Updated apache and httpd packages which fix a number of security issues are now available for Red Hat Linux 6.2 - 8.0
Cheeta Technologies has released MySQL 3.23.55 RPMS for Red Hat 7.2 and Ensim WEBpplance 3.x
Red Hat has released the follow security updates:
- Updated Xpdf packages fix security vulnerability
- Updated w3m packages fix cross-site scripting issues
- Updated openldap packages available
- Updated WindowMaker packages fix vulnerability in theme-loading
- Updated Xpdf packages fix security vulnerability
- Updated w3m packages fix cross-site scripting issues
- Updated openldap packages available
- Updated WindowMaker packages fix vulnerability in theme-loading
Four new security updates for Gentoo Linux are now available:
- Mail-SpamAssasin
- slocate
- qt-dcgui
- bladeenc
- Mail-SpamAssasin
- slocate
- qt-dcgui
- bladeenc
MandrakeSoft has released new updates for Mandrake Linux:
MDKSA-2003:012 : vim
MDKSA-2003:013 : MYSQL
MDKSA-2003:014 : kernel
MDKSA-2003:015 : slocate
MDKSA-2003:012 : vim
A vulnerability was discovered in vim by Georgi Guninski that allows arbitrary command execution using the libcall feature found in modelines. A patch to fix this problem was introduced in vim 6.1 patchlevel 265. This patch has been applied to the provided update packages.Read more
MDKSA-2003:013 : MYSQL
Aleksander Adamowski informed MandrakeSoft that the MySQL developers fixed a DoS vulnerability in the recently released 3.23.55 version of MySQL. A double free() pointer bug in the mysql_change_user() handling would allow a specially hacked mysql client to crash the main mysqld server. This vulnerability can only be exploited by first logging in with a valid user account.Read more
MDKSA-2003:014 : kernel
An updated kernel for 9.0 is available with a number of bug fixes. Supermount has been completely overhauled and should be solid on all systems. Other fixes include XFS with high memory, a netfilter fix, a fix for Sony VAIO DMI, i845 should now work with UDMA, and new support for VIA C3 is included. Prism24 has been updated so it now works properly on HP laptops and a new ACPI is included, although it is disabled by default for broader compatibility.Read more
MDKSA-2003:015 : slocate
A buffer overflow vulnerability was discovered in slocate by team USG. The overflow appears when slocate is used with the -c and -r parameters, using a 1024 (or 10240) byte string. This has been corrected in slocate version 2.7.Read more
Red Hat has released a Kernel update for Red Hat Linux 7.1 - 8.0
A security update for Hypermail under Debian GNU/Linux is now available
Red Hat has released a kerberos security update for Red Hat Linux 6.2 - 8.0
A new security update for Debian GNU/Linux is available
DSA-247-1 courier-ssl -- missing input sanitizing
DSA-247-1 courier-ssl -- missing input sanitizing
The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiting this vulnerability. The MySQL auth module is not affected.Read more
A new Tomcat update for Debian GNU/Linux is available
MandrakeSoft has released two security updates for Mandrake Linux:
- MDKSA-2003:011 - fetchmail
- MDKA-2003:002 - msec
- MDKSA-2003:011 - fetchmail
- MDKA-2003:002 - msec
Linux-based APIs are on the roadmap of various vendors in support of the Trusted Computing Platform Alliance's (TCPA'S) security initiative, an Infineon Technologies official said at the Platform Conference here on Tuesday.
Read more
Read more
Two new security updates for Debian GNU/Linux has been released
DSA-245-1 dhcp3 -- ignored counter boundary
DSA-245-1 dhcp3 -- ignored counter boundary
An Util-linux update for the Sun Cobalt RaQ 3/4 server appliances has been released
New security fixes for KDE under Debian GNU/Linux has been released:
DSA-241 kdeutils - several
DSA-240 kdegames - several
DSA-239 kdesdk - several
DSA-238 kdepim - several
DSA-237 kdenetwork - several
DSA-241 kdeutils - several
DSA-240 kdegames - several
DSA-239 kdesdk - several
DSA-238 kdepim - several
DSA-237 kdenetwork - several
4 new security updates are available for Debian GNU/Linux:
- DSA-236 kdelibs - several
- DSA-235 kdegraphics - several
- DSA-234 kdeadmin - several
- DSA-233 cvs - doubly freed memory
- DSA-236 kdelibs - several
- DSA-235 kdegraphics - several
- DSA-234 kdeadmin - several
- DSA-233 cvs - doubly freed memory
Red Hat has released updated Python packages for Red Hat Linux 6.2 - 7.3
Red Hat has released a cvs package update for Red Hat Linux 6.2 - 8.0
A cvs package secuity update for Gentoo Linux has been released:
By sending a malformed directory name it is possible to trigger an error condition that will make the function return at a point where a global pointer variable is already freed and has not got a new value assigned yet. This will result in a classical double-free() when the next Directory request is handled. With the help of other CVS requests it is possible to either leak some information that could be used to determine the heap position or to execute arbitrary code on systems that are known to be vulnerable to this kind of bugs.
SOLUTION
It is recommended that all Gentoo Linux users who are running dev-util/cvs upgrade to cvs-1.11.5 as follows:
emerge sync
emerge -u cvs
emerge clean
By sending a malformed directory name it is possible to trigger an error condition that will make the function return at a point where a global pointer variable is already freed and has not got a new value assigned yet. This will result in a classical double-free() when the next Directory request is handled. With the help of other CVS requests it is possible to either leak some information that could be used to determine the heap position or to execute arbitrary code on systems that are known to be vulnerable to this kind of bugs.
SOLUTION
It is recommended that all Gentoo Linux users who are running dev-util/cvs upgrade to cvs-1.11.5 as follows:
emerge sync
emerge -u cvs
emerge clean
SuSE AG has released two security updates for their Linux distribution
Package: dhcp
Package: dhcp
