Linux Compatible - Security (Page 2)

New wordtrans packages for Red Hat 7.3

Security 10944 Published 2002-09-09 13:28 by Philipp Esselbach 0

New wordtrans packages for Red Hat Linux 7.3 has been released:

Updated wordtrans packages are now available for Red Hat Linux 7.3 which fix remote vulnerabilities in wordtrans-web.

The wordtrans-web package provides an interface to query multilingual dictionaries via a web browser. Guardent discovered vulnerabilities which affect versions of wordtrans up to and including 1.1pre8.

Read more

Ethereal Update for Debian

Security 10944 Published 2002-09-08 06:01 by Philipp Esselbach 0

An Ethereal update for Debian GNU/Linux has been released:

"Ethereal developers discovered a buffer overflow in the ISIS protocol dissector. It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.

This problem has been fixed in version 0.9.4-1woody2 for the current stable distribution (woody), in version 0.8.0-4potato.1 for the old stable distribution (potato) and in version 0.9.6-1 for the unstable distribution (sid)."

Read more

New Security Updates for Mandrake

Security 10944 Published 2002-09-06 08:58 by Philipp Esselbach 0

3 new security updates are available for Mandrake Linux:

- MDKSA-2002:056 : linuxconf
- MDKA-2002:011-1 : cdrecord
- MDKSA-2002:054 : gaim

New Mantis Package for Debian

Security 10944 Published 2002-09-05 05:12 by Philipp Esselbach 0

A new updated Mantis package for Debian GNU/Linux has been released:

"A problem with user privileges has been discovered in the Mantis package, a PHP based bug tracking system. The Mantis system didn't check whether a user is permitted to view a bug, but displays it right away if the user entered a valid bug id."

Read more

New Security Updates for Debian & SuSE

Security 10944 Published 2002-09-04 03:54 by Philipp Esselbach 0

New security updates for Debian GNU/Linux and SuSE Linux are available

Debian GNU/Linux:
DSA-160-1 scrollkeeper -- insecure temporary file creation

Spybreak discovered a problem in scrollkeeper, a free electronic cataloging system for documentation. The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user.

Read more

SuSE Linux:
glibc: local/remote privilege escalation

An integer overflow has been discovered in the xdr_array() function, contained in the Sun Microsystems RPC/XDR library, which is part of the glibc library package on all SuSE products. This overflow allows a remote attacker to overflow a buffer, leading to remote execution of arbitrary code supplied by the attacker.

Read more

PXE Server Update for Red Hat

Security 10944 Published 2002-09-01 04:59 by Philipp Esselbach 0

Red Hat has released a new security update for Red Hat Linux:

"Updated PXE packages are now available for Red Hat Linux which fix a vulnerability that can crash the PXE server using certain DHCP packets.

The PXE package contains the PXE (Preboot eXecution Environment) server and code needed for Linux to boot from a boot disk image on a
Linux PXE server.

It was found that the PXE server could be crashed using DHCP packets from some Voice Over IP (VOIP) phones. This bug could be used to cause a denial of service attack on remote systems by using malicious packets."

Read more

Security Patches for Mandrake & Red Hat

Security 10944 Published 2002-08-30 04:51 by Philipp Esselbach 0

MandrakeSoft S.A. and Red Hat Inc. has released new security patches for their distros.

Mandrake Linux:
- MDKSA-2002:011 - cdrecord
- MDKSA-2002:054 - gaim
- MDKSA-2002:055 - hylafax

Red Hat Linux:
- Updated ethereal packages are available

Python Security Update for Debian

Security 10944 Published 2002-08-29 04:33 by Philipp Esselbach 0

A new updated Python packages has been released for Debian GNU/Linux:

"Zack Weinberg discovered an insecure use of a temporary file in os._execvpe from os.py. It uses a predictable name which could lead execution of arbitrary code.

This problem has been fixed in several versions of Python: For the current stable distribution (woody) it has been fixed in version 1.5.2-23.1 of Python 1.5, in version 2.1.3-3.1 of Python 2.1 and in version 2.2.1-4.1 of Python 2.2. For the old stable distribution (potato) this has been fixed in version 1.5.2-10potato12 for Python 1.5. For the unstable distribution (sid) this has been fixed in version 1.5.2-24 of Python 1.5, in version 2.1.3-6a of Python 2.1 and in version 2.2.1-8 of Python 2.2. Python 2.3 is not affected by this problem."

Read more

Updates for Sun Cobalt RaQ

Security 10944 Published 2002-08-29 04:27 by Philipp Esselbach 0

Sun has released new patches for the Sun Cobalt RaQ server appliances:

Cobalt RaQ 2:
- CGIWrap Update 4.0.1

Cobalt RaQ 3:
- CGIWrap Update 4.0.1

Cobalt RaQ 4:
- CGIWrap Update 2.0.1

Cobalt RaQ 550:
- Security Bundle 0.0.1
- Security Update 0.0.1

Cobalt RaQ XTR:
- UI Error Reporting Update 1.0.1
- CGIWrap Update 1.0.1
- Disk Quota Update 1.0.1

New Security Update for Debian & Mandrake

Security 10944 Published 2002-08-28 07:49 by Philipp Esselbach 0

New security updates for Debian GNU/Linux and Mandrake Linux are available.

