Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7251 7252 7253 7254 7255 7256 7257 7258 7259 7260 7261 ... 7264 ) Next »
SuSE alert: netscape
Michal Zalewski <lcamtuf@DIONE.IDS.PL> has found a buffer overflow in the html parser code of the Netscape Navigator in all versions before and including 4.75. html code of the form
Debian alert: fsh symlink attack
Colin Phipps found an interesting symlink attack problem in fsh (a
tool to quickly run remote commands over rsh/ssh/lsh). When fshd
starts it creates a directory in /tmp to hold its sockets. It tries
to do that securely by checking of it can chown that directory if
it already exists to check if it is owner by the user invoking it.
However an attacker can circumvent this check by inserting a
symlink to a file that is owner by the user who runs fhsd and
replacing that with a directory just before fshd creates the
socket.
Red Hat alert: Ethereal vulnerable to buffer overflows
Updated Ethereal packages are available.
Debian alert: ed symlink attack
Alan Cox discovered that GNU ed (a classed line editor tool)
created temporary files unsafely. This has been fixed in version
0.2-18.1.
Red Hat alert: Updated bind packages fixing DoS attack available
A remote DoS (denial of service) attack is possible with bind versions
prior to 8.
Red Hat alert: Updated nss_ldap packages are now available.
Updated nss_ldap packages are now available for Red Hat Linux 6.1, 6.2, and
7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha.
Red Hat alert: Updated cyrus-sasl packages available for Red Hat Linux 7
Updated cyrus-sasl packages are now available for Red Hat Linux 7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Red Hat alert: Updated usermode packages available
Updated usermode packages are now available for Red Hat Linux 6.x and 7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Red Hat alert: Updated apache, php, mod_perl, and auth_ldap packages available.
Updated apache, php, mod_perl, and auth_ldap packages are now available for
Red Hat Linux 5.2, 6.0, 6.1, 6.2, and 7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Red Hat alert: Updated gnorpm packages are available for Red Hat Linux 6.1, 6.2, and 7.0
(This is a re-release of the previous errata caused by a missing patch).
A locally-exploitable security hole was found where a normal user could
trick root running GnoRPM into writing to arbitrary files due to a bug in
the gnorpm tmp file handling.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Red Hat alert: Updated openssh packages available for Red Hat Linux 7
Updated openssh packages are now available for Red Hat Linux 7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Red Hat alert: Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7
Updated joe packages are available for Red Hat Linux 5.2, 6.x and 7.
Red Hat alert: Updated pine and imap packages are available for Red Hat Linux 5.2, 6.x and 7
Updated pine and imap packages are available for Red Hat Linux 5.2, 6.x and
7.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Red Hat alert: new modutils release addresses more local root compromise possibilities
A new modutils-
Red Hat alert: ghostscript uses mktemp instead of mkstemp, and uses an improper LD_RUN_PATH
ghostscript makes use of mktemp instead of mkstemp to create temp files;
and also uses improper LD_RUN_PATH values, causing it to search for
libraries in the current directory.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Red Hat alert: New ncurses packages fixing buffer overrun available
If you are any setuid applications that use ncurses and its cursor movement
functionality, local users may gain access to the program's privileges.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Red Hat alert: Updated bash (1.x) packages for Red Hat Linux 5.x, 6.x available
Updated bash (1.x) packages for Red Hat Linux 5.x and 6.x, fixing a security problem, are available.
Red Hat alert: New Netscape packages available
New Netscape packages are available that fix a buffer overflow
in parsing HTML.
It is recommended that all Netscape users update to the fixed
packages.
2000-11-27: Added packages for Red Hat Linux 7 for Alpha
Debian alert: New version of mc released
Maurycy Prodeus found a problem in cons.saver, a screensaver for
the console that is included in the mc package. cons.saver does not
check if it is started with a valid stdout, which combined with a
bug in its check to see if its argument is a tty (it forgot to
close the file-descriptor after opening the supposed tty) causes it
to write a NUL character to the file given as its parameter.
SuSE alert: openssh/ssh
openssh is an implementation of the secure shell protocol, available under the BSD license, primarily maintained by the OpenBSD Project.
« Previous ( 1 ... 7251 7252 7253 7254 7255 7256 7257 7258 7259 7260 7261 ... 7264 ) Next »