Mandrake Security Updates

Security 10929 Published by Philipp Esselbach 0

MandrakeSoft has released two new security updates for Mandrake Linux

MDKSA-2003:018 : apcupsd

A remote root vulnerability in slave setups and some buffer overflows in the network information server code were discovered by the apcupsd developers. They have been fixed in the latest unstable version, 3.10.5 which contains additional enhancements like USB support, and the latest stable version, 3.8.6.

There are a few changes that need to be noted, such as the port has changed from port 7000 to post 3551 for NIS, and the new config only allows access from the localhost. Users may need to modify their configuration files appropriately, depending upon their configuration.

Read more

MDKSA-2003:017 : pam

Andreas Beck discovered that the pam_xauth module would forward authorization information from the root account to unprivileged users. This can be exploited by a local attacker to gain access to the root user's X session. In order for it to be successfully exploited, the attacker would have to somehow get the root user to su to the account belonging to the attacker.

Read more

Lindows.com offers anti-virus software for its OS

Security 10929 Published by Philipp Esselbach 0

For the new software, called VirusSafe, Lindows.com took Central Command's Vexira Antivirus for Linux Workstation software and adjusted it to integrate it with the LindowsOS operating system, said John Bromhead, Lindows.com's marketing vice president.

Read more

w3mmee-ssl Update for Debian

Security 10929 Published by Philipp Esselbach 0

A new security update for Debian GNU/Linux has been released:

DSA-250-1 w3mmee-ssl -- missing HTML quoting

Hironori Sakamoto, one of the w3m developers, found two security vulnerabilities in w3m and associated programs. The w3m browser does not properly escape HTML tags in frame contents and img alt attributes. A malicious HTML frame or img alt attribute may deceive a user to send his local cookies which are used for configuration. The information is not leaked automatically, though.

Read more

Mandrake Linux Updates

Security 10929 Published by Philipp Esselbach 0

MandrakeSoft has released new updates for Mandrake Linux:

MDKSA-2003:012 : vim
A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages.
Read more

MDKSA-2003:013 : MYSQL
Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account.
Read more

MDKSA-2003:014 : kernel
An updated kernel for 9.0 is available with a number of bug fixes. Supermount has been completely overhauled and should be solid on all systems. Other fixes include XFS with high memory, a netfilter fix, a fix for Sony VAIO DMI, i845 should now work with UDMA, and new support for VIA C3 is included. Prism24 has been updated so it now works properly on HP laptops and a new ACPI is included, although it is disabled by default for broader compatibility.
Read more

MDKSA-2003:015 : slocate
A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7.
Read more

courier-ssl Update for Debian

Security 10929 Published by Philipp Esselbach 0

A new security update for Debian GNU/Linux is available

DSA-247-1 courier-ssl -- missing input sanitizing
The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiting this vulnerability. The MySQL auth module is not affected.
Read more

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...