MandrakeSoft has released the following security updates for Mandrake Linux:
- MDKSA-2003:051 - ethereal
- MDKSA-2003:049-1 - kde3
- MDKA-2003:005 - ldetect
- MDKA-2003:004-1 - 9.1
- MDKSA-2003:050 - apache2
- MDKSA-2003:051 - ethereal
- MDKSA-2003:049-1 - kde3
- MDKA-2003:005 - ldetect
- MDKA-2003:004-1 - 9.1
- MDKSA-2003:050 - apache2
Two new security updates for Debian GNU/Linux are available:
- DSA-294 gkrellm-newsticker
- DSA-293 kdelibs
- DSA-294 gkrellm-newsticker
- DSA-293 kdelibs
Red Hat has released the following new security updates:
Updated ethereal packages fix security vulnerabilities
Affected Products:
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
Updated ethereal packages are now available which fix a format string bug and a heap-based buffer overflow.
Ethereal is a package designed for monitoring network traffic on your system.
Read more
Updated tcpdump packages fix various vulnerabilities
Affected Products:
Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Updated tcpdump, libpcap, and arpwatch packages are available, fixing a number of vulnerabilities that could be used to cause a denial of service attack, or possibly execute arbitrary code.
tcpdump is a command-line tool for monitoring network traffic.
Read more
Updated ethereal packages fix security vulnerabilities
Affected Products:
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
Updated ethereal packages are now available which fix a format string bug and a heap-based buffer overflow.
Ethereal is a package designed for monitoring network traffic on your system.
Read more
Updated tcpdump packages fix various vulnerabilities
Affected Products:
Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Updated tcpdump, libpcap, and arpwatch packages are available, fixing a number of vulnerabilities that could be used to cause a denial of service attack, or possibly execute arbitrary code.
tcpdump is a command-line tool for monitoring network traffic.
Read more
A mime-support update for Debian GNU/Linux has been released
Two new security updates for Mandrake Linux has been released:
kde3
A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails.
Read more
file
A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.
Read more
kde3
A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails.
Read more
file
A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.
Read more
3 new security updates for Debian GNU/Linux are available:
DSA-290-1 sendmail-wide -- char-to-int conversion
Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable.
Read more
DSA-289-1 rinetd -- incorrect memory resizing
Sam Hocevar discovered a security problem in rinetd, an IP connection redirection server. When the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of service and potentially execution of arbitrary code.
Read more
DSA-288-1 openssl -- several vulnerabilities
Researchers discovered two flaws in OpenSSL, a Secure Socket Layer (SSL) library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server's private key or make the encrypted session decryptable otherwise.
Read more
DSA-290-1 sendmail-wide -- char-to-int conversion
Michal Zalewski discovered a buffer overflow, triggered by a char to int conversion, in the address parsing code in sendmail, a widely used powerful, efficient, and scalable mail transport agent. This problem is potentially remotely exploitable.
Read more
DSA-289-1 rinetd -- incorrect memory resizing
Sam Hocevar discovered a security problem in rinetd, an IP connection redirection server. When the connection list is full, rinetd resizes the list in order to store the new incoming connection. However, this is done improperly, resulting in a denial of service and potentially execution of arbitrary code.
Read more
DSA-288-1 openssl -- several vulnerabilities
Researchers discovered two flaws in OpenSSL, a Secure Socket Layer (SSL) library and related cryptographic tools. Applications that are linked against this library are generally vulnerable to attacks that could leak the server's private key or make the encrypted session decryptable otherwise.
Read more
MandrakeSoft has released the following security patches for Mandrake Linux:
MDKSA-2003:047 : xfsdump
MDKSA-2003:047 : xfsdump
Two new security updates for Debian GNU/Linux has been released
DSA-286-1 gs-common -- insecure temporary file
Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsi uses a temporary file in the process of invoking ghostscript. This file was created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi.
Read more
DSA-287-1 epic -- buffer overflows
Timo Sirainen discovered several problems in EPIC, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.
Read more
DSA-286-1 gs-common -- insecure temporary file
Paul Szabo discovered insecure creation of a temporary file in ps2epsi, a script that is distributed as part of gs-common which contains common files for different Ghostscript releases. ps2epsi uses a temporary file in the process of invoking ghostscript. This file was created in an insecure fashion, which could allow a local attacker to overwrite files owned by a user who invokes ps2epsi.
