A new security update for Debian GNU/Linux is available
MandrakeSoft has released an updated ypserv package for Mandrake Linux
A new nullmailer package for Debian GNU/Linux has been released
Solarspeed.net has released another unofficial Bind update for the Sun Cobalt RaQ 3/4 server appliances.
Two new security updates are available for Debian GNU/Linux
BIND
ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND). BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet. DNS is a vital Internet protocol that maintains a database of easy-to-remember domain names (host names) and their corresponding numerical IP addresses.
Read more
Courier
A problem in the Courier sqwebmail package, a CGI program to grant authenticated access to local mailboxes, has been discovered. The program did not drop permissions fast enough upon startup under certain circumstances so a local shell user can execute the sqwebmail binary and manage to read an arbitrary file on the local filesystem.
Read more
BIND
ISS X-Force has discovered several serious vulnerabilities in the Berkeley Internet Name Domain Server (BIND). BIND is the most common implementation of the DNS (Domain Name Service) protocol, which is used on the vast majority of DNS servers on the Internet. DNS is a vital Internet protocol that maintains a database of easy-to-remember domain names (host names) and their corresponding numerical IP addresses.
Read more
Courier
A problem in the Courier sqwebmail package, a CGI program to grant authenticated access to local mailboxes, has been discovered. The program did not drop permissions fast enough upon startup under certain circumstances so a local shell user can execute the sqwebmail binary and manage to read an arbitrary file on the local filesystem.
Read more
A new kernel update is available for Red Hat Linux
An apparent delay in the availability of patches for the vulnerabilities in BIND that were disclosed earlier this week is once again highlighting the seemingly endless debate over when and to whom vulnerability data should be released.
Read more
Read more
Solarspeed.net has released an unofficial Bind 8.3.3 package for the Sun Cobalt RaQ 3/4 server appliances
MandrakeSoft has release a BIND update for Mandrake Linux 7.2 and Single Network Firewall 7.2
Linux Today reports that a Trojan has been found in libpcap and tcpdump
SuSE has released a bind8 update for SuSE Linux
A new Apache-Perl package for Debian GNU/Linux has been released
ExtrmeTech has posted a news story on two BIND security vulnerabilities
SuSE has released the follow secuity updates:
traceroute-nanog/nkitb
kdenetwork: remote command execution
perl-MailTools: remote command execution
traceroute-nanog/nkitb
kdenetwork: remote command execution
perl-MailTools: remote command execution
A updated masqmail package is now available for Debian GNU/Linux
A new kdenetwork security update for Debian GNU/Linux has been released
Red Hat has released new PHP packages for Red Hat Linux 7.x
Sun has released an IMAP Update for the Sun Cobalt RaQ4 server appliance
A new html2ps security update for Debian GNU/Linux is available
Two new security patches are available for Debian GNU/Linux:
Squirrelmail
Several cross site scripting vulnerabilities have been found in squirrelmail, a feature-rich webmail package written in PHP4. These problems have been fixed in version 1.2.6-1.1 the current stable distribution (woody) and in version 1.2.8-1.1 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it doesn't contain a squirrelmail package.
Read more
Window Maker
Al Viro found a problem in the image handling code use in Window Maker, a popular NEXTSTEP like window manager. When creating an image it would allocate a buffer by multiplying the image width and height, but did not check for an overflow. This makes it possible to overflow the buffer. This could be exploited by using specially crafted image files (for example when previewing themes).
This problem has been fixed in version 0.80.0-4.1 for the current stable distribution (woody). Packages for the mipsel architecture are not yet available.
Read more
Squirrelmail
Several cross site scripting vulnerabilities have been found in squirrelmail, a feature-rich webmail package written in PHP4. These problems have been fixed in version 1.2.6-1.1 the current stable distribution (woody) and in version 1.2.8-1.1 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it doesn't contain a squirrelmail package.
Read more
Window Maker
Al Viro found a problem in the image handling code use in Window Maker, a popular NEXTSTEP like window manager. When creating an image it would allocate a buffer by multiplying the image width and height, but did not check for an overflow. This makes it possible to overflow the buffer. This could be exploited by using specially crafted image files (for example when previewing themes).
This problem has been fixed in version 0.80.0-4.1 for the current stable distribution (woody). Packages for the mipsel architecture are not yet available.
Read more
