Red Hat Security Updates

Security 10912 Published by Philipp Esselbach 0

Red Hat has release the following security updates for Red Hat Linux:

Updated rxvt packages fix various vulnerabilites

Updated rxvt packages are available which fix a number of vulnerabilities in the handling of escape sequences.

Read more

Updated 2.4 kernel fixes vulnerability

Updated kernel packages for Red Hat Linux 7.1, 7.2, 7.3, and 8.0 are now available. These packages fix a ptrace-related vulnerability that can lead to elevated (root) privileges.

Read more

Samba Update for Gentoo

Security 10912 Published by Philipp Esselbach 0

A new security update for Gentoo Linux is out

PACKAGE : samba

The SuSE security audit team, in particular Sebastian Krahmer , has found a flaw in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server.

Read more

Time to upgrade Samba

Security 10912 Published by Philipp Esselbach 0

Thanks Toby. From the Samba website:
(14th Mar, 2003) Security Release - Samba 2.2.8

A flaw has been detected in the Samba main smbd code which could allow an external attacker to remotely and anonymously gain Super User (root) privileges on a server running a Samba server. This flaw exists in previous versions of Samba from 2.0.x to 2.2.7a inclusive. This is a serious problem and all sites should either upgrade to Samba 2.2.8 immediately or prohibit access to TCP ports 139 and 445.

Read more

file/qpopper Updates for Debian

Security 10912 Published by Philipp Esselbach 0

Two new security updates for Debian GNU/Linux has been released:

DSA-259-1 qpopper -- mail user privilege escalation

Florian Heinz heinz@cronon-ag.de posted to the Bugtraq mailing list an exploit for qpopper based on a bug in the included vsnprintf implementation. The sample exploit requires a valid user account and password, and overflows a string in the pop_msg() function to give the user "mail" group privileges and a shell on the system. Since the Qvsnprintf function is used elsewhere in qpopper, additional exploits may be possible.

The qpopper package in Debian 2.2 (potato) does not include the vulnerable snprintf implementation. For Debian 3.0 (woody) an updated package is available in version 4.0.4-2.woody.3. Users running an unreleased version of Debian should upgrade to 4.0.4-9 or newer. We recommend you upgrade your qpopper package immediately.

Read more

DSA-260-1 file -- buffer overflow

iDEFENSE discovered a buffer overflow vulnerability in the ELF format parsing of the "file" command, one which can be used to execute arbitrary code with the privileges of the user running the command. The vulnerability can be exploited by crafting a special ELF binary which is then input to file. This could be accomplished by leaving the binary on the file system and waiting for someone to use file to identify it, or by passing it to a service that uses file to classify input. (For example, some printer filters run file to determine how to process input going to a printer.)

Fixed packages are available in version 3.28-1.potato.1 for Debian 2.2 (potato) and version 3.37-3.1.woody.1 for Debian 3.0 (woody). We recommend you upgrade your file package immediately.

Read more

Gentoo Security Updates

Security 10912 Published by Philipp Esselbach 0

The following new security updates for Gentoo Linux are available:

PACKAGE : mysqlcc

Versions prior to 0.8.9 had all configuration and connection files world readable.

Read more

PACKAGE : netscape-flash

The cumulative security patch is available today and addresses the potential for exploits surrounding buffer overflows (read/write) and sandbox integrity within the player, which might allow malicious users to gain access to a user's computer.

Read more

PACKAGE : ethereal

The SOCKS dissector in Ethereal 0.9.9 is susceptible to a format string overflow.

Read more

ethereal Update for Debian

Security 10912 Published by Philipp Esselbach 0

A new security update for Debian GNU/Linux has been released:

DSA-258-1 ethereal -- format string vulnerability

Georgi Guninski discovered a problem in ethereal, a network traffic analyzer. The program contains a format string vulnerability that could probably lead to execution of arbitrary code.

For the stable distribution (woody) this problem has been fixed in version 0.9.4-1woody3.

The old stable distribution (potato) does not seem to be affected by this problem.

For the unstable distribution (sid) this problem has been fixed in version 0.9.9-2.

Read more

snort/file Update for Mandrake

Security 10912 Published by Philipp Esselbach 0

MandrakeSoft has released two security updates for Mandrake Linux

MDKSA-2003:029 : snort

A buffer overflow was discovered in the snort RPC normalization routines by ISS-XForce which can cause snort to execute arbitrary code embedded within sniffed network packets. The rpc_decode preprocessor is enabled by default. The snort developers have released version 1.9.1 to correct this behaviour; snort versions from 1.8 up to 1.9.0 are vulnerable.

Read more

MDKSA-2003:030 : file

A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.

Read more

Snort update for Gentoo

Security 10912 Published by Philipp Esselbach 0

A new security update for Gentoo Linux has been released

PACKAGE : snort

Remote attackers may exploit the buffer overflow condition to run arbitrary code on a Snort sensor with the privileges of the Snort IDS process, which typically runs as the superuser. The vulnerable preprocessor is enabled by default. It is not necessary to establish an actual connection to a RPC portmapper service to exploit this vulnerability.

Read more

OpenSSL/IM Updates for Red Hat

Security 10912 Published by Philipp Esselbach 0

Red Hat has released the following two security updates:

Updated im packages fix insecure handling of temporary files

Internet Message (IM) is a series of user interface commands and backend Perl5 libraries that integrate email and the NetNews user interface. They are designed to be used from both the Mew mail reader for Emacs and the command line.

Read more

Updated OpenSSL packages fix timing attack

OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library.

Read more

tcpdump Update for Gentoo

Security 10912 Published by Philipp Esselbach 0

A new security update for Gentoo Linux is available

PACKAGE : tcpdump

A vulnerability exists in the parsing of ISAKMP packets (UDP port 500) that allows an attacker to force TCPDUMP into an infinite loop upon receipt of a specially crafted packet.

Read more

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...