Red Hat has released updated Ethereal packages for Red Hat Linux
Red Hat has released updated fileutils/coreutils packages
Red Hat has released updated MySQL packages for Red Hat Linux
Red Hat has released updated OpenSSL packages for Red Hat Linux
Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix problems with ASN.1 parsing which could lead to a denial of service. It is not known whether the problems could lead to the running of malicious code on the server, but it has not been ruled out.
Read more
Read more
Two new security updates are out for Mandrake Linux
MandrakeSoft Security Advisory MDKSA-2003:096 : apache2
MandrakeSoft Security Advisory MDKSA-2003:095 : proftpd
MandrakeSoft Security Advisory MDKSA-2003:096 : apache2
A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in mod_cgi.Read more
On systems that use scripts that output more than 4k to STDERR, this could cause httpd processes to hang and once the maximum connection limit is reached, Apache will no longer respond to requests.
The updated packages provided use the latest mod_cgi.c from the Apache 2.1 CVS version.
Users may have to restart apache by hand after the upgrade by issuing a "service httpd restart".
MandrakeSoft Security Advisory MDKSA-2003:095 : proftpd
A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell.Read more
The ProFTPD team encourages all users to upgrade to version 1.2.7 or higher. The problematic code first appeared in ProFTPD 1.2.7rc1, and the provided packages are all patched by the ProFTPD team to protect against this vulnerability.
The open-source project for secure communications technology, known as OpenSSH, plugs a second security hole that affects only users who have turned off a critical security feature.
Read more
Read more
Updated Perl packages for Red Hat Linux has been released
Package : ssh
Vulnerability : buffer handling
Problem type : possible remote
Debian-specific: no
CVE references : CAN-2003-0693 CAN-2003-0695 CAN-2003-0682
This advisory is an addition to the earlier DSA-382-1 and DSA-382-3 advisories: Solar Designer found four more bugs in OpenSSH that may be exploitable.
For the Debian stable distribution these bugs have been fixed in version 1:3.4p1-1.woody.3 .
Read more
Package : ssh-krb5
Vulnerability : buffer handling
Problem type : possible remote
Debian-specific: no
CVE references : CAN-2003-0693 CAN-2003-0695 CAN-2003-0682
This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer found four more bugs in OpenSSH that may be exploitable.
For the Debian stable distribution these bugs have been fixed in version 1:3.4p1-0woody4 .
Read more
Vulnerability : buffer handling
Problem type : possible remote
Debian-specific: no
CVE references : CAN-2003-0693 CAN-2003-0695 CAN-2003-0682
This advisory is an addition to the earlier DSA-382-1 and DSA-382-3 advisories: Solar Designer found four more bugs in OpenSSH that may be exploitable.
For the Debian stable distribution these bugs have been fixed in version 1:3.4p1-1.woody.3 .
Read more
Package : ssh-krb5
Vulnerability : buffer handling
Problem type : possible remote
Debian-specific: no
CVE references : CAN-2003-0693 CAN-2003-0695 CAN-2003-0682
This advisory is an addition to the earlier DSA-383-1 advisory: Solar Designer found four more bugs in OpenSSH that may be exploitable.
For the Debian stable distribution these bugs have been fixed in version 1:3.4p1-0woody4 .
Read more
