Red Hat has released updated sendmail packages for Red Hat Linux 6.2 - 8.0, which fix a security issue in Sendmail
A security for bugzilla under Debian GNU/Linux has been released
A new security update for Debian GNU/Linux has been released:
DSA-217-1 typespeed -- buffer overflow
A problem has been discovered in the typespeed, a game that lets you measure your typematic speed. By overflowing a buffer a local attacker could execute arbitrary commands under the group id games.
For the current stable distribution (woody) this problem has been fixed in version 0.4.1-2.1.
For the old stable distribution (potato) this problem has been fixed in version 0.4.0-5.1.
For the unstable distribution (sid) this problem has been fixed in version 0.4.2-2.
We recommend that you upgrade your typespeed package.
Download
DSA-217-1 typespeed -- buffer overflow
A problem has been discovered in the typespeed, a game that lets you measure your typematic speed. By overflowing a buffer a local attacker could execute arbitrary commands under the group id games.
For the current stable distribution (woody) this problem has been fixed in version 0.4.1-2.1.
For the old stable distribution (potato) this problem has been fixed in version 0.4.0-5.1.
For the unstable distribution (sid) this problem has been fixed in version 0.4.2-2.
We recommend that you upgrade your typespeed package.
Download
Fetchmail/cyrus-imapd updates for Debian GNU/Linux has been released
Fetchmail
cyrus-imapd
Fetchmail
Stefan Esser of e-matters discovered a buffer overflow in fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When fetchmail retrieves a mail all headers that contain addresses are searched for local addresses. If a hostname is missing, fetchmail appends it but doesn't reserve enough space for it. This heap overflow can be used by remote attackers to crash it or to execute arbitrary code with the privileges of the user running fetchmail.Read more
cyrus-imapd
Timo Sirainen discovered a buffer overflow in the Cyrus IMAP server, which could be exploited by a remote attacker prior to logging in. A malicious user could craft a request to run commands on the server under the UID and GID of the cyrus server.Read more
A new security update for Debian GNU/Linux is available:
DSA-214-1 kdnetwork -- buffer overflows
Olaf Kirch from SuSE Linux AG discovered another vulnerability in the klisa package, that provides a LAN information service similar to "Network Neighbourhood". The lisa daemon contains a buffer overflow vulnerability which potentially enables any local user, as well as any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In addition, a remote attacker potentially may be able to gain access to a victim's account by using an "rlan://" URL in an HTML page or via another KDE application.
This problem has been fixed in version 2.2.2-14.5 for the current stable distribution (woody) and in version 2.2.2-14.20 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it doesn't contain a kdenetwork package.
Download
DSA-214-1 kdnetwork -- buffer overflows
Olaf Kirch from SuSE Linux AG discovered another vulnerability in the klisa package, that provides a LAN information service similar to "Network Neighbourhood". The lisa daemon contains a buffer overflow vulnerability which potentially enables any local user, as well as any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In addition, a remote attacker potentially may be able to gain access to a victim's account by using an "rlan://" URL in an HTML page or via another KDE application.
This problem has been fixed in version 2.2.2-14.5 for the current stable distribution (woody) and in version 2.2.2-14.20 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it doesn't contain a kdenetwork package.
Download
Red Hat has released an updated Net-SNMP package for Red Hat Linux 8.0
Ensim has released a security update for Ensim WEBpplance 3.1.1
MandrakeSoft has released two security updates for Mandrake Linux:
Apache
MySQL
Apache
A number of vulnerabilities were discovered in Apache versions prior to 1.3.27. The first is regarding the use of shared memory (SHM) in Apache. An attacker that is able to execute code as the UID of the webserver (typically "apache") is able to send arbitrary processes a USR1 signal as root. Using this vulnerability, the attacker can also cause the Apache process to continously span more children processes, thus causing a local DoS. Another vulnerability was discovered by Matthew Murphy regarding a cross site scripting vulnerability in the standard 404 error page. Finally, some buffer overflows were found in the "ab" benchmark program that is included with Apache.Read more
All of these vulnerabilities were fixed in Apache 1.3.27; the packages provided have these fixes applied.
