Red Hat has released new updated samba packages for Red Hat 6.2 - 7.1
SuSE has released an updated mutt package for SuSE Linux
New security updates for Gentoo Linux are available:
- GLSA: stunnel (200303-24)
- GLSA: mod_ssl (200303-23)
- GLSA: glibc (200303-22)
Read more
- GLSA: stunnel (200303-24)
- GLSA: mod_ssl (200303-23)
- GLSA: glibc (200303-22)
Read more
MandrakeSoft has released the following new updates for Mandrake Linux:
- MDKSA-2003:037 - glibc
- MDKSA-2003:036 - netpbm
- MDKSA-2003:035 - openssl
- MDKSA-2003:034 - rxvt
- MDKA-2003:003 - e2fsprogs
- MDKSA-2003:037 - glibc
- MDKSA-2003:036 - netpbm
- MDKSA-2003:035 - openssl
- MDKSA-2003:034 - rxvt
- MDKA-2003:003 - e2fsprogs
An update mtt package has been release for Debian GNU/Linux
Another security update for Debian GNU/Linux has been released:
DSA-267-1 lpr -- buffer overflow
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly.
For the stable distribution (woody) this problem has been fixed in version 2000.05.07-4.3.
For the old stable distribution (potato) this problem has been fixed in version 0.48-1.1.
For the unstable distribution (sid) this problem has been fixed in version 2000.05.07-4.20.
We recommend that you upgrade your lpr package immediately.
Download
DSA-267-1 lpr -- buffer overflow
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly.
For the stable distribution (woody) this problem has been fixed in version 2000.05.07-4.3.
For the old stable distribution (potato) this problem has been fixed in version 0.48-1.1.
For the unstable distribution (sid) this problem has been fixed in version 2000.05.07-4.20.
We recommend that you upgrade your lpr package immediately.
Download
3 new security updates for Gentoo Linux are available:
GLSA: bitchx (200303-21)
GLSA: openssl (200303-20)
GLSA: mutt (200303-19)
Read more
GLSA: bitchx (200303-21)
GLSA: openssl (200303-20)
GLSA: mutt (200303-19)
Read more
A new security update for Debian GNU/Linux has been released
Ensim WEBppliance LS 3.1.8 has been released
3 new security updates for SuSE are available:
- ethereal: local privilege escalation
- qpopper: remote system compromise
- file: remote system compromise
- ethereal: local privilege escalation
- qpopper: remote system compromise
- file: remote system compromise
Two security updates for Gentoo Linux has been released
PACKAGE : evolution
Three vulnerabilities were found that could lead to various forms of exploitation ranging from denying to users the ability to read email, provoke system unstability, bypassing security context checks for email content and possibly execution of arbitrary commands on vulnerable systems.
Read more
PACKAGE : kernel
The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows local users to obtain full privileges. Remote exploitation of this hole is not possible. Linux 2.5 is not believed to be vulnerable.
Read more
PACKAGE : evolution
Three vulnerabilities were found that could lead to various forms of exploitation ranging from denying to users the ability to read email, provoke system unstability, bypassing security context checks for email content and possibly execution of arbitrary commands on vulnerable systems.
Read more
PACKAGE : kernel
The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows local users to obtain full privileges. Remote exploitation of this hole is not possible. Linux 2.5 is not believed to be vulnerable.
Read more
A new security update for bonsai under Debian GNU/Linux has been released
Red Hat has released updated Evolution packages for Red Hat Linux 7.3 and 8.0
The following security updates has been released for Gentoo Linux:
PACKAGE : mysql
This issue has been adressed in 3.23.56 (release build is started today), and some steps were taken to alleviate the threat.
Read more
PACKAGE : man
man 1.5l was released today, fixing a bug which results in arbitrary code execution upon reading a specially formatted man file.
Read more
PACKAGE : openssl
Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on.
Read more
PACKAGE : rxvt
Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen.
Read more
PACKAGE : mysql
This issue has been adressed in 3.23.56 (release build is started today), and some steps were taken to alleviate the threat.
Read more
PACKAGE : man
man 1.5l was released today, fixing a bug which results in arbitrary code execution upon reading a specially formatted man file.
Read more
PACKAGE : openssl
Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on.
Read more
PACKAGE : rxvt
Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen.
Read more
Red Hat has released updated glibc packages for Red Hat Linux 6.2 - 8.0
A new security update for Debian GNU/Linux is available
DSA-264-1 lxr -- missing filename sanitizing
Upstream developers of lxr, a general hypertext cross-referencing tool, have been alerted of a vulnerability that allows a remote attacker to read arbitrary files on the host system as user www-data. This could disclose local files that were not meant to be shared with the public.
For the stable distribution (woody) this problem has been fixed in version 0.3-3.
The old stable distribution (potato) is not affected since it does not contain an lxr package.
For the unstable distribution (sid) this problem has been fixed in version 0.3-4.
Read more
DSA-264-1 lxr -- missing filename sanitizing
Upstream developers of lxr, a general hypertext cross-referencing tool, have been alerted of a vulnerability that allows a remote attacker to read arbitrary files on the host system as user www-data. This could disclose local files that were not meant to be shared with the public.
For the stable distribution (woody) this problem has been fixed in version 0.3-3.
The old stable distribution (potato) is not affected since it does not contain an lxr package.
For the unstable distribution (sid) this problem has been fixed in version 0.3-4.
Read more
MandrakeSoft has released zlib update for Mandrake Linux 7.2 - 9.0
Red Hat has released updated samba packages for Red Hat Linux 7.2 - 8.0
A new security update for Debian GNU/Linux has been released
DSA-263-1 netpbm-free -- math overflow errors
Al Viro and Alan Cox discovered several maths overflow errors in NetPBM, a set of graphics conversion tools. These programs are not installed setuid root but are often installed to prepare data for processing. These vulnerabilities may allow remote attackers to cause a denial of service or execute arbitrary code.
For the stable distribution (woody) this problem has been fixed in version 9.20-8.2.
The old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) this problem has been fixed in version 9.20-9.
Read more
DSA-263-1 netpbm-free -- math overflow errors
Al Viro and Alan Cox discovered several maths overflow errors in NetPBM, a set of graphics conversion tools. These programs are not installed setuid root but are often installed to prepare data for processing. These vulnerabilities may allow remote attackers to cause a denial of service or execute arbitrary code.
For the stable distribution (woody) this problem has been fixed in version 9.20-8.2.
The old stable distribution (potato) does not seem to be affected by this problem.
For the unstable distribution (sid) this problem has been fixed in version 9.20-9.
Read more
A security update for qpopper under Gentoo Linux is out
