An updated xinetd package has been released for Red Hat Linux
MandrakeSoft has released a sendmail update for Mandrake Linux
SuSE has released a security update for Pine
A samba security update for Debian GNU/Linux has been released
Red Hat has released new samba packages for Red Hat 7.3/8.0 to fix a potential security vulnerability
MandrakeSoft has released updated kdelibs/kdenetwork packages
kdelibs
Vulnerabilities were discovered in the KIO subsystem support for various network protocols. The implementation of the rlogin protocol affects all KDE versions from 2.1 up to 3.0.4, while the flawed implementation of the telnet protocol only affects KDE 2.x. They allow a carefully crafted URL in an HTML page, HTML email, or other KIO-enabled application to execute arbitrary commands as the victim with their privilege.
Read more
kdenetwork
The SuSE security team discovered two vulnerabilities in the KDE lanbrowsing service during an audit. The LISa network daemon and "reslisa", a restricted version of LISa are used to identify servers on the local network by using the URL type "lan://" and "rlan://" respectively. A buffer overflow was discovered in the lisa daemon that can be exploited by an attacker on the local network to obtain root privilege on a machine running the lisa daemon. Another buffer overflow was found in the lan:// URL handler, which can be exploited by a remote attacker to gain access to the victim user's account.
Read more
kdelibs
Vulnerabilities were discovered in the KIO subsystem support for various network protocols. The implementation of the rlogin protocol affects all KDE versions from 2.1 up to 3.0.4, while the flawed implementation of the telnet protocol only affects KDE 2.x. They allow a carefully crafted URL in an HTML page, HTML email, or other KIO-enabled application to execute arbitrary commands as the victim with their privilege.
Read more
kdenetwork
The SuSE security team discovered two vulnerabilities in the KDE lanbrowsing service during an audit. The LISa network daemon and "reslisa", a restricted version of LISa are used to identify servers on the local network by using the URL type "lan://" and "rlan://" respectively. A buffer overflow was discovered in the lisa daemon that can be exploited by an attacker on the local network to obtain root privilege on a machine running the lisa daemon. Another buffer overflow was found in the lan:// URL handler, which can be exploited by a remote attacker to gain access to the victim user's account.
Read more
SuSE has released a Samba update for SuSE Linux 7.2, 7.3, 8.0, and 8.1
A new security update for Debian GNU/Linux is available
MandrakeSoft has released an updated ypserv package for Mandrake Linux
A new nullmailer package for Debian GNU/Linux has been released
Solarspeed.net has released another unofficial Bind update for the Sun Cobalt RaQ 3/4 server appliances.
Two new security updates are available for Debian GNU/Linux
BIND
ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND). BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet. DNS is a vital Internet protocol that maintains a database of easy-to-remember domain names (host names) and their corresponding numerical IP addresses.
Read more
Courier
A problem in the Courier sqwebmail package, a CGI program to grant authenticated access to local mailboxes, has been discovered. The program did not drop permissions fast enough upon startup under certain circumstances so a local shell user can execute the sqwebmail binary and manage to read an arbitrary file on the local filesystem.
Read more
BIND
ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND). BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet. DNS is a vital Internet protocol that maintains a database of easy-to-remember domain names (host names) and their corresponding numerical IP addresses.
Read more
Courier
A problem in the Courier sqwebmail package, a CGI program to grant authenticated access to local mailboxes, has been discovered. The program did not drop permissions fast enough upon startup under certain circumstances so a local shell user can execute the sqwebmail binary and manage to read an arbitrary file on the local filesystem.
Read more
A new kernel update is available for Red Hat Linux
An apparent delay in the availability of patches for the vulnerabilities in BIND that were disclosed earlier this week is once again highlighting the seemingly endless debate over when and to whom vulnerability data should be released.
Read more
Read more
Solarspeed.net has released an unofficial Bind 8.3.3 package for the Sun Cobalt RaQ 3/4 server appliances
MandrakeSoft has release a BIND update for Mandrake Linux 7.2 and Single Network Firewall 7.2
Linux Today reports that a Trojan has been found in libpcap and tcpdump
SuSE has released a bind8 update for SuSE Linux
A new Apache-Perl package for Debian GNU/Linux has been released
ExtrmeTech has posted a news story on two BIND security vulnerabilities
