Red Hat has released an update for Apache 2.0.40 under Red Hat Linux 8.0 and 9
Red Hat has released updated CUPS packages for Red Hat Linux
MandrakeSoft has released the following security updates for Mandrake Linux:
MDKSA-2003:061 - gnupg
MDKSA-2003:060 - LPRng
MDKSA-2003:059 - lpr
MDKSA-2003:058-1 - cdrecord
MDKA-2003:011 - gnome-pilot
Read more
MDKSA-2003:061 - gnupg
MDKSA-2003:060 - LPRng
MDKSA-2003:059 - lpr
MDKSA-2003:058-1 - cdrecord
MDKA-2003:011 - gnome-pilot
Read more
Red Hat has released 3 new security updates for Red Hat Linux
RHBA-2003:143-10: Updated modutils package corrects PLT relocation bug
RHBA-2003:144-07: Updated kernel packages correct TLB flush problem
RHSA-2003:175-06: Updated gnupg packages fix validation bug
RHBA-2003:143-10: Updated modutils package corrects PLT relocation bug
The modutils package contains the software necessary to load and unload kernel modules.Read more
A prior version of modutils had a bug that caused PLT relocations to be resolved incorrectly when loading a module. This bug would result in a crash when a module containing PLT relocations was loaded. This patch corrects the problem.
RHBA-2003:144-07: Updated kernel packages correct TLB flush problem
The Linux kernel handles the basic functions of the operating system.Read more
A flaw has been discovered in the kernel code handling translation lookaside buffer flushing. The flaw made it possible for a multithreaded process (with threads running on more than one processor) to fail to note that the TLB should be flushed for every processor on which the process's
threads had run.
The upgraded kernel packages contained in this erratum corrects the problem.
RHSA-2003:175-06: Updated gnupg packages fix validation bug
When evaluating trust values for different UIDs assigned to a given key, GnuPG versions earlier than 1.2.2 would incorrectly associate the trust value of the UID with the highest trust value with every UID assigned to that key. This would prevent an expected warning message from being generated.Read more
All users are advised to upgrade to these errata packages which include patches from the GnuPG development team that correct this issue for GnuPG versions 1.0.7 and 1.2.1. This update also upgrades Red Hat Linux 7.1, 7.2, and 7.3 users to GnuPG version 1.0.7.
A new security update for Debian GNU/Linux has been released
DSA-306 ircii-pana
buffer overflows, integer overflow
Read more
DSA-306 ircii-pana
buffer overflows, integer overflow
Read more
Red Hat has released updated lv packages for Red Hat Linux
RHSA-2003:169-08: Updated lv packages fix vulnerability
RHSA-2003:169-08: Updated lv packages fix vulnerability
Updated lv packages fix vulnerabilityRead more
Lv is a powerful file viewer similar to less. It can decode and encode multilingual streams through many coding systems, such as ISO-8859, ISO-2022, EUC, SJIS Big5, HZ, and Unicode.
A bug has been found in versions of lv that read a .lv file in the current directory. Local attackers can use this to place an .lv file in any directory to which they have write access. Any user who subsequently runs lv in that directory and uses the v (edit) command can be forced to execute an arbitrary program.
Users are advised to upgrade to these erratum packages, which contain a version of lv that is patched to read the .lv configuration file only in the user's home directory.
MandrakeSoft has released the following security updates:
MDKSA-2003:058 - cdrecord
MDKSA-2003:057 - MySQL
MDKSA-2003:056 - xinetd
MDKA-2003:010 - drakxtools
Download
MDKSA-2003:058 - cdrecord
MDKSA-2003:057 - MySQL
MDKSA-2003:056 - xinetd
MDKA-2003:010 - drakxtools
Download
Red Hat has released an updated 2.4 kernel for Red Hat Linux
Red Hat has released updated xinetd packages
Red Hat has released updated KDE packages
MandrakeSoft has released an updated kopete package for Mandrake Linux 9.1
Ensim has released WEBppliance Pro for Linux 3.5.4
Two new security updates for Debian GNU/Linux are available:
DSA-301-1 libgtop
The gtop daemon, used for monitoring remote machines, contains a buffer overflow which could be used by an attacker to execute arbitrary code with the privileges of the daemon process. If started as root, the daemon process drops root privileges, assuming uid and gid 99 by default.
