Red Hat has released a new Kerberos package for Red Hat Linux
MandrakeSoft has released security updates for nss_ldap and perl-MailTools
nss_ldap
A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the "host" keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow.
A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow.
Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist.
All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules.
Read more
perl-MailTools
A vulnerability was discovered in Mail::Mailer perl module by the SuSE security team during an audit. The vulnerability allows remote attackers to execute arbitrary commands in certain circumstances due to the usage of mailx as the default mailer, a program that allows commands to be embedded in the mail body.
This module is used by some auto-response programs and spam filters which make use of Mail::Mailer.
Read more
nss_ldap
A buffer overflow vulnerability exists in nss_ldap versions prior to 198. When nss_ldap is configured without a value for the "host" keyword, it attempts to configure itself using SRV records stored in DNS. nss_ldap does not check that the data returned by the DNS query will fit into an internal buffer, thus exposing it to an overflow.
A similar issue exists in versions of nss_ldap prior to 199 where nss_ldap does not check that the data returned by the DNS query has not been truncated by the resolver libraries to avoid a buffer overflow. This can make nss_ldap attempt to parse more data than what is actually available, making it vulnerable to a read buffer overflow.
Finally, a format string bug in the logging function of pam_ldap prior to version 144 exist.
All users are recommended to upgrade to these updated packages. Note that the nss_ldap packages for 7.2, 8.0, and Single Network Firewall 7.2 contain the pam_ldap modules.
Read more
perl-MailTools
A vulnerability was discovered in Mail::Mailer perl module by the SuSE security team during an audit. The vulnerability allows remote attackers to execute arbitrary commands in certain circumstances due to the usage of mailx as the default mailer, a program that allows commands to be embedded in the mail body.
This module is used by some auto-response programs and spam filters which make use of Mail::Mailer.
Read more
Two new security updates for Debian GNU/Linux are available:
DSA-188-1 apache-ssl -- several
DSA-188-1 apache-ssl -- several
Red Hat has released an updated glibc package for Red Hat 6.2/7.x
NewsForge has posted a Q&A session with Jay Beale on Linux security
Red Hat has released updated PostScript and PDF packages
A new Apache update for Debian GNU/Linux has been released
An updated version of log2mail has been released
New security updates for Debian GNU/Linux and Mandrake Linux has been released
Debian GNU/Linux:
- DSA-185 heimdal - buffer overflow
- DSA-186 log2mail - buffer overflow
Mandrake Linux:
- MDKA-2002:015 : printer-drivers
- MDKA-2002:016 - initscripts
- MDKSA-2002:074 - mozilla
Debian GNU/Linux:
- DSA-185 heimdal - buffer overflow
- DSA-186 log2mail - buffer overflow
Mandrake Linux:
- MDKA-2002:015 : printer-drivers
- MDKA-2002:016 - initscripts
- MDKSA-2002:074 - mozilla
Sun has released a CCE security update for the Sun Cobalt RaQ550 server appliance
Baseline has posted a news story on Cyberspace Security
New security updates are available for Debian GNU/Linux, Mandrake Linux, and SuSE Linux
Debian GNU/Linux
- DSA-182 kdegraphics - buffer overflow
- DSA-183 krb5 - buffer overflow
- DSA-184 krb4 - buffer overflow
Mandrake Linux:
- MDKSA-2002:071 - kdegraphics
- MDKSA-2002:072 - mod_ssl
- MDKSA-2002:073 - krb5
SuSE Linux
- lprng, html2ps: local privilege escalation, remote command execution
- syslog-ng: remote command execution
- postgresql: remote privilege escalation
Debian GNU/Linux
- DSA-182 kdegraphics - buffer overflow
- DSA-183 krb5 - buffer overflow
- DSA-184 krb4 - buffer overflow
Mandrake Linux:
- MDKSA-2002:071 - kdegraphics
- MDKSA-2002:072 - mod_ssl
- MDKSA-2002:073 - krb5
SuSE Linux
- lprng, html2ps: local privilege escalation, remote command execution
- syslog-ng: remote command execution
- postgresql: remote privilege escalation
eWeek has posted a news story on Open-Source Adoption
Red Hat has released an updated ypserv package for Red Hat Linux 6.2/7.x
"Updated ypserv packages which fix a memory leak are now available for Red Hat Linux 7.x and 6.2."
Read more
"Updated ypserv packages which fix a memory leak are now available for Red Hat Linux 7.x and 6.2."
Read more
Red Hat Linux:
- New kernel fixes local security issues
Mandrake Linux:
- MDKA-2002:013 - devfsd
- MDKA-2002:014 - drakxtools
- MDKSA-2002:069 - gv/ggv
- MDKSA-2002:070 - tetex
Debian GNU/Linux:
- DSA-180 nis - information leak
- DSA-181 libapache-mod-ssl - cross site scripting
- New kernel fixes local security issues
Mandrake Linux:
- MDKA-2002:013 - devfsd
- MDKA-2002:014 - drakxtools
- MDKSA-2002:069 - gv/ggv
- MDKSA-2002:070 - tetex
Debian GNU/Linux:
- DSA-180 nis - information leak
- DSA-181 libapache-mod-ssl - cross site scripting
Heise Online reports that a message posted on the Security Mailinglist BugTraq about an exploit for Linux kernels "ABFrags" has turned out to be a fake.
Read more
Read more
Red Hat Linux:
- Updated xinetd packages fix denial of service vulnerability
Mandrake Linux:
- MDKSA-2002:068 - apache
- MDKSA-2002:067 - 7.1/CS1.0.1
Debian GNU/Linux:
- DSA-175 syslog-ng - buffer overflow
- DSA-176 gv - buffer overflow
- Updated xinetd packages fix denial of service vulnerability
Mandrake Linux:
- MDKSA-2002:068 - apache
- MDKSA-2002:067 - 7.1/CS1.0.1
Debian GNU/Linux:
- DSA-175 syslog-ng - buffer overflow
- DSA-176 gv - buffer overflow
Sun Microsystems has released a new security update for the Cobalt RaQ 4 series:
IMAP Update 2.0.1
This patch fixes a Remote Buffer Overflow in imapd.
Reboot Required: No
Download
IMAP Update 2.0.1
This patch fixes a Remote Buffer Overflow in imapd.
Reboot Required: No
Download
New security updates are available for Red Hat Linux, Debian GNU/Linux, and SuSE Linux
Red Hat Linux:
- Command execution vulnerability in dvips
- Updated packages fix PostScript and PDF security issue
Debian GNU/Linux:
- DSA-174-1 heartbeat -- buffer overflow
SuSE Linux:
- heartbeat: remote root
- mod_php4: remote privilege escalation
- hylafax: remote privilege escalation
Red Hat Linux:
- Command execution vulnerability in dvips
- Updated packages fix PostScript and PDF security issue
Debian GNU/Linux:
- DSA-174-1 heartbeat -- buffer overflow
SuSE Linux:
- heartbeat: remote root
- mod_php4: remote privilege escalation
- hylafax: remote privilege escalation
Red Hat has released the follow updates for Red Hat Linux 8.0:
- RHSA-2002:204 Updated squirrelmail packages close cross-site scripting vulnerabilities
- RHSA-2002:207 Updated packages fix PostScript and PDF security issue
- RHSA-2002:215 Updated fetchmail packages fix vulnerabilities
- RHSA-2002:204 Updated squirrelmail packages close cross-site scripting vulnerabilities
- RHSA-2002:207 Updated packages fix PostScript and PDF security issue
- RHSA-2002:215 Updated fetchmail packages fix vulnerabilities
