Slackware 8.1 / 9.0 / 9.1 / current : lftp security update (SSA:2003-346-01)

lftp is a file transfer program that connects to other hosts using FTP, HTTP, and other protocols. A security problem with lftp has been corrected with the release of lftp-2.6.10. New packages are available for Slackware 8.1, 9.0, 9.1, and -current. Any sites using lftp should upgrade to the new...

Slackware 8.1 / 9.0 / 9.1 / current : rsync update (SSA:2004-124-01)

New rsync packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. When running an rsync server without the chroot option it is possible for an attacker to write outside of the allowed directory. Any sites running rsync in that mode should upgrade right away and...

Slackware 8.1 / 9.0 / current : nfs-utils off-by-one overflow fixed (SSA:2003-195-01)

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to fix an off-by-one buffer overflow in xlog.c. Thanks to Janusz Niewiadomski for discovering and reporting this problem. The CVE Common Vulnerabilities and Exposures Project has assigned the identification number...

Slackware 8.1 / 9.0 / current : Sendmail vulnerabilities fixed (SSA:2003-260-02)

The sendmail packages in Slackware 8.1, 9.0, and -current have been patched to fix security problems. These issues seem to be remotely exploitable, so all sites running sendmail should upgrade right away. Sendmail's 8.12.10 announcement may be found here: http://www.sendmail.org/8.12.10.html...

zlib DoS

New zlib packages are available for Slackware 10.0, 10.1, and -current to fix a denial of service security issue. zlib 1.1.x is not affected. More details about this issue may be found in the Common Vulnerabilities and Exposures CVE database:...

Samba: Remote printing non-vulnerability

Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description Due to a bug in the printernotifyinfo function, authorized users could potentially crash their smbd process by sending improperly...

CVE-2004-0851

The 1 writelist and 2 dumpcurrlist functions in Net-Acct before 0.71 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

[slackware-security] gaim

New gaim packages are available for Slackware 9.1, 10.0 and -current to fix several security issues. Sites that use GAIM should upgrade to the new version. Here are the details from the Slackware 10.0 ChangeLog: Thu Aug 26 17:14:09 PDT 2004 patches/packages/gaim-0.82-i486-1.tgz: Upgraded to...

NetBSD Security Advisory 2004-009: ftpd root escalation

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2004-009 ================================= Topic: ftpd root escalation Version: NetBSD-current: source prior to Aug 10, 2004 NetBSD 2.0 branch: source prior to Aug 15, 2004 NetBSD 1.6.2: affected NetBSD 1.6.1: affected NetBSD 1.6: affect...

[slackware-security] sox

New sox packages are available for Slackware 8.1, 9.0, 9.1, 10.0, and -current to fix buffer overflow security issues that could allow a malicious WAV file to execute arbitrary code. Here are the details from the Slackware 10.0 ChangeLog: Sat Aug 7 17:17:20 AKDT 2004...

mc

New mc packages are available for Slackware 9.0, 9.1, and -current to fix security issues that These could lead to a denial of service or the execution of arbitrary code as the user running mc. Sites that use mc should upgrade to the new mc package. More details about this issue may be found in t...

New OpenSSH packages

Upgraded OpenSSH 3.7.1p2 packages are available for Slackware 8.1, 9.0 and -current. This fixes security problems with PAM authentication. It also includes several code cleanups from Solar Designer. Slackware is not vulnerable to the PAM problem, and it is not believed that any of the other code...

nfs-utils packages replaced

New nfs-utils packages are available for Slackware 8.1, 9.0, and -current to replace the ones that were issued yesterday. A bug in has been fixed in utils/mountd/auth.c that could cause mountd to crash. Here are the details from the Slackware 9.0 ChangeLog: Tue Jul 15 10:42:58 PDT 2003...

DEBIAN-CVE-2003-0188

lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories...

CVE-2003-0188

lv reads a .lv file from the current working directory, which allows local users to execute arbitrary commands as other lv users by placing malicious .lv files into other directories...

CVE-2002-1288

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to determine the current directory of the Internet Explorer process via the getAbsolutePath method in a File call...

NetBSD Security Advisory 2002-018: Multiple security isses with kfd daemon

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-018 ================================= Topic: Multiple security isses with kfd daemon Version: NetBSD-current: source prior to September 10, 2002 NetBSD 1.6: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affect...

NetBSD Security Advisory 2002-012: buffer overrun in setlocale

-----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-012 ================================= Topic: buffer overrun in setlocale Severity: local root exploit if X11 xterm is installed. Version: NetBSD-current: source prior to August 8, 2002 NetBSD-1.6 beta:source prior to August 8, 2002...

DSA-165 postgresql - buffer overflows

Bulletin has no description...

FreeBSD-SA-02:31.openssh

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:31 Security Advisory The FreeBSD Project Topic: openssh contains remote vulnerability Category: core Module: OpenSSH Announced: 2002-07-15 Credits: ISS X-Force Theo...