An updated version of log2mail has been released
New security updates for Debian GNU/Linux and Mandrake Linux has been released
Debian GNU/Linux:
- DSA-185 heimdal - buffer overflow
- DSA-186 log2mail - buffer overflow
Mandrake Linux:
- MDKA-2002:015 : printer-drivers
- MDKA-2002:016 - initscripts
- MDKSA-2002:074 - mozilla
Debian GNU/Linux:
- DSA-185 heimdal - buffer overflow
- DSA-186 log2mail - buffer overflow
Mandrake Linux:
- MDKA-2002:015 : printer-drivers
- MDKA-2002:016 - initscripts
- MDKSA-2002:074 - mozilla
Sun has released a CCE security update for the Sun Cobalt RaQ550 server appliance
Baseline has posted a news story on Cyberspace Security
New security updates are available for Debian GNU/Linux, Mandrake Linux, and SuSE Linux
Debian GNU/Linux
- DSA-182 kdegraphics - buffer overflow
- DSA-183 krb5 - buffer overflow
- DSA-184 krb4 - buffer overflow
Mandrake Linux:
- MDKSA-2002:071 - kdegraphics
- MDKSA-2002:072 - mod_ssl
- MDKSA-2002:073 - krb5
SuSE Linux
- lprng, html2ps: local privilege escalation, remote command execution
- syslog-ng: remote command execution
- postgresql: remote privilege escalation
Debian GNU/Linux
- DSA-182 kdegraphics - buffer overflow
- DSA-183 krb5 - buffer overflow
- DSA-184 krb4 - buffer overflow
Mandrake Linux:
- MDKSA-2002:071 - kdegraphics
- MDKSA-2002:072 - mod_ssl
- MDKSA-2002:073 - krb5
SuSE Linux
- lprng, html2ps: local privilege escalation, remote command execution
- syslog-ng: remote command execution
- postgresql: remote privilege escalation
eWeek has posted a news story on Open-Source Adoption
Red Hat has released an updated ypserv package for Red Hat Linux 6.2/7.x
"Updated ypserv packages which fix a memory leak are now available for Red Hat Linux 7.x and 6.2."
Read more
"Updated ypserv packages which fix a memory leak are now available for Red Hat Linux 7.x and 6.2."
Read more
Red Hat Linux:
- New kernel fixes local security issues
Mandrake Linux:
- MDKA-2002:013 - devfsd
- MDKA-2002:014 - drakxtools
- MDKSA-2002:069 - gv/ggv
- MDKSA-2002:070 - tetex
Debian GNU/Linux:
- DSA-180 nis - information leak
- DSA-181 libapache-mod-ssl - cross site scripting
- New kernel fixes local security issues
Mandrake Linux:
- MDKA-2002:013 - devfsd
- MDKA-2002:014 - drakxtools
- MDKSA-2002:069 - gv/ggv
- MDKSA-2002:070 - tetex
Debian GNU/Linux:
- DSA-180 nis - information leak
- DSA-181 libapache-mod-ssl - cross site scripting
Heise Online reports that a message posted on the Security Mailinglist BugTraq about an exploit for Linux kernels "ABFrags" has turned out to be a fake.
Read more
Read more
Red Hat Linux:
- Updated xinetd packages fix denial of service vulnerability
Mandrake Linux:
- MDKSA-2002:068 - apache
- MDKSA-2002:067 - 7.1/CS1.0.1
Debian GNU/Linux:
- DSA-175 syslog-ng - buffer overflow
- DSA-176 gv - buffer overflow
- Updated xinetd packages fix denial of service vulnerability
Mandrake Linux:
- MDKSA-2002:068 - apache
- MDKSA-2002:067 - 7.1/CS1.0.1
Debian GNU/Linux:
- DSA-175 syslog-ng - buffer overflow
- DSA-176 gv - buffer overflow
Sun Microsystems has released a new security update for the Cobalt RaQ 4 series:
IMAP Update 2.0.1
This patch fixes a Remote Buffer Overflow in imapd.
Reboot Required: No
Download
IMAP Update 2.0.1
This patch fixes a Remote Buffer Overflow in imapd.
