Linux Compatible - Security (Page 7)

xpdf-i Update for Debian

Security 10929 Published 2003-01-12 15:45 by Philipp Esselbach 0

A new security update for Debian GNU/Linux has been released

DSA-226-1 xpdf-i -- integer overflow

iDEFENSE discovered an integer overflow in the pdftops filter from the xpdf and xpdf-i packages that can be exploited to gain the privileges of the target user. This can lead to gaining unprivileged access to the 'lp' user if the pdftops program is part of the print filter.

For the current stable distribution (woody) xpdf-i is only a dummy package and the problem was fixed in xpdf already.

For the old stable distribution (potato) this problem has been fixed in version 0.90-8.1.

For the unstable distribution (sid) this problem has been fixed in version 2.01-2.

Download

Mandrake Security Updates

Security 10929 Published 2003-01-12 15:44 by Philipp Esselbach 0

MandrakeSoft S.A. has released the follow security updates for Mandrake Linux:

- MDKSA-2003:001 - cups
- MDKSA-2003:002 - xpdf
- MDKSA-2003:003 - dhcpcd

Major NTFS Vulnerability via Knoppix

Security 10929 Published 2003-01-12 11:57 by Philipp Esselbach 0

Saw over PCLinuxOnline:

Updated Ethereal packages for Red Hat

Security 10929 Published 2003-01-10 13:10 by Philipp Esselbach 0

Red Hat has released updated Ethereal packages for Red Hat Linux 7.2 - 8.0

Tomcat4 Update for Debian

Security 10929 Published 2003-01-10 13:08 by Philipp Esselbach 0

An updated Tomcat4 package for Debian GNU/Linux 3.0 is now available

canna Update for Debian

Security 10929 Published 2003-01-09 12:41 by Philipp Esselbach 0

An updated canna package for Debian GNU/Linux has been released

Updated cyrus-sasl packages for Red Hat 8.0

Security 10929 Published 2003-01-08 13:22 by Philipp Esselbach 0

Red Hat has released an updated cyrus-sasl package for Red Hat Linux 8.0

geneweb Update for Debian

Security 10929 Published 2003-01-08 13:18 by Philipp Esselbach 0

A new security update for Debian GNU/Linux has been released

DSA-223-1 geneweb -- information exposure

A security issue has been discovered by Daniel de Rauglaudre, upstream author of geneweb, a genealogical software with web interface. It runs as a daemon on port 2317 by default. Paths are not properly sanitized, so a carefully crafted URL lead geneweb to read and display arbitrary files of the system it runs on.

For the current stable distribution (woody) this problem has been fixed in version 4.06-2.

The old stable distribution (potato) is not affected.

For the unstable distribution (sid) this problem has been fixed in version 4.09-1.

Download

xpdf Update for Debian

Security 10929 Published 2003-01-07 01:18 by Philipp Esselbach 0

A new security update for Debian GNU/Linux has been released

DSA-222-1 xpdf -- integer overflow

iDEFENSE discovered an integer overflow in the pdftops filter from the xpdf package that can be exploited to gain the privileges of the target user. This can lead to gaining privileged access to the 'lp' user if the pdftops program is part of the print filter.

For the current stable distribution (woody) this problem has been fixed in version 1.00-3.1.

For the old stable distribution (potato) this problem has been fixed in version 0.90-8.1.

For the unstable distribution (sid) this problem has been fixed in version 2.01-2.

Updated pine packages available for RH

Security 10929 Published 2003-01-04 17:33 by Philipp Esselbach 0

An updated pine package is now available for Red Hat Linux 6.2 - 8.0

mhonarc Update for Debian

Security 10929 Published 2003-01-04 17:31 by Philipp Esselbach 0

A new security update for Debian GNU/Linux is available

DSA-221-1 mhonarc -- cross site scripting

Earl Hood, author of mhonarc, a mail to HTML converter, discovered a cross site scripting vulnerability in this package. A specially crafted HTML mail message can introduce foreign scripting content in archives, by-passing MHonArc's HTML script filtering.

For the current stable distribution (woody) this problem has been fixed in version 2.5.2-1.3.