Read more
DSA-302-1 fuzz
Joey Hess discovered that fuzz, a software stress-testing tool, creates a temporary file without taking appropriate security precautions. This bug could allow an attacker to gain the privileges of the user invoking fuzz, excluding root (fuzz does not allow itself to be invoked as root).
Read more
DSA-301-1 libgtop
The gtop daemon, used for monitoring remote machines, contains a buffer overflow which could be used by an attacker to execute arbitrary code with the privileges of the daemon process. If started as root, the daemon process drops root privileges, assuming uid and gid 99 by default.
Read more
DSA-302-1 fuzz
Joey Hess discovered that fuzz, a software stress-testing tool, creates a temporary file without taking appropriate security precautions. This bug could allow an attacker to gain the privileges of the user invoking fuzz, excluding root (fuzz does not allow itself to be invoked as root).
Read more
An OpenSSH update for Gentoo Linux has been released
MandrakeSoft has released two security updates for Mandrake Linux:
MandrakeSoft Security Advisory MDKSA-2003:054 : man
A difficult to exploit vulnerability was discovered in versions of man prior to 1.5l. A bug exists in man that could cause a program named "unsafe" to be executed due to a malformed man file. In order to exploit this bug, a local attacker would have to be able to get another user to read the malformed man file, and the attacker would also have to create a file called "unsafe" that would be located somewhere in the victim's path.
Read more
MandrakeSoft Security Advisory MDKSA-2003:053 : mgetty
Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented.
Read more
MandrakeSoft Security Advisory MDKSA-2003:054 : man
A difficult to exploit vulnerability was discovered in versions of man prior to 1.5l. A bug exists in man that could cause a program named "unsafe" to be executed due to a malformed man file. In order to exploit this bug, a local attacker would have to be able to get another user to read the malformed man file, and the attacker would also have to create a file called "unsafe" that would be located somewhere in the victim's path.
Read more
MandrakeSoft Security Advisory MDKSA-2003:053 : mgetty
Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An internal buffer could be overflowed if the caller name reported by the modem, via Caller ID information, was too long. As well, the faxspool script that comes with mgetty used a simple permissions scheme to allow or deny fax transmission privileges. Because the spooling directory used for outgoing faxes was world-writeable, this scheme was easily circumvented.
Read more
Two new security updates for Debian GNU/Linux has been released
DSA-300-1 balsa
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This code is imported in the Balsa package. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.
Read more
DSA-299-1 leksbot
Maurice Massar discovered that, due to a packaging error, the program /usr/bin/KATAXWR was inadvertently installed setuid root. This program was not designed to run setuid, and contained multiple vulnerabilities which could be exploited to gain root privileges.
Read more
DSA-300-1 balsa
Byrial Jensen discovered a couple of off-by-one buffer overflow in the IMAP code of Mutt, a text-oriented mail reader supporting IMAP, MIME, GPG, PGP and threading. This code is imported in the Balsa package. This problem could potentially allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder.
Read more
DSA-299-1 leksbot
Maurice Massar discovered that, due to a packaging error, the program /usr/bin/KATAXWR was inadvertently installed setuid root. This program was not designed to run setuid, and contained multiple vulnerabilities which could be exploited to gain root privileges.
Read more
MandrakeSoft has released the following security updates for Mandrake Linux:
- MDKA-2003:009 - openldap
- MDKA-2003:008 - drakxtools
- MDKA-2003:007 - devfsd
- MDKA-2003:006 - kdebase-servicemenu
Read more
- MDKA-2003:009 - openldap
- MDKA-2003:008 - drakxtools
- MDKA-2003:007 - devfsd
- MDKA-2003:006 - kdebase-servicemenu
Read more
Two new security updates are available for Debian GNU/Linux:
- DSA-297 snort - integer overflow, buffer overflow
- DSA-298 epic4 - buffer overflows
Read more
- DSA-297 snort - integer overflow, buffer overflow
- DSA-298 epic4 - buffer overflows
Read more
WEBppliance Pro 3.5.3 fixes a security issue that allows browsers to access arbitrary apache-readable files by using multiple '/' characters in the URI (e.g. http://server//etc/passwd). This exploit is present in all versions of WEBppliance Pro prior to 3.5.3.
Read more
Read more
