Red Hat has released updated Xpdf packages for Red Hat Linux
A security update for ethereal under Debian GNU/Linux has been released:
DSA-324 ethereal
several
Read more
DSA-324 ethereal
several
Read more
Debian.org has released a ton of security updates for Debian GNU/Linux:
DSA-319 webmin
session ID spoofing
Read more
DSA-318 lyskom-server
denial of service
Read more
DSA-317 cupsys
denial of service
Read more
DSA-316 nethack
buffer overflow, incorrect permissions
Read more
DSA-315 gnocatan
buffer overflows, denial of service
Read more
DSA-314 atftp
buffer overflow
Read more
DSA-313 ethereal
buffer overflows, integer overflows
Read more
DSA-319 webmin
session ID spoofing
Read more
DSA-318 lyskom-server
denial of service
Read more
DSA-317 cupsys
denial of service
Read more
DSA-316 nethack
buffer overflow, incorrect permissions
Read more
DSA-315 gnocatan
buffer overflows, denial of service
Read more
DSA-314 atftp
buffer overflow
Read more
DSA-313 ethereal
buffer overflows, integer overflows
Read more
Red Hat has released the following security updates for Red Hat Linux:
Updated hanterm packages provide security fixes
Updated hanterm pack ages provide security fixes Hangul Terminal is a terminal emulator for the X Window System, based on Xterm.
Hangul Terminal provides an escape sequence for reporting the current window title, which essentially takes the current title and places it directly on the command line.
Read more
Updated KDE packages fix security issue
Updated KDE packages fix security issue
KDE is a graphical desktop environment for the X Window System.
KDE versions 2.2.2 and earlier have a vulnerability in their SSL implementation that makes it possible for users of Konqueror and other SSL enabled KDE software to fall victim to a man-in-the-middle attack.
Read more
Updated kon2 packages fix buffer overflow
Updated kon2 packages fix buffer overflow KON is a Kanji emulator for the console. There is a buffer overflow vulnerability in the command line parsing code portion of the kon program up to and including version 0.3.9b.
Read more
Updated hanterm packages provide security fixes
Updated hanterm pack ages provide security fixes Hangul Terminal is a terminal emulator for the X Window System, based on Xterm.
Hangul Terminal provides an escape sequence for reporting the current window title, which essentially takes the current title and places it directly on the command line.
Read more
Updated KDE packages fix security issue
Updated KDE packages fix security issue
KDE is a graphical desktop environment for the X Window System.
KDE versions 2.2.2 and earlier have a vulnerability in their SSL implementation that makes it possible for users of Konqueror and other SSL enabled KDE software to fall victim to a man-in-the-middle attack.
Read more
Updated kon2 packages fix buffer overflow
Updated kon2 packages fix buffer overflow KON is a Kanji emulator for the console. There is a buffer overflow vulnerability in the command line parsing code portion of the kon program up to and including version 0.3.9b.
Read more
MandrakeSoft has released updated versions of Apache 2 and cups for Mandrake Linux
Apache 2
cups
Apache 2
Two vulnerabilities were discovered in the Apache web server that affect all 2.x versions prior to 2.0.46. The first, discovered by John Hughes, is a build system problem that allows remote attackers to prevent access to authenticated content when a threaded server is used. This only affects versions of Apache compiled with threaded server "httpd.worker", which is not the default for Mandrake Linux.Read more
cups
A Denial of Service (DoS) vulnerability was discovered in the CUPS printing system by Phil D'Amore of Red Hat. The IPP (Internet Printing Protocol) that CUPS uses is single-threaded and can only service one request at a time. A malicious user could create a partial request that does not time out and cause a Denial of Service condition where CUPS will not respond to other printing requests. This can only be done if the malicious user can create a TCP connection to the IPP port (631 by default)Read more
Red Hat has released updated ghostscript packages
MandrakeSoft has released a security update for cups
Red Hat has released an update for Apache 2.0.40 under Red Hat Linux 8.0 and 9
Red Hat has released updated CUPS packages for Red Hat Linux
MandrakeSoft has released the following security updates for Mandrake Linux:
MDKSA-2003:061 - gnupg
MDKSA-2003:060 - LPRng
MDKSA-2003:059 - lpr
MDKSA-2003:058-1 - cdrecord
MDKA-2003:011 - gnome-pilot
Read more
MDKSA-2003:061 - gnupg
MDKSA-2003:060 - LPRng
MDKSA-2003:059 - lpr
MDKSA-2003:058-1 - cdrecord
MDKA-2003:011 - gnome-pilot
Read more
Red Hat has released 3 new security updates for Red Hat Linux
RHBA-2003:143-10: Updated modutils package corrects PLT relocation bug
RHBA-2003:144-07: Updated kernel packages correct TLB flush problem
RHSA-2003:175-06: Updated gnupg packages fix validation bug
RHBA-2003:143-10: Updated modutils package corrects PLT relocation bug
The modutils package contains the software necessary to load and unload kernel modules.Read more
A prior version of modutils had a bug that caused PLT relocations to be resolved incorrectly when loading a module. This bug would result in a crash when a module containing PLT relocations was loaded. This patch corrects the problem.
RHBA-2003:144-07: Updated kernel packages correct TLB flush problem
The Linux kernel handles the basic functions of the operating system.Read more
A flaw has been discovered in the kernel code handling translation lookaside buffer flushing. The flaw made it possible for a multithreaded process (with threads running on more than one processor) to fail to note that the TLB should be flushed for every processor on which the process's
threads had run.
The upgraded kernel packages contained in this erratum corrects the problem.
RHSA-2003:175-06: Updated gnupg packages fix validation bug
When evaluating trust values for different UIDs assigned to a given key, GnuPG versions earlier than 1.2.2 would incorrectly associate the trust value of the UID with the highest trust value with every UID assigned to that key. This would prevent an expected warning message from being generated.Read more
All users are advised to upgrade to these errata packages which include patches from the GnuPG development team that correct this issue for GnuPG versions 1.0.7 and 1.2.1. This update also upgrades Red Hat Linux 7.1, 7.2, and 7.3 users to GnuPG version 1.0.7.
A new security update for Debian GNU/Linux has been released
DSA-306 ircii-pana
buffer overflows, integer overflow
Read more
DSA-306 ircii-pana
buffer overflows, integer overflow
Read more
Red Hat has released updated lv packages for Red Hat Linux
RHSA-2003:169-08: Updated lv packages fix vulnerability
RHSA-2003:169-08: Updated lv packages fix vulnerability
Updated lv packages fix vulnerabilityRead more
Lv is a powerful file viewer similar to less. It can decode and encode multilingual streams through many coding systems, such as ISO-8859, ISO-2022, EUC, SJIS Big5, HZ, and Unicode.
A bug has been found in versions of lv that read a .lv file in the current directory. Local attackers can use this to place an .lv file in any directory to which they have write access. Any user who subsequently runs lv in that directory and uses the v (edit) command can be forced to execute an arbitrary program.
Users are advised to upgrade to these erratum packages, which contain a version of lv that is patched to read the .lv configuration file only in the user's home directory.
MandrakeSoft has released the following security updates:
MDKSA-2003:058 - cdrecord
MDKSA-2003:057 - MySQL
MDKSA-2003:056 - xinetd
MDKA-2003:010 - drakxtools
Download
MDKSA-2003:058 - cdrecord
MDKSA-2003:057 - MySQL
MDKSA-2003:056 - xinetd
MDKA-2003:010 - drakxtools
Download
