Ensim has released WEBppliance Pro for Linux 3.5.4
Two new security updates for Debian GNU/Linux are available:
DSA-301-1 libgtop
The gtop daemon, used for monitoring remote machines, contains a buffer overflow which could be used by an attacker to execute arbitrary code with the privileges of the daemon process. If started as root, the daemon process drops root privileges, assuming uid and gid 99 by default.
Read more
DSA-302-1 fuzz
Joey Hess discovered that fuzz, a software stress-testing tool, creates a temporary file without taking appropriate security precautions. This bug could allow an attacker to gain the privileges of the user invoking fuzz, excluding root (fuzz does not allow itself to be invoked as root).
Read more
DSA-301-1 libgtop
The gtop daemon, used for monitoring remote machines, contains a buffer overflow which could be used by an attacker to execute arbitrary code with the privileges of the daemon process. If started as root, the daemon process drops root privileges, assuming uid and gid 99 by default.
Read more
DSA-302-1 fuzz
Joey Hess discovered that fuzz, a software stress-testing tool, creates a temporary file without taking appropriate security precautions. This bug could allow an attacker to gain the privileges of the user invoking fuzz, excluding root (fuzz does not allow itself to be invoked as root).
Read more
An OpenSSH update for Gentoo Linux has been released
MandrakeSoft has released two security updates for Mandrake Linux:
MandrakeSoft Security Advisory MDKSA-2003:054 : man
A difficult to exploit vulnerability was discovered in versions of man prior to 1.5l. A bug exists in man that could cause a program named "unsafe" to be executed due to a malformed man file. In order to exploit this bug, a local attacker would have to be able to get another user to read the malformed man file, and the attacker would also have to create a file called "unsafe" that would be located somewhere in the victim's path.
Read more
MandrakeSoft Security Advisory MDKSA-2003:053 : mgetty
Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented.
Read more
MandrakeSoft Security Advisory MDKSA-2003:054 : man
A difficult to exploit vulnerability was discovered in versions of man prior to 1.5l. A bug exists in man that could cause a program named "unsafe" to be executed due to a malformed man file. In order to exploit this bug, a local attacker would have to be able to get another user to read the malformed man file, and the attacker would also have to create a file called "unsafe" that would be located somewhere in the victim's path.
Read more
MandrakeSoft Security Advisory MDKSA-2003:053 : mgetty
Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented.
Read more
Two new security updates for Debian GNU/Linux has been released
DSA-300-1 balsa
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This code is imported in the Balsa package. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.
Read more
DSA-299-1 leksbot
Maurice Massar discovered that, due to a packaging error, the program /usr/bin/KATAXWR was inadvertently installed setuid root. This program was not designed to run setuid, and contained multiple vulnerabilities which could be exploited to gain root privileges.
Read more
DSA-300-1 balsa
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This code is imported in the Balsa package. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.
Read more
DSA-299-1 leksbot
Maurice Massar discovered that, due to a packaging error, the program /usr/bin/KATAXWR was inadvertently installed setuid root. This program was not designed to run setuid, and contained multiple vulnerabilities which could be exploited to gain root privileges.
Read more
MandrakeSoft has released the following security updates for Mandrake Linux:
- MDKA-2003:009 - openldap
- MDKA-2003:008 - drakxtools
- MDKA-2003:007 - devfsd
- MDKA-2003:006 - kdebase-servicemenu
Read more
- MDKA-2003:009 - openldap
- MDKA-2003:008 - drakxtools
- MDKA-2003:007 - devfsd
- MDKA-2003:006 - kdebase-servicemenu
Read more
Two new security updates are available for Debian GNU/Linux:
- DSA-297 snort - integer overflow, buffer overflow
- DSA-298 epic4 - buffer overflows
Read more
- DSA-297 snort - integer overflow, buffer overflow
- DSA-298 epic4 - buffer overflows
Read more
WEBppliance Pro 3.5.3 fixes a security issue that allows browsers to access arbitrary apache-readable files by using multiple '/' characters in the URI (e.g. http://server//etc/passwd). This exploit is present in all versions of WEBppliance Pro prior to 3.5.3.
