Rapid7, which says it discovered the flaw in the Linux graphics driver, says risk goes back to 2004.
Exploit code released for Nvidia flaw
Exploit code released for Nvidia flaw
MySQL AB this week issued a security patch for multiple vulnerabilities in its MySQL open-source database.
MySQL patches buffer overflow flaws
MySQL patches buffer overflow flaws
Email Battles posted a story on the Firefox 1.5.0.3 patch
Developers urge PostgreSQL users to update their installations immediately to protect themselves.
Open-source database issues 'critical' fix
Open-source database issues 'critical' fix
Open-source AppArmor tool promises to help fend off intruders by putting restrictions on software that's running.
Novell delivers security shield for Linux computers
Novell delivers security shield for Linux computers
Thanks Spunz. A HylaFAX security update has been released:
The HylaFAX development team is pleased to announce our 4.2.4 patch level release! As always, our sincerest thanks go to all who participate and provide feedback.
The source code for the 4.2.4 release can be downloaded from:
ftp://ftp.hylafax.org/source/hylafax-4.2.4.tar.gz
(md5: 1cda04f9faf643095b918956bacf1cf2 1,450,465 bytes)
The README from this release follows. Please read it carefully.
The HylaFAX development team is pleased to announce our 4.2.4 patch level release! As always, our sincerest thanks go to all who participate and provide feedback.
The source code for the 4.2.4 release can be downloaded from:
ftp://ftp.hylafax.org/source/hylafax-4.2.4.tar.gz
(md5: 1cda04f9faf643095b918956bacf1cf2 1,450,465 bytes)
The README from this release follows. Please read it carefully.
Dyad Security on Wednesday posted an advisory about a potentially serious flaw in the open-source scripting language Perl but some security experts say they find the vulnerability unlikely.
Concerns raised over Perl security flaw
Concerns raised over Perl security flaw
"Lupper" takes advantage of vulnerabilities in Web server software to propagate and install a backdoor.
New worm targets Linux systems
New worm targets Linux systems
Cornell researchers discovered that the average domain name is directly served by only two owner-controlled Domain Name Servers, but indirectly dependent on 46 servers. Thus, they say, a domain name can often be stolen by hijacking the two servers of the 46 that are most poorly maintained
DNS' Biggest Threats: You, Me, and Them
DNS' Biggest Threats: You, Me, and Them
A vulnerability in the popular open-source intrusion detection software could let an outsider commandeer an affected system.
Networks at risk from Snort bug
Networks at risk from Snort bug
Email Battles send words that many Linux systems are at risk because of a LDAP security problem
OSNews reports that no Hyper Threading vulnerability is in Linux Kernel
Linux users who patched their systems for a serious security vulnerability in KDE last month will have to patch once again, due to errors in the original patch, according to the KDE project.
Read more
Read more
Servers running PHP are vulnerable to a number of serious security exploits, including some that could allow an attacker to execute malicious code, as well as denial-of-service exploits, according to the PHP Group.
Read more
Read more
New CUPS packages fix arbitrary code execution
--------------------------------------------------------------------------
Package : cupsys
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1125
Debian Bug : 286988
--------------------------------------------------------------------------
Problem:
An iDEFENSE security researcher discovered a buffer overflow in xpdf,the Portable Document Format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, leading to the execution of arbitrary code.
--------------------------------------------------------------------------
Package : cupsys
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1125
Debian Bug : 286988
--------------------------------------------------------------------------
Problem:
An iDEFENSE security researcher discovered a buffer overflow in xpdf,the Portable Document Format (PDF) suite. Similar code is present in the PDF processing part of CUPS. A maliciously crafted PDF file could exploit this problem, leading to the execution of arbitrary code.
New xpdf packages are available for Debian GNU/Linux
_______________________________________________________________________
Package : xpdf
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1125
Debian Bug : 286742 286983
_______________________________________________________________________
Problem:
An iDEFENSE security researcher discovered a buffer overflow in xpdf,the portable document format (PDF) suite. A maliciously crafted PDFfile could exploit this problem, resulting in the execution of arbitrarycode.
_______________________________________________________________________
Package : xpdf
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1125
Debian Bug : 286742 286983
_______________________________________________________________________
Problem:
An iDEFENSE security researcher discovered a buffer overflow in xpdf,the portable document format (PDF) suite. A maliciously crafted PDFfile could exploit this problem, resulting in the execution of arbitrarycode.
New perl packages are available for Debian GNU/Linux
_______________________________________________________________________
Package : perl
Vulnerability : insecure temporary files / directories
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0452 CAN-2004-0976
_______________________________________________________________________
Problem Description:
Several vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems:
_______________________________________________________________________
Package : perl
Vulnerability : insecure temporary files / directories
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0452 CAN-2004-0976
_______________________________________________________________________
Problem Description:
Several vulnerabilities have been discovered in Perl, the popular scripting language. The Common Vulnerabilities and Exposures project identifies the following problems:
A quick note that someone has posted a fake security advisory for Red Hat Linux on the GNOME announcement list:
Users of the increasingly popular, open-source MySQL database may be at risk from remote attacks due to a bug in phpMyAdmin, a widely used Web-based MySQL administration tool.
Read more
Read more
A libpng update has been released for Gentoo Linux
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libpng: Numerous vulnerabilities
Date: August 05, 2004
Bugs: #59424
ID: 200408-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
libpng contains numerous vulnerabilities potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200408-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: libpng: Numerous vulnerabilities
Date: August 05, 2004
Bugs: #59424
ID: 200408-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
libpng contains numerous vulnerabilities potentially allowing an attacker to perform a Denial of Service attack or even execute arbitrary code.