For the old stable distribution (potato) this problem has been fixed in version 2.4.4-1.3.

For the unstable distribution (sid) this problem has been fixed in version 2.5.14-1.

SuSE Security Updates

Security 10929 Published 2003-01-02 22:17 by Philipp Esselbach 0

SuSE AG has released 3 security updates for SuSE Linux:

fetchmail: remote compromise
cups: local and remote privilege escalation
mysql: remote command execution

Squirrelmail Update for Debian

Security 10929 Published 2003-01-02 22:13 by Philipp Esselbach 0

A new squirrelmail security update for Debian GNU/Linux has been released

dhcpcd Update for Debian

Security 10929 Published 2003-01-01 09:52 by Philipp Esselbach 0

Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and RFC1541 compliant DHCP client daemon, that runs with root privileges on client machines. A malicious administrator of the regular or an untrusted DHCP server may execute any command with root privileges on the DHCP client machine by sending the command enclosed in shell metacharacters in one of the options provided by the DHCP server.

This problem has been fixed in version 1.3.17pl2-8.1 for the old stable distribution (potato) and in version 1.3.22pl2-2 for the testing (sarge) and unstable (sid) distributions. The current stable distribution (woody) does not contain a dhcpcd package.

Read more

Updated Sendmail Packages for Red Hat

Security 10929 Published 2003-01-01 00:00 by Philipp Esselbach 0

Red Hat has released updated sendmail packages for Red Hat Linux 6.2 - 8.0, which fix a security issue in Sendmail

Bugzilla Security Update for Debian

Security 10929 Published 2002-12-31 10:11 by Philipp Esselbach 0

A security for bugzilla under Debian GNU/Linux has been released

Typespeed Update for Debian

Security 10929 Published 2002-12-27 23:41 by Philipp Esselbach 0

A new security update for Debian GNU/Linux has been released:

DSA-217-1 typespeed -- buffer overflow
A problem has been discovered in the typespeed, a game that lets you measure your typematic speed. By overflowing a buffer a local attacker could execute arbitrary commands under the group id games.

For the current stable distribution (woody) this problem has been fixed in version 0.4.1-2.1.

For the old stable distribution (potato) this problem has been fixed in version 0.4.0-5.1.

For the unstable distribution (sid) this problem has been fixed in version 0.4.2-2.

We recommend that you upgrade your typespeed package.

Download

Fetchmail/cyrus-imapd Updates for Debian

Security 10929 Published 2002-12-26 03:01 by 0

Fetchmail/cyrus-imapd updates for Debian GNU/Linux has been released

Fetchmail

Stefan Esser of e-matters discovered a buffer overflow in fetchmail, an SSL enabled POP3, APOP and IMAP mail gatherer/forwarder. When fetchmail retrieves a mail all headers that contain addresses are searched for local addresses. If a hostname is missing, fetchmail appends it but doesn't reserve enough space for it. This heap overflow can be used by remote attackers to crash it or to execute arbitrary code with the privileges of the user running fetchmail.

Kdnetwork Update for Debian

Security 10929 Published 2002-12-21 03:40 by Philipp Esselbach 0

A new security update for Debian GNU/Linux is available:

DSA-214-1 kdnetwork -- buffer overflows

Olaf Kirch from SuSE Linux AG discovered another vulnerability in the klisa package, that provides a LAN information service similar to "Network Neighbourhood". The lisa daemon contains a buffer overflow vulnerability which potentially enables any local user, as well as any remote attacker on the LAN who is able to gain control of the LISa port (7741 by default), to obtain root privileges. In addition, a remote attacker potentially may be able to gain access to a victim's account by using an "rlan://" URL in an HTML page or via another KDE application.

This problem has been fixed in version 2.2.2-14.5 for the current stable distribution (woody) and in version 2.2.2-14.20 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it doesn't contain a kdenetwork package.

Download

Updated Net-SNMP packages for RH 8.0

Security 10929 Published 2002-12-20 15:03 by 0

Red Hat has released an updated Net-SNMP package for Red Hat Linux 8.0