Red Hat has released an updated glibc package for Red Hat 6.2/7.x
NewsForge has posted a Q&A session with Jay Beale on Linux security
Red Hat has released updated PostScript and PDF packages
A new Apache update for Debian GNU/Linux has been released
An updated version of log2mail has been released
New security updates for Debian GNU/Linux and Mandrake Linux has been released
Debian GNU/Linux:
- DSA-185 heimdal - buffer overflow
- DSA-186 log2mail - buffer overflow
Mandrake Linux:
- MDKA-2002:015 : printer-drivers
- MDKA-2002:016 - initscripts
- MDKSA-2002:074 - mozilla
Debian GNU/Linux:
- DSA-185 heimdal - buffer overflow
- DSA-186 log2mail - buffer overflow
Mandrake Linux:
- MDKA-2002:015 : printer-drivers
- MDKA-2002:016 - initscripts
- MDKSA-2002:074 - mozilla
Sun has released a CCE security update for the Sun Cobalt RaQ550 server appliance
Baseline has posted a news story on Cyberspace Security
New security updates are available for Debian GNU/Linux, Mandrake Linux, and SuSE Linux
Debian GNU/Linux
- DSA-182 kdegraphics - buffer overflow
- DSA-183 krb5 - buffer overflow
- DSA-184 krb4 - buffer overflow
Mandrake Linux:
- MDKSA-2002:071 - kdegraphics
- MDKSA-2002:072 - mod_ssl
- MDKSA-2002:073 - krb5
SuSE Linux
- lprng, html2ps: local privilege escalation, remote command execution
- syslog-ng: remote command execution
- postgresql: remote privilege escalation
Debian GNU/Linux
- DSA-182 kdegraphics - buffer overflow
- DSA-183 krb5 - buffer overflow
- DSA-184 krb4 - buffer overflow
Mandrake Linux:
- MDKSA-2002:071 - kdegraphics
- MDKSA-2002:072 - mod_ssl
- MDKSA-2002:073 - krb5
SuSE Linux
- lprng, html2ps: local privilege escalation, remote command execution
- syslog-ng: remote command execution
- postgresql: remote privilege escalation
eWeek has posted a news story on Open-Source Adoption
Red Hat has released an updated ypserv package for Red Hat Linux 6.2/7.x
"Updated ypserv packages which fix a memory leak are now available for Red Hat Linux 7.x and 6.2."
Read more
"Updated ypserv packages which fix a memory leak are now available for Red Hat Linux 7.x and 6.2."
Read more
Red Hat Linux:
- New kernel fixes local security issues
Mandrake Linux:
- MDKA-2002:013 - devfsd
- MDKA-2002:014 - drakxtools
- MDKSA-2002:069 - gv/ggv
- MDKSA-2002:070 - tetex
Debian GNU/Linux:
- DSA-180 nis - information leak
- DSA-181 libapache-mod-ssl - cross site scripting
- New kernel fixes local security issues
Mandrake Linux:
- MDKA-2002:013 - devfsd
- MDKA-2002:014 - drakxtools
- MDKSA-2002:069 - gv/ggv
- MDKSA-2002:070 - tetex
Debian GNU/Linux:
- DSA-180 nis - information leak
- DSA-181 libapache-mod-ssl - cross site scripting
Heise Online reports that a message posted on the Security Mailinglist BugTraq about an exploit for Linux kernels "ABFrags" has turned out to be a fake.
Read more
Read more
Red Hat Linux:
- Updated xinetd packages fix denial of service vulnerability
Mandrake Linux:
- MDKSA-2002:068 - apache
- MDKSA-2002:067 - 7.1/CS1.0.1
Debian GNU/Linux:
- DSA-175 syslog-ng - buffer overflow
- DSA-176 gv - buffer overflow
- Updated xinetd packages fix denial of service vulnerability
Mandrake Linux:
- MDKSA-2002:068 - apache
- MDKSA-2002:067 - 7.1/CS1.0.1
Debian GNU/Linux:
- DSA-175 syslog-ng - buffer overflow
- DSA-176 gv - buffer overflow
Sun Microsystems has released a new security update for the Cobalt RaQ 4 series:
IMAP Update 2.0.1
This patch fixes a Remote Buffer Overflow in imapd.
Reboot Required: No
Download
IMAP Update 2.0.1
This patch fixes a Remote Buffer Overflow in imapd.
Reboot Required: No
Download
New security updates are available for Red Hat Linux, Debian GNU/Linux, and SuSE Linux
Red Hat Linux:
- Command execution vulnerability in dvips
- Updated packages fix PostScript and PDF security issue
Debian GNU/Linux:
- DSA-174-1 heartbeat -- buffer overflow
SuSE Linux:
- heartbeat: remote root
- mod_php4: remote privilege escalation
- hylafax: remote privilege escalation
Red Hat Linux:
- Command execution vulnerability in dvips
- Updated packages fix PostScript and PDF security issue
Debian GNU/Linux:
- DSA-174-1 heartbeat -- buffer overflow
SuSE Linux:
- heartbeat: remote root
- mod_php4: remote privilege escalation
- hylafax: remote privilege escalation
Red Hat has released the follow updates for Red Hat Linux 8.0:
- RHSA-2002:204 Updated squirrelmail packages close cross-site scripting vulnerabilities
- RHSA-2002:207 Updated packages fix PostScript and PDF security issue
- RHSA-2002:215 Updated fetchmail packages fix vulnerabilities
- RHSA-2002:204 Updated squirrelmail packages close cross-site scripting vulnerabilities
- RHSA-2002:207 Updated packages fix PostScript and PDF security issue
- RHSA-2002:215 Updated fetchmail packages fix vulnerabilities
Red Hat Linux:
- Updated packages fix PostScript and PDF security issue
- Updated up2date and rhn_register packages available
Mandrake Linux:
- MDKA-2002:012 - drakconf
- MDKSA-2002:065 - unzip
- MDKSA-2002:066 - tar
Debian GNU/Linux:
- DSA-173 bugzilla - privilege escalation
- Updated packages fix PostScript and PDF security issue
- Updated up2date and rhn_register packages available
Mandrake Linux:
- MDKA-2002:012 - drakconf
- MDKSA-2002:065 - unzip
- MDKSA-2002:066 - tar
Debian GNU/Linux:
- DSA-173 bugzilla - privilege escalation
MandrakeSoft has released a security update for Kdelibs under Mandrake Linux 8.1 & 8.2
"A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, java script may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine."
Read more
"A vulnerability was discovered in Konqueror's cross site scripting protection, in that it fails to initialize the domains on sub-(i)frames correctly. Because of this, java script may access any foreign subframe which is defined in the HTML source, which can be used to steal cookies from the client and allow other cross-site scripting attacks. This also affects other KDE software that uses the KHTML rendering engine."
Read more
CNET News reports that some copies of Sendmail are implanted with a back door that could allow access to Internet attackers:
"The source code files of Sendmail 8.12.6 were apparently modified as far back as Sept. 28, according to the advisory. The Sendmail Consortium removed file transfer protocol (FTP) access to the server on Sunday. A safe version of the file can still be downloaded via the Web."
Read more
"The source code files of Sendmail 8.12.6 were apparently modified as far back as Sept. 28, according to the advisory. The Sendmail Consortium removed file transfer protocol (FTP) access to the server on Sunday. A safe version of the file can still be downloaded via the Web."
Read more
