Showing all newswire headlines
View by date, instead?« Previous ( 1 ... 7244 7245 7246 7247 7248 7249 7250 7251 7252 7253 7254 ... 7258 ) Next »
Red Hat alert: glibc file read or write access local vulnerability
A couple of bugs in GNU C library
Red Hat alert: glibc file read or write access local vulnerability
A couple of bugs in GNU C library
Slackware alert: glibc 2.2 local vulnerability on setuid binaries
glibc-2.2 contains a local vulnerability that affects all setuid root
binaries. Any user on affected systems will be able to read any file on
the system through a simple process: The user sets the RESOLV_HOST_CONF
environment variable to the name of the file that they wish to read, then
runs any setuid root program that makes use of that variable. The file is
then written to stderr.
Debian alert: New version of mgetty released
Immunix reports that mgetty does not create temporary files in a secure
manner, which could lead to a symlink attack. This has been corrected
in mgetty 1.1.21-3potato1
Debian alert: two gpg problems
Two bugs in GnuPG have recently been found:
Debian alert: multiple stunnel vulnerabilities
Lez discovered a format string problem in stunnel (a tool to create
Universal SSL tunnel for other network daemons). Brian Hatch
responded by stating he was already preparing a new release with
multiple security fixes:
Debian alert: dialog symlink attack
Matt Kraai reported that he found a problem in the way dialog
creates lock-files: it did not create them safely which made it
susceptible to a symlink attack.
Red Hat alert: Updated stunnel packages available for Red Hat Linux 7
Updated stunnel packages are available for Red Hat Linux 7.
Red Hat alert: Zope Hotfix package available
A new Zope Hotfix package is available.
Red Hat alert: Updated rp-pppoe packages fixing denial of service attack are available.
Updated rp-pppoe packages fixing a denial of service attack are
available.(Patch from the rp-pppoe author, David F. Skoll
)
Debian alert: insufficient protection for zope Image and File objects
A busy week for the Zope team: on Monday another security alert was
released revealing a potential problem found by Peter Kelly. This
problem involved incorrect protection of data updating for Image and
File objects: any user with DTML editing privileges could update the
File or Image object data directly.
Red Hat alert: Updated gnupg packages now available
Updated gnupg packages are now available for Red Hat Linux 6.x and 7.
Red Hat alert: Updated stunnel packages available.
Updated stunnel packages are now available for Red Hat Linux 7.
Red Hat alert: New slocate packages available to fix local group slocate compromise
New slocate packages are availble for Red Hat Linux 6.x and Red Hat
Linux 7. These fix a problem with the database parsing code in slocate.
(slocate was not shipped with Red Hat Linux prior to version 6.0, so
earlier versions are not affected.)
Debian alert: zope privilege escalation
Last week a Zope (security advisory was released which indicated
Erik Enge found a problem in the way Zope calculates roles. In some
situations Zope checked the wrong folder hierarchy which could
cause it to grant local roles when it should not. In other words:
users with privileges in one folder could gain privileges in
another folder.
Red Hat alert: new Zope-Hotfix package available
A new Zope-Hotfix package is availble which fixes issues with computation
of local roles.
Debian alert: slocate local exploit
Michel Kaempf reported a security problem in slocate (a secure version
of locate, a tool to quickly locate files on a filesystem) on bugtraq
which was originally discovered by zorgon. He discovered there was
a bug in the database reading code which made it overwrite a internal
structure with some input. He then showed this could be exploited
to trick slocate into executing arbitrary code by pointing it to a
carefully crafted database.
Debian alert: nano symlink attack
The problem that was previously reported for joe also occurs with
other editors. When nano (a free pico clone) unexpectedly dies
it tries a warning message to a new file with a predictable name
(the name of the file being edited with ".save" appended). Unfortunately
that file was not created safely which made nano vulnerable to a
symlink attack.
Red Hat alert: New BitchX packages are available
New BitchX packages are available which fix the problem with processing
malformed DNS answers.
Red Hat alert: New Zope packages are available.
Vulnerability in legacy names allows calling those contructors without the
correct permissions.
« Previous ( 1 ... 7244 7245 7246 7247 7248 7249 7250 7251 7252 7253 7254 ... 7258 ) Next »