Red Hat has released updated Evolution packages for Red Hat Linux 7.3 - 9
Red Hat has released a Sendmail security update for Red Hat Linux 6.2 - 9
Two Kernel updates for Mandrake Linux are available:
- Updated 2.4 kernel packages fix ptrace vulnerability
- Updated kernel22 packages fix multiple vulnerabilities
- Updated 2.4 kernel packages fix ptrace vulnerability
- Updated kernel22 packages fix multiple vulnerabilities
A new zlib update has been released for Gentoo Linux
Cheetaweb has released an unofficial Sendmail patch for Red Hat Linux 7.2:
Download and install the following RPM's with rpm -Uvh
sendmail-8.11.6-24.72.i386.rpm
sendmail-cf-8.11.6-24.72.i386.rpm
sendmail-devel-8.11.6-24.72.i386.rpm
sendmail-doc-8.11.6-24.72.i386.rpm
MD5 Checksums:
f94ea1591d6a6d129f78feaeae912ff0 sendmail-8.11.6-24.72.i386.rpm
02d64303522d2462bc10c273eb8be06b sendmail-cf-8.11.6-24.72.i386.rpm
6ecd6c126e8c7f2521dfe85d81912848 sendmail-devel-8.11.6-24.72.i386.rpm
c6e93505c859a6672f3119ef2ea171a5 sendmail-doc-8.11.6-24.72.i386.rpm
Download and install the following RPM's with rpm -Uvh
sendmail-8.11.6-24.72.i386.rpm
sendmail-cf-8.11.6-24.72.i386.rpm
sendmail-devel-8.11.6-24.72.i386.rpm
sendmail-doc-8.11.6-24.72.i386.rpm
MD5 Checksums:
f94ea1591d6a6d129f78feaeae912ff0 sendmail-8.11.6-24.72.i386.rpm
02d64303522d2462bc10c273eb8be06b sendmail-cf-8.11.6-24.72.i386.rpm
6ecd6c126e8c7f2521dfe85d81912848 sendmail-devel-8.11.6-24.72.i386.rpm
c6e93505c859a6672f3119ef2ea171a5 sendmail-doc-8.11.6-24.72.i386.rpm
RaQTweak has released unofficial Sendmail updates for Cobalt RaQ2,3,4, 550 and XTR.
SoLrus, the SoL update system now offers sendmail 8.12.9
For updating SoL please visit: http://update.sol-linux.com
For updating SoL please visit: http://update.sol-linux.com
WEBppliance.info has released an unofficial Sendmail security update for Ensim WEBpplance 3.1.8
A new security update for Debian GNU/Linux has been released
DSA-274-1 mutt -- buffer overflow
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.
Read more
DSA-274-1 mutt -- buffer overflow
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.
Read more
Two new security updates for Debian GNU/Linux are available:
DSA-273-1 krb4 -- Cryptographic weakness
A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure.
Read more
DSA-272-1 dietlibc -- integer overflow
eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function of glibc, that is also present in dietlibc, a small libc useful especially for small and embedded systems. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code.
Read more
DSA-273-1 krb4 -- Cryptographic weakness
A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure.
Read more
DSA-272-1 dietlibc -- integer overflow
eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function of glibc, that is also present in dietlibc, a small libc useful especially for small and embedded systems. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code.
Read more
Two new security updates for Debian GNU/Linux has been released:
DSA-271-1 ecartis -- unauthorized password change
A problem has been discovered in ecartis, a mailing list manager, formerly known as listar. This vulnerability enables an attacker to reset the password of any user defined on the list server, including the list admins.
Read more
DSA-270-1 linux-kernel-mips -- local privilege escalation
The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible.
This advisory only covers kernel packages for the big and little endian MIPS architectures. Other architectures will be covered by separate advisories.
Read more
DSA-271-1 ecartis -- unauthorized password change
A problem has been discovered in ecartis, a mailing list manager, formerly known as listar. This vulnerability enables an attacker to reset the password of any user defined on the list server, including the list admins.
Read more
DSA-270-1 linux-kernel-mips -- local privilege escalation
The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible.
This advisory only covers kernel packages for the big and little endian MIPS architectures. Other architectures will be covered by separate advisories.
Read more
Two new security updates for SuSE Linux are out:
- apcupsd: remote system compromise
- kernel: local privilege escalation (ptrace/modprobe bug)
- apcupsd: remote system compromise
- kernel: local privilege escalation (ptrace/modprobe bug)
A heimdal update for Debian GNU/Linux has been released
Red Hat has released updated kerberos packages for Red Hat Linux 6.2 - 8.0
Red Hat has released new updated samba packages for Red Hat 6.2 - 7.1
SuSE has released an updated mutt package for SuSE Linux
New security updates for Gentoo Linux are available:
- GLSA: stunnel (200303-24)
- GLSA: mod_ssl (200303-23)
- GLSA: glibc (200303-22)
Read more
- GLSA: stunnel (200303-24)
- GLSA: mod_ssl (200303-23)
- GLSA: glibc (200303-22)
Read more
MandrakeSoft has released the following new updates for Mandrake Linux:
- MDKSA-2003:037 - glibc
- MDKSA-2003:036 - netpbm
- MDKSA-2003:035 - openssl
- MDKSA-2003:034 - rxvt
- MDKA-2003:003 - e2fsprogs
- MDKSA-2003:037 - glibc
- MDKSA-2003:036 - netpbm
- MDKSA-2003:035 - openssl
- MDKSA-2003:034 - rxvt
- MDKA-2003:003 - e2fsprogs
An update mtt package has been release for Debian GNU/Linux
Another security update for Debian GNU/Linux has been released:
DSA-267-1 lpr -- buffer overflow
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly.
For the stable distribution (woody) this problem has been fixed in version 2000.05.07-4.3.
For the old stable distribution (potato) this problem has been fixed in version 0.48-1.1.
For the unstable distribution (sid) this problem has been fixed in version 2000.05.07-4.20.
We recommend that you upgrade your lpr package immediately.
Download
DSA-267-1 lpr -- buffer overflow
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly.
For the stable distribution (woody) this problem has been fixed in version 2000.05.07-4.3.
For the old stable distribution (potato) this problem has been fixed in version 0.48-1.1.
For the unstable distribution (sid) this problem has been fixed in version 2000.05.07-4.20.
We recommend that you upgrade your lpr package immediately.
Download
