Linux Compatible - Security (Page 3)

Updated ypserv packages fixes memory leak

Security 10929 Published 2002-10-26 17:22 by Philipp Esselbach 0

Red Hat has released an updated ypserv package for Red Hat Linux 6.2/7.x

"Updated ypserv packages which fix a memory leak are now available for Red Hat Linux 7.x and 6.2."

Read more

New Security Updates for Red Hat/Mandrake/Debian

Security 10929 Published 2002-10-24 10:16 by Philipp Esselbach 0

Red Hat Linux:
- New kernel fixes local security issues

Mandrake Linux:
- MDKA-2002:013 - devfsd
- MDKA-2002:014 - drakxtools
- MDKSA-2002:069 - gv/ggv
- MDKSA-2002:070 - tetex

Debian GNU/Linux:
- DSA-180 nis - information leak
- DSA-181 libapache-mod-ssl - cross site scripting

Alleged Linux Exploit "ABFrags" Is A Fake

Security 10929 Published 2002-10-19 19:10 by Philipp Esselbach 0

Heise Online reports that a message posted on the Security Mailinglist BugTraq about an exploit for Linux kernels "ABFrags" has turned out to be a fake.

Read more

New Security Updates Available

Security 10929 Published 2002-10-16 23:32 by Philipp Esselbach 0

Red Hat Linux:
- Updated xinetd packages fix denial of service vulnerability

Mandrake Linux:
- MDKSA-2002:068 - apache
- MDKSA-2002:067 - 7.1/CS1.0.1

Debian GNU/Linux:
- DSA-175 syslog-ng - buffer overflow
- DSA-176 gv - buffer overflow

IMAP Update for Sun Cobalt RaQ 4

Security 10929 Published 2002-10-16 09:35 by Philipp Esselbach 0

Sun Microsystems has released a new security update for the Cobalt RaQ 4 series:

IMAP Update 2.0.1
This patch fixes a Remote Buffer Overflow in imapd.

Reboot Required: No

Download

Security Updates for Red Hat/Debian/SuSE

Security 10929 Published 2002-10-15 09:53 by Philipp Esselbach 0

New security updates are available for Red Hat Linux, Debian GNU/Linux, and SuSE Linux

Red Hat Linux:
- Command execution vulnerability in dvips
- Updated packages fix PostScript and PDF security issue

Debian GNU/Linux:
- DSA-174-1 heartbeat -- buffer overflow

SuSE Linux:
- heartbeat: remote root
- mod_php4: remote privilege escalation
- hylafax: remote privilege escalation

Updates for Red Hat Linux 8.0

Security 10929 Published 2002-10-11 23:22 by Philipp Esselbach 0

Red Hat has released the follow updates for Red Hat Linux 8.0:

- RHSA-2002:204 Updated squirrelmail packages close cross-site scripting vulnerabilities
- RHSA-2002:207 Updated packages fix PostScript and PDF security issue
- RHSA-2002:215 Updated fetchmail packages fix vulnerabilities

New Updates for Red Hat, Mandrake, Debian

Security 10929 Published 2002-10-11 23:21 by Philipp Esselbach 0

Red Hat Linux:
- Updated packages fix PostScript and PDF security issue
- Updated up2date and rhn_register packages available

Mandrake Linux:
- MDKA-2002:012 - drakconf
- MDKSA-2002:065 - unzip
- MDKSA-2002:066 - tar

Debian GNU/Linux:
- DSA-173 bugzilla - privilege escalation

Kdelibs Update for Mandrake 8.x

Security 10929 Published 2002-10-09 23:16 by Philipp Esselbach 0

MandrakeSoft has released a security update for Kdelibs under Mandrake Linux 8.1 & 8.2

"A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, java script may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine."

Read more

Group warns of hacked Sendmail programs

Security 10929 Published 2002-10-09 11:28 by Philipp Esselbach 0

CNET News reports that some copies of Sendmail are implanted with a back door that could allow access to Internet attackers:

"The source code files of Sendmail 8.12.6 were apparently modified as far back as Sept. 28, according to the advisory. The Sendmail Consortium removed file transfer protocol (FTP) access to the server on Sunday. A safe version of the file can still be downloaded via the Web."

Read more

New Security Updates for Debian & Red Hat

Security 10929 Published 2002-10-08 23:40 by Philipp Esselbach 0

New security updates are available for Debian GNU/Linux and Red Hat Linux

Debian GNU/Linux:
- DSA-171 fetchmail - buffer overflows
- DSA-172 tkmail - insecure temporary files

Red Hat Linux:
- Updated fetchmail packages fix vulnerabilities

New Security Updates for Debian/Red Hat/SuSE

Security 10929 Published 2002-10-05 12:02 by Philipp Esselbach 0

The follow new security updates are available for Debian GNU/Linux, Red Hat Linux, and SuSE Linux:

Debian GNU/Linux:
- DSA-170-1 tomcat4 -- source code disclosure

Red Hat Linux:
- Updated nss_ldap packages fix buffer overflow
- Updated glibc packages fix vulnerabilities in resolver
- Updated tcpdump packages fix buffer overflow

SuSE Linux:
- heimdal: remote command execution

phpWebSite XSS Vulnerability

Security 10929 Published 2002-10-05 11:51 by Philipp Esselbach 0

A new security patch for phpWebSite has been released:

"A Cross-Site Scripting vulnerability found in phpWebSite that would allow attackers to inject script codes into the page and executing it on the clients browser as if it were provided by the site."