MySQL
Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write 'Read more
A libpng security update for Debian GNU/Linux has been released
A MySQL security update is available for Debian GNU/Linux
Red Hat has released updated Fetchmail packages for Red Hat Linux 6.2 - 8.0
SECURITY HOLES DISCOVERED in the MySQL open source database and client software could allow an attacker to launch a denial of service attack against machines running affected MySQL components or gain administrative access to the database server, according to an alert posted by German security company e-matters GmbH.
Read more
Read more
Debian.org has released 4 new security updates for Debian GNU/Linux
DSA-211 micq - denial of service
DSA-210 lynx - CRLF injection
DSA-209 wget - directory traversal
DSA-208 perl - broken safe compartment
DSA-211 micq - denial of service
DSA-210 lynx - CRLF injection
DSA-209 wget - directory traversal
DSA-208 perl - broken safe compartment
SuSE has released an OpenLDAP2 update for SuSE Linux
MandrakeSoft has released a wget package security update for Mandrake Linux
A new security update for Debian GNU/Linux has been released
[DSA 207-1] New tetex-lib packages fix arbitrary command execution
[DSA 207-1] New tetex-lib packages fix arbitrary command execution
The SuSE security team discovered a vulnerability in kpathsea library (libkpathsea) which is used by xdvi and dvips. Both programs call the system() function insecurely, which allows a remote attacker to execute arbitrary commands via cleverly crafted DVI files.Read more
New gtetrinet and tcpdump packages has been released for Debian GNU/Linux
DSA-206-1 tcpdump -- denial of service
DSA-205-1 gtetrinet -- buffer overflow
DSA-206-1 tcpdump -- denial of service
The BGP decoding routines for tcpdump used incorrect bounds checking when copying data. This could be abused by introducing malicious traffic on a sniffed network for a denial of service attack against tcpdump, or possibly even remote code execution.Read more
This has been fixed in version 3.6.2-2.2.
DSA-205-1 gtetrinet -- buffer overflow
Steve Kemp and James Antill found several buffer overflows in the gtetrinet (a multiplayer tetris-like game) package as shipped in Debian GNU/Linux 3.0, which could be abused by a malicious server.Read more
This has been fixed in upstream version 0.4.4 and release 0.4.1-9woody1.1 of the Debian package.
MandrakeSoft has released an updated python packages for Mandrake Linux 9.0
Red Hat has released the follow new security updates:
Updated Canna packages fix vulnerabilities
Updated Webalizer packages fix vulnerability
Updated wget packages fix directory traversal bug
Updated Canna packages fix vulnerabilities
The Canna server, used for Japanese character input, has two security vulnerabilities including an exploitable buffer overrun allowing a local user to gain 'bin' user privileges. Updated packages for Red Hat Linux are available.Read more
Updated Webalizer packages fix vulnerability
Updated Webalizer packages which fix an obscure buffer overflow bug in the DNS resolver code are available for Red Hat Linux 7.2.Read more
Updated wget packages fix directory traversal bug
The wget packages shipped with Red Hat Linux 6.2 through 8.0 contain a security bug which, under certain circumstances, can cause local files to be written outside the download directory.Read more
The KDE team has discovered a vulnerability in the support for various network protocols via the KIO. The implementation of the rlogin and telnet protocols allows a carefully crafted URL in an HTML page, HTML email or other KIO-enabled application to execute arbitrary commands on the system using the victim's account on the vulnerable machine.
This problem has been fixed by disabling rlogin and telnet in version 2.2.2-13.woody.5 for the current stable distribution (woody). The old stable distribution (potato) is not affected since it doesn't contain KDE. A correction for the package in the unstable distribution (sid) is not yet available.
Read more
This problem has been fixed by disabling rlogin and telnet in version 2.2.2-13.woody.5 for the current stable distribution (woody). The old stable distribution (potato) is not affected since it doesn't contain KDE. A correction for the package in the unstable distribution (sid) is not yet available.
Read more
