MandrakeSoft has released a Samba update for Mandrake Linux
The following security updates for Debian GNU/Linux has been released
DSA-280-1 samba -- buffer overflow
Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use.
Since the packags for potato are quite old it is likely that they contain more security-relevant bugs that we know of. You are therefore advised to upgrade your systems running Samba to woody soon.
Read more
DSA-279-1 metrics -- insecure temporary file creation
Paul Szabo and Matt Zimmerman discoverd two similar problems in metrics, a tools for software metrics. Two scripts in this package, "halstead" and "gather_stats", open temporary files without taking appropriate security precautions. "halstead" is installed as a user program, while "gather_stats" is only used in an auxiliary script included in the source code. These vulnerabilities could allow a local attacker to overwrite files owned by the user running the scripts, including root.
Read more
DSA-280-1 samba -- buffer overflow
Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use.
Since the packags for potato are quite old it is likely that they contain more security-relevant bugs that we know of. You are therefore advised to upgrade your systems running Samba to woody soon.
Read more
DSA-279-1 metrics -- insecure temporary file creation
Paul Szabo and Matt Zimmerman discoverd two similar problems in metrics, a tools for software metrics. Two scripts in this package, "halstead" and "gather_stats", open temporary files without taking appropriate security precautions. "halstead" is installed as a user program, while "gather_stats" is only used in an auxiliary script included in the source code. These vulnerabilities could allow a local attacker to overwrite files owned by the user running the scripts, including root.
Read more
Red Hat has released new Samba Packages for Red Hat Linux 7.2 - 9
The Samba Team released a patch on Monday for the second major security flaw found in the past few weeks in the open-source group's widely used program for sharing Windows files between Unix and Linux systems.
Read more
Read more
Ensim has released a new update for Ensim WEBppliance 3.1.8
The sendmail security update is now available for Debian GNU/Linux
Two new security updates for Debian GNU/Linux are available:
DSA-277-1 apcupsd -- buffer overflows, format string
The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on.
Read more
DSA-276-1 linux-kernel-s390 -- local privilege escalation
The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible.
Read more
DSA-277-1 apcupsd -- buffer overflows, format string
The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on.
Read more
DSA-276-1 linux-kernel-s390 -- local privilege escalation
The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible.
Read more
A new security updates for Debian GNU/Linux has been released:
DSA-275-1 lpr-ppd -- buffer overflow
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly.
Read more
DSA-275-1 lpr-ppd -- buffer overflow
A buffer overflow has been discovered in lpr, a BSD lpr/lpd line printer spooling system. This problem can be exploited by a local user to gain root privileges, even if the printer system is set up properly.
Read more
Updated vsftpd packages for Red Hat Linux 9 has been released
MandrakeSoft has released the following security updates for Mandrake Linux:
MDKSA-2003:043 - krb5
MDKSA-2003:042 - sendmail
MDKSA-2003:041 - mutt
MDKSA-2003:040 - Eterm
Read more
MDKSA-2003:043 - krb5
MDKSA-2003:042 - sendmail
MDKSA-2003:041 - mutt
MDKSA-2003:040 - Eterm
Read more
Red Hat has released new security updates:
New samba packages
Updated Samba packages for Red Hat Linux 9 are now included. Please note that this issue only affects Red Hat Linux 9 boxed sets manufactured for distribution within the United States. The part numbers, which can be found on the bottom flap of the box, are RHF0120US and RHF0121US.
Read more
Updated OpenSSL packages
Updated OpenSSL packages for Red Hat 6.2 - 9 are available that fix a potential timing-based attack and a modified Bleichenbacher attack.
Read more
New samba packages
Updated Samba packages for Red Hat Linux 9 are now included. Please note that this issue only affects Red Hat Linux 9 boxed sets manufactured for distribution within the United States. The part numbers, which can be found on the bottom flap of the box, are RHF0120US and RHF0121US.
Read more
Updated OpenSSL packages
Updated OpenSSL packages for Red Hat 6.2 - 9 are available that fix a potential timing-based attack and a modified Bleichenbacher attack.
Read more
The following new security updates are available for Gentoo Linux:
- GLSA: dietlibc (200303-29)
- GLSA: krb5 & mit-krb5 (200303-28)
- GLSA: sendmail (200303-27)
- GLSA: openafs (200303-26)
Read more
- GLSA: dietlibc (200303-29)
- GLSA: krb5 & mit-krb5 (200303-28)
- GLSA: sendmail (200303-27)
- GLSA: openafs (200303-26)
Read more
Red Hat has released updated Evolution packages for Red Hat Linux 7.3 - 9
Red Hat has released a Sendmail security update for Red Hat Linux 6.2 - 9
Two Kernel updates for Mandrake Linux are available:
- Updated 2.4 kernel packages fix ptrace vulnerability
- Updated kernel22 packages fix multiple vulnerabilities
- Updated 2.4 kernel packages fix ptrace vulnerability
- Updated kernel22 packages fix multiple vulnerabilities
A new zlib update has been released for Gentoo Linux
Cheetaweb has released an unofficial Sendmail patch for Red Hat Linux 7.2:
Download and install the following RPM's with rpm -Uvh
sendmail-8.11.6-24.72.i386.rpm
sendmail-cf-8.11.6-24.72.i386.rpm
sendmail-devel-8.11.6-24.72.i386.rpm
sendmail-doc-8.11.6-24.72.i386.rpm
MD5 Checksums:
f94ea1591d6a6d129f78feaeae912ff0 sendmail-8.11.6-24.72.i386.rpm
02d64303522d2462bc10c273eb8be06b sendmail-cf-8.11.6-24.72.i386.rpm
6ecd6c126e8c7f2521dfe85d81912848 sendmail-devel-8.11.6-24.72.i386.rpm
c6e93505c859a6672f3119ef2ea171a5 sendmail-doc-8.11.6-24.72.i386.rpm
Download and install the following RPM's with rpm -Uvh
sendmail-8.11.6-24.72.i386.rpm
sendmail-cf-8.11.6-24.72.i386.rpm
sendmail-devel-8.11.6-24.72.i386.rpm
sendmail-doc-8.11.6-24.72.i386.rpm
MD5 Checksums:
f94ea1591d6a6d129f78feaeae912ff0 sendmail-8.11.6-24.72.i386.rpm
02d64303522d2462bc10c273eb8be06b sendmail-cf-8.11.6-24.72.i386.rpm
6ecd6c126e8c7f2521dfe85d81912848 sendmail-devel-8.11.6-24.72.i386.rpm
c6e93505c859a6672f3119ef2ea171a5 sendmail-doc-8.11.6-24.72.i386.rpm
RaQTweak has released unofficial Sendmail updates for Cobalt RaQ2,3,4, 550 and XTR.
SoLrus, the SoL update system now offers sendmail 8.12.9
For updating SoL please visit: http://update.sol-linux.com
For updating SoL please visit: http://update.sol-linux.com
WEBppliance.info has released an unofficial Sendmail security update for Ensim WEBpplance 3.1.8
