mutt Update for Debian

Security 10943 Published by Philipp Esselbach 0

A new security update for Debian GNU/Linux has been released

DSA-274-1 mutt -- buffer overflow

Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.

Read more

krb4/dietlibc Updates for Debian

Security 10943 Published by Philipp Esselbach 0

Two new security updates for Debian GNU/Linux are available:

DSA-273-1 krb4 -- Cryptographic weakness

A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure.

Read more

DSA-272-1 dietlibc -- integer overflow

eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function of glibc, that is also present in dietlibc, a small libc useful especially for small and embedded systems. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code.

Read more

Ecartis/Kernel Update for Debian

Security 10943 Published by Philipp Esselbach 0

Two new security updates for Debian GNU/Linux has been released:

DSA-271-1 ecartis -- unauthorized password change

A problem has been discovered in ecartis, a mailing list manager, formerly known as listar. This vulnerability enables an attacker to reset the password of any user defined on the list server, including the list admins.

Read more

DSA-270-1 linux-kernel-mips -- local privilege escalation

The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible.

This advisory only covers kernel packages for the big and little endian MIPS architectures. Other architectures will be covered by separate advisories.

Read more

lpr Update for Debian

Security 10943 Published by Philipp Esselbach 0

Another security update for Debian GNU/Linux has been released:

DSA-267-1 lpr -- buffer overflow

A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly.

For the stable distribution (woody) this problem has been fixed in version 2000.05.07-4.3.

For the old stable distribution (potato) this problem has been fixed in version 0.48-1.1.

For the unstable distribution (sid) this problem has been fixed in version 2000.05.07-4.20.

We recommend that you upgrade your lpr package immediately.

Download

Evolution/Kernel Update for Gentoo

Security 10943 Published by Philipp Esselbach 0

Two security updates for Gentoo Linux has been released

PACKAGE : evolution

Three vulnerabilities were found that could lead to various forms of exploitation ranging from denying to users the ability to read email, provoke system unstability, bypassing security context checks for email content and possibly execution of arbitrary commands on vulnerable systems.

Read more

PACKAGE : kernel

The Linux 2.2 and Linux 2.4 kernels have a flaw in ptrace. This hole allows local users to obtain full privileges. Remote exploitation of this hole is not possible. Linux 2.5 is not believed to be vulnerable.

Read more

Gentoo Security Updates

Security 10943 Published by 0

The following security updates has been released for Gentoo Linux:

PACKAGE : mysql

This issue has been adressed in 3.23.56 (release build is started today), and some steps were taken to alleviate the threat.

Read more

PACKAGE : man

man 1.5l was released today, fixing a bug which results in arbitrary code execution upon reading a specially formatted man file.

Read more

PACKAGE : openssl

Researchers have discovered a timing attack on RSA keys, to which OpenSSL is generally vulnerable, unless RSA blinding has been turned on.

Read more

PACKAGE : rxvt

Many of the features supported by popular terminal emulator software can be abused when un-trusted data is displayed on the screen.

Read more

Previous Page

Next Page

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...