Read more
DSA-287-1 epic -- buffer overflows
Timo Sirainen discovered several problems in EPIC, a popular client for Internet Relay Chat (IRC). A malicious server could craft special reply strings, triggering the client to write beyond buffer boundaries. This could lead to a denial of service if the client only crashes, but may also lead to executing of arbitrary code under the user id of the chatting user.
Read more
Red Hat has released an updated gtkhtml package for Red Hat Linux 9
Two new security updates for Mandrake Linux has been released:
MDKSA-2003:046 : gtkhtml
A vulnerability in GtkHTML was discovered by Alan Cox with the Evolution email client. GtkHTML is used to handle HTML messages in Evolution and certain malformed messages could cause Evolution to crash due to this bug.
Read more
MDKSA-2003:045 : evolution
Several vulnerabilities were discovered in the Evolution email client. These problems make it possible for a carefully constructed email message to crash the program, causing general system instability by starving resources.
Read more
MDKSA-2003:046 : gtkhtml
A vulnerability in GtkHTML was discovered by Alan Cox with the Evolution email client. GtkHTML is used to handle HTML messages in Evolution and certain malformed messages could cause Evolution to crash due to this bug.
Read more
MDKSA-2003:045 : evolution
Several vulnerabilities were discovered in the Evolution email client. These problems make it possible for a carefully constructed email message to crash the program, causing general system instability by starving resources.
Read more
Ensim has released WEBppliance 3.1.10 LS
The following security updates for Debian GNU/Linux has been released:
- DSA-285 lprng - insecure temporary file
- DSA-284 kdegraphics - insecure execution
- DSA-283 xfsdump - insecure file creation
- DSA-285 lprng - insecure temporary file
- DSA-284 kdegraphics - insecure execution
- DSA-283 xfsdump - insecure file creation
Two new security updates for Debian GNU/Linux are now available:
DSA-282-1 glibc -- integer overflow
eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function which is also present in GNU libc. This function is part of the XDR (external data representation) encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitrary code.
Read more
DSA-281-1 moxftp -- buffer overflow
Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp respectively), an Athena X interface to FTP. Insufficient bounds checking could lead to execution of arbitrary code, provided by a malicious FTP server. Erik Tews fixed this.
Read more
DSA-282-1 glibc -- integer overflow
eEye Digital Security discovered an integer overflow in the xdrmem_getbytes() function which is also present in GNU libc. This function is part of the XDR (external data representation) encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitrary code.
Read more
DSA-281-1 moxftp -- buffer overflow
Knud Erik Højgaard discovered a vulnerability in moxftp (and xftp respectively), an Athena X interface to FTP. Insufficient bounds checking could lead to execution of arbitrary code, provided by a malicious FTP server. Erik Tews fixed this.
Read more
MandrakeSoft has released an updated Kernel which fix the ptrace issue under Mandrake Linux 8.2
3 new security updates for Gentoo Linux has been released:
- setiathome (200304-03)
- samba (200304-02)
- apache (200304-01)
Read more
- setiathome (200304-03)
- samba (200304-02)
- apache (200304-01)
Read more
Red Hat has released new updates for Red Hat Linux 8.0 and 9:
Red Hat 9
- Updated RHN Notification Tool available
- New samba packages fix security vulnerability
- Updated httpd packages fix security vulnerabilities.
- Updated 2.4 kernel fixes USB storage
Read more
Red Hat 8.0
- Updated RHN Notification Tool available
- New samba packages fix security vulnerability
- Updated httpd packages fix security vulnerabilities.
- Updated mgetty packages available
Read more
Red Hat 9
- Updated RHN Notification Tool available
- New samba packages fix security vulnerability
- Updated httpd packages fix security vulnerabilities.
- Updated 2.4 kernel fixes USB storage
Read more
Red Hat 8.0
- Updated RHN Notification Tool available
- New samba packages fix security vulnerability
- Updated httpd packages fix security vulnerabilities.
- Updated mgetty packages available
Read more
