Debian Security Updates

Security 10912 Published by Philipp Esselbach 0

Two new security updates for Debian GNU/Linux are available:

DSA-277-1 apcupsd -- buffer overflows, format string

The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on.

Read more

DSA-276-1 linux-kernel-s390 -- local privilege escalation

The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible.

Read more

lpr-ppd Update for Debian

Security 10912 Published by Philipp Esselbach 0

A new security updates for Debian GNU/Linux has been released:

DSA-275-1 lpr-ppd -- buffer overflow

A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly.

Read more

Mandrake Security Updates

Security 10912 Published by Philipp Esselbach 0

MandrakeSoft has released the following security updates for Mandrake Linux:

MDKSA-2003:043 - krb5
MDKSA-2003:042 - sendmail
MDKSA-2003:041 - mutt
MDKSA-2003:040 - Eterm

Read more

Updated OpenSSL/Samba packages for RH

Security 10912 Published by Philipp Esselbach 0

Red Hat has released new security updates:

New samba packages

Updated Samba packages for Red Hat Linux 9 are now included. Please note that this issue only affects Red Hat Linux 9 boxed sets manufactured for distribution within the United States. The part numbers, which can be found on the bottom flap of the box, are RHF0120US and RHF0121US.

Read more

Updated OpenSSL packages

Updated OpenSSL packages for Red Hat 6.2 - 9 are available that fix a potential timing-based attack and a modified Bleichenbacher attack.

Read more

Gentoo Security Updates

Security 10912 Published by Philipp Esselbach 0

The following new security updates are available for Gentoo Linux:

- GLSA: dietlibc (200303-29)
- GLSA: krb5 & mit-krb5 (200303-28)
- GLSA: sendmail (200303-27)
- GLSA: openafs (200303-26)

Read more

Sendmail Update for Red Hat 7.2

Security 10912 Published by Philipp Esselbach 0

Cheetaweb has released an unofficial Sendmail patch for Red Hat Linux 7.2:

Download and install the following RPM's with rpm -Uvh

sendmail-8.11.6-24.72.i386.rpm
sendmail-cf-8.11.6-24.72.i386.rpm
sendmail-devel-8.11.6-24.72.i386.rpm
sendmail-doc-8.11.6-24.72.i386.rpm

MD5 Checksums:

f94ea1591d6a6d129f78feaeae912ff0 sendmail-8.11.6-24.72.i386.rpm
02d64303522d2462bc10c273eb8be06b sendmail-cf-8.11.6-24.72.i386.rpm
6ecd6c126e8c7f2521dfe85d81912848 sendmail-devel-8.11.6-24.72.i386.rpm
c6e93505c859a6672f3119ef2ea171a5 sendmail-doc-8.11.6-24.72.i386.rpm

mutt Update for Debian

Security 10912 Published by Philipp Esselbach 0

A new security update for Debian GNU/Linux has been released

DSA-274-1 mutt -- buffer overflow

Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.

Read more

krb4/dietlibc Updates for Debian

Security 10912 Published by Philipp Esselbach 0

Two new security updates for Debian GNU/Linux are available:

DSA-273-1 krb4 -- Cryptographic weakness

A cryptographic weakness in version 4 of the Kerberos protocol allows an attacker to use a chosen-plaintext attack to impersonate any principal in a realm. Additional cryptographic weaknesses in the krb4 implementation permit the use of cut-and-paste attacks to fabricate krb4 tickets for unauthorized client principals if triple-DES keys are used to key krb4 services. These attacks can subvert a site's entire Kerberos authentication infrastructure.

Read more

DSA-272-1 dietlibc -- integer overflow

eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function of glibc, that is also present in dietlibc, a small libc useful especially for small and embedded systems. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code.

Read more

Ecartis/Kernel Update for Debian

Security 10912 Published by Philipp Esselbach 0

Two new security updates for Debian GNU/Linux has been released:

DSA-271-1 ecartis -- unauthorized password change

A problem has been discovered in ecartis, a mailing list manager, formerly known as listar. This vulnerability enables an attacker to reset the password of any user defined on the list server, including the list admins.

Read more

DSA-270-1 linux-kernel-mips -- local privilege escalation

The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible.

This advisory only covers kernel packages for the big and little endian MIPS architectures. Other architectures will be covered by separate advisories.

Read more

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...