KDE/File Update for Mandrake

Security 10911 Published by Philipp Esselbach 0

Two new security updates for Mandrake Linux has been released:

kde3

A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails.

Read more

file

A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.

Read more

Debian Security Updates

Security 10911 Published by Philipp Esselbach 0

3 new security updates for Debian GNU/Linux are available:

DSA-290-1 sendmail-wide -- char-to-int conversion

Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable.

Read more

DSA-289-1 rinetd -- incorrect memory resizing

Sam Hocevar discovered a security problem in rinetd, an IP connection redirection server. When the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of service and potentially execution of arbitrary code.

Read more

DSA-288-1 openssl -- several vulnerabilities

Researchers discovered two flaws in OpenSSL, a Secure Socket Layer (SSL) library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server's private key or make the encrypted session decryptable otherwise.

Read more

gs-common/epic Updates for Debian

Security 10911 Published by 0

Two new security updates for Debian GNU/Linux has been released

DSA-286-1 gs-common -- insecure temporary file

Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsi uses a temporary file in the process of invoking ghostscript. This file was created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi.

Read more

DSA-287-1 epic -- buffer overflows

Timo Sirainen discovered several problems in EPIC, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.

Read more

Mandrake Security Updates

Security 10911 Published by Philipp Esselbach 0

Two new security updates for Mandrake Linux has been released:

MDKSA-2003:046 : gtkhtml

A vulnerability in GtkHTML was discovered by Alan Cox with the Evolution email client. GtkHTML is used to handle HTML messages in Evolution and certain malformed messages could cause Evolution to crash due to this bug.

Read more

MDKSA-2003:045 : evolution

Several vulnerabilities were discovered in the Evolution email client. These problems make it possible for a carefully constructed email message to crash the program, causing general system instability by starving resources.

Read more

glibc/moxftp Update for Debian

Security 10911 Published by 0

Two new security updates for Debian GNU/Linux are now available:

DSA-282-1 glibc -- integer overflow

eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function which is also present in GNU libc. This function is part of the XDR (external data representation) encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitrary code.

Read more

DSA-281-1 moxftp -- buffer overflow

Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp respectively), an Athena X interface to FTP. Insufficient bounds checking could lead to execution of arbitrary code, provided by a malicious FTP server. Erik Tews fixed this.

Read more

Red Hat 8.0/9 Updates

Security 10911 Published by Philipp Esselbach 0

Red Hat has released new updates for Red Hat Linux 8.0 and 9:

Red Hat 9
- Updated RHN Notification Tool available
- New samba packages fix security vulnerability
- Updated httpd packages fix security vulnerabilities.
- Updated 2.4 kernel fixes USB storage

Read more

Red Hat 8.0
- Updated RHN Notification Tool available
- New samba packages fix security vulnerability
- Updated httpd packages fix security vulnerabilities.
- Updated mgetty packages available

Read more

Samba/Metrics Packages for Debian

Security 10911 Published by Philipp Esselbach 0

The following security updates for Debian GNU/Linux has been released

DSA-280-1 samba -- buffer overflow

Digital Defense, Inc. has alerted the Samba Team to a serious vulnerability in Samba, a LanManager-like file and printer server for Unix. This vulnerability can lead to an anonymous user gaining root access on a Samba serving system. An exploit for this problem is already circulating and in use.

Since the packags for potato are quite old it is likely that they contain more security-relevant bugs that we know of. You are therefore advised to upgrade your systems running Samba to woody soon.

Read more

DSA-279-1 metrics -- insecure temporary file creation

Paul Szabo and Matt Zimmerman discoverd two similar problems in metrics, a tools for software metrics. Two scripts in this package, "halstead" and "gather_stats", open temporary files without taking appropriate security precautions. "halstead" is installed as a user program, while "gather_stats" is only used in an auxiliary script included in the source code. These vulnerabilities could allow a local attacker to overwrite files owned by the user running the scripts, including root.

Read more

Samba flaw threatens Linux file servers

Security 10911 Published by Philipp Esselbach 0

The Samba Team released a patch on Monday for the second major security flaw found in the past few weeks in the open-source group's widely used program for sharing Windows files between Unix and Linux systems.

Read more

Debian Security Updates

Security 10911 Published by Philipp Esselbach 0

Two new security updates for Debian GNU/Linux are available:

DSA-277-1 apcupsd -- buffer overflows, format string

The controlling and management daemon apcupsd for APC's Unbreakable Power Supplies is vulnerable to several buffer overflows and format string attacks. These bugs can be exploited remotely by an attacker to gain root access to the machine apcupsd is running on.

Read more

DSA-276-1 linux-kernel-s390 -- local privilege escalation

The kernel module loader in Linux 2.2 and Linux 2.4 kernels has a flaw in ptrace. This hole allows local users to obtain root privileges by using ptrace to attach to a child process that is spawned by the kernel. Remote exploitation of this hole is not possible.

Read more

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...