Read more
Read more
MandrakeSoft has released the following security updates for Mandrake Linux:
- MDKSA-2003:051 - ethereal
- MDKSA-2003:049-1 - kde3
- MDKA-2003:005 - ldetect
- MDKA-2003:004-1 - 9.1
- MDKSA-2003:050 - apache2
- MDKSA-2003:051 - ethereal
- MDKSA-2003:049-1 - kde3
- MDKA-2003:005 - ldetect
- MDKA-2003:004-1 - 9.1
- MDKSA-2003:050 - apache2
Two new security updates for Debian GNU/Linux are available:
- DSA-294 gkrellm-newsticker
- DSA-293 kdelibs
- DSA-294 gkrellm-newsticker
- DSA-293 kdelibs
Red Hat has released the following new security updates:
Updated ethereal packages fix security vulnerabilities
Affected Products:
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
Updated ethereal packages are now available which fix a format string bug and a heap-based buffer overflow.
Ethereal is a package designed for monitoring network traffic on your system.
Read more
Updated tcpdump packages fix various vulnerabilities
Affected Products:
Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Updated tcpdump, libpcap, and arpwatch packages are available, fixing a number of vulnerabilities that could be used to cause a denial of service attack, or possibly execute arbitrary code.
tcpdump is a command-line tool for monitoring network traffic.
Read more
Updated ethereal packages fix security vulnerabilities
Affected Products:
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
Updated ethereal packages are now available which fix a format string bug and a heap-based buffer overflow.
Ethereal is a package designed for monitoring network traffic on your system.
Read more
Updated tcpdump packages fix various vulnerabilities
Affected Products:
Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Updated tcpdump, libpcap, and arpwatch packages are available, fixing a number of vulnerabilities that could be used to cause a denial of service attack, or possibly execute arbitrary code.
tcpdump is a command-line tool for monitoring network traffic.
Read more
A mime-support update for Debian GNU/Linux has been released
Two new security updates for Mandrake Linux has been released:
kde3
A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails.
Read more
file
A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.
Read more
kde3
A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails.
Read more
file
A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.
Read more
3 new security updates for Debian GNU/Linux are available:
DSA-290-1 sendmail-wide -- char-to-int conversion
Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable.
Read more
DSA-289-1 rinetd -- incorrect memory resizing
Sam Hocevar discovered a security problem in rinetd, an IP connection redirection server. When the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of service and potentially execution of arbitrary code.
Read more
DSA-288-1 openssl -- several vulnerabilities
Researchers discovered two flaws in OpenSSL, a Secure Socket Layer (SSL) library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server's private key or make the encrypted session decryptable otherwise.
Read more
DSA-290-1 sendmail-wide -- char-to-int conversion
Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable.
Read more
DSA-289-1 rinetd -- incorrect memory resizing
Sam Hocevar discovered a security problem in rinetd, an IP connection redirection server. When the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of service and potentially execution of arbitrary code.
Read more
DSA-288-1 openssl -- several vulnerabilities
Researchers discovered two flaws in OpenSSL, a Secure Socket Layer (SSL) library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server's private key or make the encrypted session decryptable otherwise.
Read more
MandrakeSoft has released the following security patches for Mandrake Linux:
MDKSA-2003:047 : xfsdump
MDKSA-2003:047 : xfsdump
Two new security updates for Debian GNU/Linux has been released
DSA-286-1 gs-common -- insecure temporary file
Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsi uses a temporary file in the process of invoking ghostscript. This file was created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi.
Read more
DSA-287-1 epic -- buffer overflows
Timo Sirainen discovered several problems in EPIC, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.
Read more
DSA-286-1 gs-common -- insecure temporary file
Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsi uses a temporary file in the process of invoking ghostscript. This file was created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi.
Read more
DSA-287-1 epic -- buffer overflows
Timo Sirainen discovered several problems in EPIC, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.
Read more
Red Hat has released an updated gtkhtml package for Red Hat Linux 9