Read more

Virus writers get Slapper happy

Security 10929 Published 2002-10-05 11:00 by Philipp Esselbach 0

CNET News reports that new variants of the Slapper Worm are out:

"The newest variant, dubbed "Mighty," exploits the same Linux Web server flaw that other versions of the Slapper worm have used to slice through the security on vulnerable servers. Russian antivirus company Kaspersky Labs said in a release Friday that more than 1,600 servers had been infected by this latest variant as of Friday morning and are now controlled by the worm via special channels on the Internet relay chat system."

Read more

Apache & SSL Update for Sun Cobalt RaQ

Security 10929 Published 2002-10-03 14:08 by Philipp Esselbach 0

Sun Microsystem has finally released an Apache & SSL Update (Slapper Worm) for Sun Cobalt RaQ3, RaQ4, and RaQ XTR

- Download for Cobalt RaQ3
- Download for Cobalt RaQ4
- Download for Cobalt XTR

New Security Updates for Red Hat & Mandrake

Security 10929 Published 2002-10-03 11:38 by Philipp Esselbach 0

New security updates are available for both Red Hat Linux and Mandrake Linux

Red Hat Linux:
- Updated unzip and tar packages fix vulnerabilities

Mandrake Linux:
- MDKSA-2002:062 - postgresql
- MDKSA-2002:063 - fetchmail

Security Updates for Red Hat/Debian/SuSE

Security 10929 Published 2002-09-26 01:15 by Philipp Esselbach 0

The follow new security updates are available:

Red Hat Powertools
- Updated Zope packages are available

Debian GNU/Linux
- DSA-169-1 htcheck -- cross site scripting

SuSE Linux
- OpenSSL/Slapper worm (SuSE-SA:2002:033)

New Slapper worm variants spread

Security 10929 Published 2002-09-25 10:49 by Philipp Esselbach 0

InfoWorld reports that two new variants of the Slapper worm have appeared

"The latest variants of the original Slapper.A worm use different UDP ports to communicate with other infected servers, and have different names from the original worm. While Slapper.A uses the name "bugtraq" and relies on UDP port 2002, Slapper.B is called "cinik" and uses port 1978 while Slapper.C is named "unlock" and uses port 4156, according to an advisory published by F-Secure."

Read more

New Security Updates for Mandrake

Security 10929 Published 2002-09-24 23:20 by Philipp Esselbach 0

MandrakeSoft has released two security updates:

Security Advisory MDKSA-2002:060 : tcltk
Some problems were discovered with the Tcl/Tk development environment. The expect application would search for its libraries in /var/tmp prior to searching in other directories, which could allow a local user to gain root privilege by writing a trojan library and waiting for the root user to run the mkpasswd utility. This is fixed in version 5.32 of expect. A similiar vulnerability has been fixed in the tcltk package which searched for its libraries in the current working directory prior to searching in other directories. This could be used to execute arbitrary code by local users through the use of a trojan library.

Read more

Security Advisory MDKSA-2002:061 : glibc
A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun's RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability.

Read more

Slapper worm smarting less

Security 10929 Published 2002-09-20 23:32 by Philipp Esselbach 0

CNET News has posted another article about the Slapper Worm

"Known as Linux.Slapper.Worm, Slapper and Apache/mod_ssl, the worm's spread has fallen far short of the biggest attackers in recent times. For example, Code Red infected 400,000 servers last summer. And according to the "National Strategy to Secure Cyberspace," the Nimda virus compromised 86,000 systems last fall.

Perhaps most telling, security experts are already talking about Slapper in the past tense."

Read more

Updated ypserv packages fixes memory leak

New Security Updates for Red Hat/Mandrake/Debian

Alleged Linux Exploit "ABFrags" Is A Fake

New Security Updates Available

IMAP Update for Sun Cobalt RaQ 4

Security Updates for Red Hat/Debian/SuSE

Updates for Red Hat Linux 8.0

New Updates for Red Hat, Mandrake, Debian

Kdelibs Update for Mandrake 8.x

Group warns of hacked Sendmail programs

New Security Updates for Debian & Red Hat

New Security Updates for Debian/Red Hat/SuSE

phpWebSite XSS Vulnerability

Virus writers get Slapper happy

Apache & SSL Update for Sun Cobalt RaQ

New Security Updates for Red Hat & Mandrake

Security Updates for Red Hat/Debian/SuSE

New Slapper worm variants spread

New Security Updates for Mandrake

Slapper worm smarting less

Windows

Linux

macOS

Community