Debian GNU/Linux:
- DSA-158-1 gaim -- arbitrary program execution

Mandrake Linux:
- MDKSA-2002:053 : xinetd

Updated mailman packages for Red Hat 7.2/7.3

Security 10944 Published 2002-08-26 09:08 by Philipp Esselbach 0

Red Hat has released new mailman packages for Red Hat Linux 7.2/7.3 to close a cross-site scripting vulnerability.

Read more

Secruity Updates for Debian & RH Powertools

Security 10944 Published 2002-08-24 04:15 by Philipp Esselbach 0

New security patches are available for Debian GNU/Linux and Red Hat Linux Powertools.

Debian GNU/Linux:
- DSA-157-1 irssi-text -- denial of service

Red Hat Linux Powertools:
- Updated bugzilla packages fix security issues
- Updated mailman packages close cross-site scripting vulnerability

Security Updates for Debian & Red Hat

Security 10944 Published 2002-08-22 14:36 by Philipp Esselbach 0

New security updates for Debian GNU/Linux and Red Hat Linux are available.

Debian GNU/Linux:
DSA-155-1 kdelibs -- privacy escalation with Konqueror
"Due to a security engineering oversight, the SSL library from KDE, which Konqueror uses, doesn't check whether an intermediate certificate for a connection is signed by the certificate authority as safe for the purpose, but accepts it when it is signed. This makes it possible for anyone with a valid VeriSign SSL site certificate to forge any other VeriSign SSL site certificate, and abuse Konqueror users."

Read more

Red Hat Linux:
New kernel update available, fixes i810 video oops, several security issues
"Updated kernel packages are now available which fix an oops in the i810 3D kernel code. This kernel update also fixes a difficult to trigger race in the dcache (filesystem cache) code, as well as some potential security holes, although we are not currently aware of any exploits."

Read more

New Security Updates for Red Hat & Debian

Security 10944 Published 2002-08-21 06:54 by Philipp Esselbach 0

The follow new security updates are available:

Red Hat Linux
- New PHP packages fix vulnerability in safemode
- Updated krb5 packages fix remote buffer overflow

Debian GNU/Linux
- http://www.debian.org/security/2002/dsa-154

Updated krb5 package for Red Hat Linux

Security 10944 Published 2002-08-15 17:52 by Philipp Esselbach 0

Red Hat has released an updated krb5 package which fix a remote buffer overflow:

"The Kerberos 5 network authentication system contains an RPC library which includes an XDR decoder derived from Sun's RPC implementation. The Sun implementation was recently demonstrated to be vulnerable to a heap overflow. It is believed that the attacker needs to be able to authenticate to the kadmin daemon for this attack to be successful. No exploits are known to currently exist."

Download

New Security Updates for Mandrake & Debian

Security 10944 Published 2002-08-15 02:00 by Philipp Esselbach 0

New security patches are available for Mandrake Linux and Debian GNU/Linux.

Mandrake Linux:
- MDKSA-2002:038-1 - bind
- MDKSA-2002:049 - libpng
- MDKSA-2002:050 - glibc
- MDKSA-2002:051 - xchat
- MDKSA-2002:052 - sharutils

Debian GNU/Linux:
- DSA-150 interchange - illegal file exposition
- DSA-151 xinetd - pipe exposure
- DSA-152 l2tpd - missing random seed
- DSA-153 mantis - cross site code execution

glibc Security Update for Debian

Security 10944 Published 2002-08-13 10:37 by Philipp Esselbach 0

A glibc update for Debian GNU/Linux has been released:

"An integer overflow bug has been discovered in the RPC library used by GNU libc, which is derived from the SunRPC library. This bug could be exploited to gain unauthorized root access to software linking to this code. The packages below also fix integer overflows in the malloc code. They also contain a fix from Andreas Schwab to reduce linebuflen in parallel to bumping up the buffer pointer in the NSS DNS code.

This problem has been fixed in version 2.1.3-23 for the old stable distribution (potato), in version 2.2.5-11.1 for the current stable distribution (woody) and in version 2.2.5-13 for the unstable distribution (sid).

We recommend that you upgrade your libc6 packages immediately."

Read more

Security Updates for Red Hat & SuSE

Security 10944 Published 2002-08-13 01:39 by Philipp Esselbach 0

New security updates are available for Red Hat Linux and SuSE Linux.

Red Hat Linux:
- Updated glibc packages fix vulnerabilities in RPC XDR decoder
- Updated Tcl/Tk packages fix local vulnerability

SuSE Linux:
- i4l: local privilege escalation

Hylafax Security Fix for Debian

Security 10944 Published 2002-08-12 09:58 by Philipp Esselbach 0

Buffer overflows and format string vulnerabilities has been found in Hylafax

Read more

Updated bind packages for Red Hat

Security 10944 Published 2002-08-11 02:57 by Philipp Esselbach 0

Red Hat Inc. has released a security update for the bind packages in Red Hat Linux:

ISC BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and various tools.

A buffer overflow vulnerability exists in multiple implementations of DNS resolver libraries. Applications that utilize vulnerable DNS resolver
libraries may be affected. A remote attacker who is able to send malicious DNS responses could potentially exploit this vulnerability to execute arbitrary code or cause a denial of service on a vulnerable system.

Read more