Reboot Required: No
Download
New security updates are available for Red Hat Linux, Debian GNU/Linux, and SuSE Linux
Red Hat Linux:
- Command execution vulnerability in dvips
- Updated packages fix PostScript and PDF security issue
Debian GNU/Linux:
- DSA-174-1 heartbeat -- buffer overflow
SuSE Linux:
- heartbeat: remote root
- mod_php4: remote privilege escalation
- hylafax: remote privilege escalation
Red Hat Linux:
- Command execution vulnerability in dvips
- Updated packages fix PostScript and PDF security issue
Debian GNU/Linux:
- DSA-174-1 heartbeat -- buffer overflow
SuSE Linux:
- heartbeat: remote root
- mod_php4: remote privilege escalation
- hylafax: remote privilege escalation
Red Hat has released the follow updates for Red Hat Linux 8.0:
- RHSA-2002:204 Updated squirrelmail packages close cross-site scripting vulnerabilities
- RHSA-2002:207 Updated packages fix PostScript and PDF security issue
- RHSA-2002:215 Updated fetchmail packages fix vulnerabilities
- RHSA-2002:204 Updated squirrelmail packages close cross-site scripting vulnerabilities
- RHSA-2002:207 Updated packages fix PostScript and PDF security issue
- RHSA-2002:215 Updated fetchmail packages fix vulnerabilities
Red Hat Linux:
- Updated packages fix PostScript and PDF security issue
- Updated up2date and rhn_register packages available
Mandrake Linux:
- MDKA-2002:012 - drakconf
- MDKSA-2002:065 - unzip
- MDKSA-2002:066 - tar
Debian GNU/Linux:
- DSA-173 bugzilla - privilege escalation
- Updated packages fix PostScript and PDF security issue
- Updated up2date and rhn_register packages available
Mandrake Linux:
- MDKA-2002:012 - drakconf
- MDKSA-2002:065 - unzip
- MDKSA-2002:066 - tar
Debian GNU/Linux:
- DSA-173 bugzilla - privilege escalation
MandrakeSoft has released a security update for Kdelibs under Mandrake Linux 8.1 & 8.2
"A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, java script may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine."
Read more
"A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, java script may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine."
Read more
CNET News reports that some copies of Sendmail are implanted with a back door that could allow access to Internet attackers:
"The source code files of Sendmail 8.12.6 were apparently modified as far back as Sept. 28, according to the advisory. The Sendmail Consortium removed file transfer protocol (FTP) access to the server on Sunday. A safe version of the file can still be downloaded via the Web."
Read more
"The source code files of Sendmail 8.12.6 were apparently modified as far back as Sept. 28, according to the advisory. The Sendmail Consortium removed file transfer protocol (FTP) access to the server on Sunday. A safe version of the file can still be downloaded via the Web."
Read more
New security updates are available for Debian GNU/Linux and Red Hat Linux
Debian GNU/Linux:
- DSA-171 fetchmail - buffer overflows
- DSA-172 tkmail - insecure temporary files
Red Hat Linux:
- Updated fetchmail packages fix vulnerabilities
Debian GNU/Linux:
- DSA-171 fetchmail - buffer overflows
- DSA-172 tkmail - insecure temporary files
Red Hat Linux:
- Updated fetchmail packages fix vulnerabilities
The follow new security updates are available for Debian GNU/Linux, Red Hat Linux, and SuSE Linux:
Debian GNU/Linux:
- DSA-170-1 tomcat4 -- source code disclosure
Red Hat Linux:
- Updated nss_ldap packages fix buffer overflow
- Updated glibc packages fix vulnerabilities in resolver
- Updated tcpdump packages fix buffer overflow
SuSE Linux:
- heimdal: remote command execution
Debian GNU/Linux:
- DSA-170-1 tomcat4 -- source code disclosure
Red Hat Linux:
- Updated nss_ldap packages fix buffer overflow
- Updated glibc packages fix vulnerabilities in resolver
- Updated tcpdump packages fix buffer overflow
SuSE Linux:
- heimdal: remote command execution
A new security patch for phpWebSite has been released:
"A Cross-Site Scripting vulnerability found in phpWebSite that would allow attackers to inject script codes into the page and executing it on the clients browser as if it were provided by the site."
Read more
"A Cross-Site Scripting vulnerability found in phpWebSite that would allow attackers to inject script codes into the page and executing it on the clients browser as if it were provided by the site."
Read more
CNET News reports that new variants of the Slapper Worm are out:
"The newest variant, dubbed "Mighty," exploits the same Linux Web server flaw that other versions of the Slapper worm have used to slice through the security on vulnerable servers. Russian antivirus company Kaspersky Labs said in a release Friday that more than 1,600 servers had been infected by this latest variant as of Friday morning and are now controlled by the worm via special channels on the Internet relay chat system."
Read more
"The newest variant, dubbed "Mighty," exploits the same Linux Web server flaw that other versions of the Slapper worm have used to slice through the security on vulnerable servers. Russian antivirus company Kaspersky Labs said in a release Friday that more than 1,600 servers had been infected by this latest variant as of Friday morning and are now controlled by the worm via special channels on the Internet relay chat system."
Read more
