Updated zebra packages that close a locally-exploitable and a remotely-exploitable denial of service vulnerability are now available.
Read more
Read more
Ensim Security Release
Title: Updated glibc packages provide security and bug fixes
Date: November 20, 2003
References: http://rhn.redhat.com/errata/RHSA-2003-325.html
Affected Products: WEBppliance Pro and Basic for Linux 3.5.20 (LS and LH)
-------------------------------------------------------------------------------
Ensim has released a number of RPMs to address some serious security issues and bug fixes with the glibc packages. Further details of the Security Vulerabilities are available at: http://rhn.redhat.com/errata/RHSA-2003-325.html
To address the above-mentioned security concerns, you can immediately download and install the security fix from the Ensim Errata Section at: http://www.ensim.com/support/errata.html
Regular maintenance releases for WEBppliance Pro and Basic for Linux are available at:
http://www.ensim.com/support/wpls/index.html
http://www.ensim.com/support/wpls_basic/index.html
Title: Updated glibc packages provide security and bug fixes
Date: November 20, 2003
References: http://rhn.redhat.com/errata/RHSA-2003-325.html
Affected Products: WEBppliance Pro and Basic for Linux 3.5.20 (LS and LH)
-------------------------------------------------------------------------------
Ensim has released a number of RPMs to address some serious security issues and bug fixes with the glibc packages. Further details of the Security Vulerabilities are available at: http://rhn.redhat.com/errata/RHSA-2003-325.html
To address the above-mentioned security concerns, you can immediately download and install the security fix from the Ensim Errata Section at: http://www.ensim.com/support/errata.html
Regular maintenance releases for WEBppliance Pro and Basic for Linux are available at:
http://www.ensim.com/support/wpls/index.html
http://www.ensim.com/support/wpls_basic/index.html
Updated XFree86 packages for Red Hat Linux 9 provide security fixes to font libraries and XDM.
Updated EPIC packages which fix an exploitable buffer overflow vulnerabilityare now available.
Red Hat has released updated Ethereal packages for Red Hat Linux
Red Hat has released updated fileutils/coreutils packages
Red Hat has released updated MySQL packages for Red Hat Linux
Red Hat has released updated OpenSSL packages for Red Hat Linux
Upgraded OpenSSL packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix problems with ASN.1 parsing which could lead to a denial of service. It is not known whether the problems could lead to the running of malicious code on the server, but it has not been ruled out.
Read more
Read more
Two new security updates are out for Mandrake Linux
MandrakeSoft Security Advisory MDKSA-2003:096 : apache2
MandrakeSoft Security Advisory MDKSA-2003:095 : proftpd
MandrakeSoft Security Advisory MDKSA-2003:096 : apache2
A problem was discovered in Apache2 where CGI scripts that output more than 4k of output to STDERR will hang the script's execution which can cause a Denial of Service on the httpd process because it is waiting for more input from the CGI that is not forthcoming due to the locked write() call in mod_cgi.Read more
On systems that use scripts that output more than 4k to STDERR, this could cause httpd processes to hang and once the maximum connection limit is reached, Apache will no longer respond to requests.
The updated packages provided use the latest mod_cgi.c from the Apache 2.1 CVS version.
Users may have to restart apache by hand after the upgrade by issuing a "service httpd restart".
MandrakeSoft Security Advisory MDKSA-2003:095 : proftpd
A vulnerability was discovered by X-Force Research at ISS in ProFTPD's handling of ASCII translation. An attacker, by downloading a carefully crafted file, can remotely exploit this bug to create a root shell.Read more
The ProFTPD team encourages all users to upgrade to version 1.2.7 or higher. The problematic code first appeared in ProFTPD 1.2.7rc1, and the provided packages are all patched by the ProFTPD team to protect against this vulnerability.
