code.
For the stable distribution (woody) this problem has been fixed in version 9.20-8.2.
The old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) this problem has been fixed in version 9.20-9.
Read more
DSA-263-1 netpbm-free -- math overflow errors
Al Viro and Alan Cox discovered several maths overflow errors in NetPBM, a set of graphics conversion tools. These programs are not installed setuid root but are often installed to prepare data for processing. These vulnerabilities may allow remote attackers to cause a denial of service or execute arbitrary code.
For the stable distribution (woody) this problem has been fixed in version 9.20-8.2.
The old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) this problem has been fixed in version 9.20-9.
Read more
A security update for qpopper under Gentoo Linux is out
Red Hat has release the following security updates for Red Hat Linux:
Updated rxvt packages fix various vulnerabilites
Updated rxvt packages are available which fix a number of vulnerabilities in the handling of escape sequences.
Read more
Updated 2.4 kernel fixes vulnerability
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now available. These packages fix a ptrace-related vulnerability that can lead to elevated (root) privileges.
Read more
Updated rxvt packages fix various vulnerabilites
Updated rxvt packages are available which fix a number of vulnerabilities in the handling of escape sequences.
Read more
Updated 2.4 kernel fixes vulnerability
Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now available. These packages fix a ptrace-related vulnerability that can lead to elevated (root) privileges.
Read more
A new security update for Gentoo Linux is out
PACKAGE : samba
The SuSE security audit team, in particular Sebastian Krahmer , has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server.
Read more
PACKAGE : samba
The SuSE security audit team, in particular Sebastian Krahmer , has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server.
Read more
An updated Gnome-lokkit package for Red Hat Linux 8.0 has been released
A new secuity update for Samba under Debian GNU/Linux 3.0 has been released
MandrakeSoft has released a samba update for Mandrake Linux
