MandrakeSoft has released the follow security updates for MandrakeLinux:
- MDKSA-2003:005 - leafnode
- MDKSA-2003:006 - openldap
- MDKSA-2003:005 - leafnode
- MDKSA-2003:006 - openldap
Red Hat has released security updates for MySQL, PostgreSQL, and libpng
- Updated MySQL packages fix various security issues
- Updated PostgreSQL packages fix buffer overrun vulnerabilities
- Updated libpng packages fix buffer overflow
- Updated MySQL packages fix various security issues
- Updated PostgreSQL packages fix buffer overrun vulnerabilities
- Updated libpng packages fix buffer overflow
Two new security updates for Debian GNU/Linux are available:
DSA-228-1 libmcrypt -- buffer overflows and memory leak
DSA-228-1 libmcrypt -- buffer overflows and memory leak
MandrakeSoft has released two new security updates for Mandrake Linux:
- MDKSA-2002:073-1 - krb5
- MDKSA-2003:004 - kde
- MDKSA-2002:073-1 - krb5
- MDKSA-2003:004 - kde
Red Hat has released updated libpng packages for Red Hat Linux 6.2 - 8.0
An Openldap2 security update for Debian GNU/Linux has been released
A new security update for Debian GNU/Linux has been released
DSA-226-1 xpdf-i -- integer overflow
DSA-226-1 xpdf-i -- integer overflow
iDEFENSE discovered an integer overflow in the pdftops filter from the xpdf and xpdf-i packages that can be exploited to gain the privileges of the target user. This can lead to gaining unprivileged access to the 'lp' user if the pdftops program is part of the print filter.Download
For the current stable distribution (woody) xpdf-i is only a dummy package and the problem was fixed in xpdf already.
For the old stable distribution (potato) this problem has been fixed in version 0.90-8.1.
For the unstable distribution (sid) this problem has been fixed in version 2.01-2.
MandrakeSoft S.A. has released the follow security updates for Mandrake Linux:
- MDKSA-2003:001 - cups
- MDKSA-2003:002 - xpdf
- MDKSA-2003:003 - dhcpcd
- MDKSA-2003:001 - cups
- MDKSA-2003:002 - xpdf
- MDKSA-2003:003 - dhcpcd
Saw over PCLinuxOnline:
Red Hat has released updated Ethereal packages for Red Hat Linux 7.2 - 8.0
An updated Tomcat4 package for Debian GNU/Linux 3.0 is now available
An updated canna package for Debian GNU/Linux has been released
Red Hat has released an updated cyrus-sasl package for Red Hat Linux 8.0
A new security update for Debian GNU/Linux has been released
DSA-223-1 geneweb -- information exposure
DSA-223-1 geneweb -- information exposure
A security issue has been discovered by Daniel de Rauglaudre, upstream author of geneweb, a genealogical software with web interface. It runs as a daemon on port 2317 by default. Paths are not properly sanitized, so a carefully crafted URL lead geneweb to read and display arbitrary files of the system it runs on.Download
For the current stable distribution (woody) this problem has been fixed in version 4.06-2.
The old stable distribution (potato) is not affected.
For the unstable distribution (sid) this problem has been fixed in version 4.09-1.
A new security update for Debian GNU/Linux has been released
DSA-222-1 xpdf -- integer overflow
DSA-222-1 xpdf -- integer overflow
iDEFENSE discovered an integer overflow in the pdftops filter from the xpdf package that can be exploited to gain the privileges of the target user. This can lead to gaining privileged access to the 'lp' user if the pdftops program is part of the print filter.Read more
For the current stable distribution (woody) this problem has been fixed in version 1.00-3.1.
For the old stable distribution (potato) this problem has been fixed in version 0.90-8.1.
For the unstable distribution (sid) this problem has been fixed in version 2.01-2.
An updated pine package is now available for Red Hat Linux 6.2 - 8.0
A new security update for Debian GNU/Linux is available
DSA-221-1 mhonarc -- cross site scripting
DSA-221-1 mhonarc -- cross site scripting
Earl Hood, author of mhonarc, a mail to HTML converter, discovered a cross site scripting vulnerability in this package. A specially crafted HTML mail message can introduce foreign scripting content in archives, by-passing MHonArc's HTML script filtering.Read more
For the current stable distribution (woody) this problem has been fixed in version 2.5.2-1.3.
For the old stable distribution (potato) this problem has been fixed in version 2.4.4-1.3.
For the unstable distribution (sid) this problem has been fixed in version 2.5.14-1.
SuSE AG has released 3 security updates for SuSE Linux:
fetchmail: remote compromise
cups: local and remote privilege escalation
mysql: remote command execution
fetchmail: remote compromise
cups: local and remote privilege escalation
mysql: remote command execution
A new squirrelmail security update for Debian GNU/Linux has been released
Simon Kelly discovered a vulnerability in dhcpcd, an RFC2131 and RFC1541 compliant DHCP client daemon, that runs with root privileges on client machines. A malicious administrator of the regular or an untrusted DHCP server may execute any command with root privileges on the DHCP client machine by sending the command enclosed in shell metacharacters in one of the options provided by the DHCP server.
This problem has been fixed in version 1.3.17pl2-8.1 for the old stable distribution (potato) and in version 1.3.22pl2-2 for the testing (sarge) and unstable (sid) distributions. The current stable distribution (woody) does not contain a dhcpcd package.
Read more
This problem has been fixed in version 1.3.17pl2-8.1 for the old stable distribution (potato) and in version 1.3.22pl2-2 for the testing (sarge) and unstable (sid) distributions. The current stable distribution (woody) does not contain a dhcpcd package.
Read more
