MandrakeSoft has released two new security updates for Mandrake Linux
MDKSA-2003:008 : libpng
MDKSA-2003:008 : libpng
A new security update for Debian GNU/Linux has been released:
DSA-232-1 cupsys -- several
DSA-232-1 cupsys -- several
Three new security updates for Gentoo Linux are available:
PACKAGE : fnord
fnord 1.6 contained a buffer overrun in the CGI code. However, since the function does not return, this does not appear to be exploitable
Read more
PACKAGE : dhcp
The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits.
Read more
PACKAGE : kde-2.2.x
In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution.
These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.
Read more
PACKAGE : fnord
fnord 1.6 contained a buffer overrun in the CGI code. However, since the function does not return, this does not appear to be exploitable
Read more
PACKAGE : dhcp
The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD). These vulnerabilities may allow remote attackers to execute arbitrary code on affected systems. At this time, we are not aware of any exploits.
Read more
PACKAGE : kde-2.2.x
In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution.
These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source.
Read more
MandrakeSoft has released the follow security updates for Mandrake Linux:
MDKSA-2003:007 : dhcp
Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable.
Read more
MDKSA-2003:004-1 : kde
Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources.
Read more
MDKSA-2003:007 : dhcp
Several potential vulnerabilities were detected by the ISC (Internet Software Consortium) in their dhcp server software. The vulnerabilities affect the minires library and may be exploitable as stack buffer overflows, which could lead to remote code execution. All Mandrake Linux users are encouraged to upgrade; only Mandrake Linux 8.0 came with dhcp 2.x and is not vulnerable.
Read more
MDKSA-2003:004-1 : kde
Multiple instances of improperly quoted shell command execution exist in KDE 2.x up to and including KDE 3.0.5. KDE fails to properly quote parameters of instructions passed to the shell for execution. These parameters may contain data such as filenames, URLs, email address, and so forth; this data may be provided remotely to a victim via email, web pages, files on a network filesystem, or other untrusted sources.
Read more
Two new security updates for Debian GNU/Linux has been released:
DSA-231-1 dhcp3 -- stack overflows
The Internet Software Consortium discoverd several vulnerabilities during an audit of the ISC DHCP Daemon. The vulnerabilities exist in error handling routines within the minires library and may be exploitable as stack overflows. This could allow a remote attacker to execute arbitrary code under the user id the dhcpd runs under, usually root. Other DHCP servers than dhcp3 doesn't seem to be affected.
Read more
DSA-230-1 bugzilla -- insecure permissions, spurious backup files
Two vulnerabilities have been discovered in Bugzilla, a web-based bug tracking system, by its authors.
Read more
DSA-231-1 dhcp3 -- stack overflows
The Internet Software Consortium discoverd several vulnerabilities during an audit of the ISC DHCP Daemon. The vulnerabilities exist in error handling routines within the minires library and may be exploitable as stack overflows. This could allow a remote attacker to execute arbitrary code under the user id the dhcpd runs under, usually root. Other DHCP servers than dhcp3 doesn't seem to be affected.
Read more
DSA-230-1 bugzilla -- insecure permissions, spurious backup files
Two vulnerabilities have been discovered in Bugzilla, a web-based bug tracking system, by its authors.
Read more
SuSE has released a libpng update for SuSE Linux
Red Hat has released an updated VIM package for Red Hat Linux 6.2 - 8.0
MandrakeSoft has released the follow security updates for MandrakeLinux:
- MDKSA-2003:005 - leafnode
- MDKSA-2003:006 - openldap
- MDKSA-2003:005 - leafnode
- MDKSA-2003:006 - openldap
Red Hat has released security updates for MySQL, PostgreSQL, and libpng
- Updated MySQL packages fix various security issues
- Updated PostgreSQL packages fix buffer overrun vulnerabilities
- Updated libpng packages fix buffer overflow
- Updated MySQL packages fix various security issues
- Updated PostgreSQL packages fix buffer overrun vulnerabilities
- Updated libpng packages fix buffer overflow
Two new security updates for Debian GNU/Linux are available:
DSA-228-1 libmcrypt -- buffer overflows and memory leak
DSA-228-1 libmcrypt -- buffer overflows and memory leak
MandrakeSoft has released two new security updates for Mandrake Linux:
- MDKSA-2002:073-1 - krb5
- MDKSA-2003:004 - kde
- MDKSA-2002:073-1 - krb5
- MDKSA-2003:004 - kde
Red Hat has released updated libpng packages for Red Hat Linux 6.2 - 8.0
An Openldap2 security update for Debian GNU/Linux has been released
A new security update for Debian GNU/Linux has been released
DSA-226-1 xpdf-i -- integer overflow
DSA-226-1 xpdf-i -- integer overflow
iDEFENSE discovered an integer overflow in the pdftops filter from the xpdf and xpdf-i packages that can be exploited to gain the privileges of the target user. This can lead to gaining unprivileged access to the 'lp' user if the pdftops program is part of the print filter.Download
For the current stable distribution (woody) xpdf-i is only a dummy package and the problem was fixed in xpdf already.
For the old stable distribution (potato) this problem has been fixed in version 0.90-8.1.
For the unstable distribution (sid) this problem has been fixed in version 2.01-2.
MandrakeSoft S.A. has released the follow security updates for Mandrake Linux:
- MDKSA-2003:001 - cups
- MDKSA-2003:002 - xpdf
- MDKSA-2003:003 - dhcpcd
- MDKSA-2003:001 - cups
- MDKSA-2003:002 - xpdf
- MDKSA-2003:003 - dhcpcd
Saw over PCLinuxOnline:
Red Hat has released updated Ethereal packages for Red Hat Linux 7.2 - 8.0
An updated Tomcat4 package for Debian GNU/Linux 3.0 is now available
An updated canna package for Debian GNU/Linux has been released
Red Hat has released an updated cyrus-sasl package for Red Hat Linux 8.0
