789 matches found
Mandrake Linux Security Advisory : xinetd (MDKSA-2001:055-1)
A bug exists in xinetd as shipped with Mandrake Linux 8.0 dealing with TCP connections with the WAIT state that prevents linuxconf-web from working properly. As well, xinetd contains a security flaw in which it defaults to a umask of 0. This means that applications using the xinetd umask that do...
RHEL 3 : sox (RHSA-2004:409)
Updated sox packages that fix buffer overflows in the WAV file handling code are now available. SoX Sound eXchange is a sound file format converter. SoX can convert between many different digitized sound formats and perform simple sound manipulation functions, including sound effects. Buffer...
Fedora Core 2 : sox-12.17.4-4.fc2 (2004-244)
Updated sox packages that fix buffer overflows in the WAV file handling code are now available. Buffer overflows existed in the parsing of WAV file header fields. It was possible that a malicious WAV file could have caused arbitrary code to be executed when the file was played or converted. Note...
SuSE-SA:2004:010: Linux Kernel
The remote host is missing the patch for the advisory SuSE-SA:2004:010 Linux Kernel. Various vulnerabilities have been fixed in the newly available kernel updates. The updates consist of fixes for the following vulnerabilities: - The dofork memory leak, which could lead to a local DoS attack. All...
Fedora Core 1 2004-087: libxml2
The remote host is missing the patch for the advisory FEDORA-2004-087 libxml2. This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or...
RHEL 2.1 : squid (RHSA-2002:130)
New Squid packages are available which fix various issues. Squid is a high-performance proxy caching server. The following summary describes the various issues found and fixed : Several buffer overflows have been found in the MSTN auth helper msntauth when configured to use denyusers or allowuser...
RHEL 2.1 / 3 : krb5 (RHSA-2004:236)
Updated Kerberos 5 krb5 packages which correct buffer overflows in the krb5anametolocalname function are now available. Kerberos is a network authentication system. Bugs have been fixed in the krb5anametolocalname library function. Specifically, buffer overflows were possible for all Kerberos...
RHEL 2.1 : glibc (RHSA-2002:167)
Updated glibc packages are available which fix a buffer overflow in the XDR decoder and two vulnerabilities in the resolver functions. updated 8 aug 2002 Updated packages have been made available, as the original errata introduced a bug which could cause calloc to crash on 32-bit platforms when...
metamail security update
Metamail is a set of utilities for processing MIME mail. New metamail packages are available for Slackware 8.1, 9.0, 9.1, and -current. These fix two format string bugs and two buffer overflows which could lead to unauthorized code execution. Thanks to Ulf Hrnhammar for discovering these problems...
Mutt-1.4.2 fixes buffer overflow.
Mutt-1.4.2 has just been released; this version fixes a buffer overflow that can be triggered by incoming messages. There are reports about spam that has actually triggered this problem and crashed mutt. It is recommended that users of mutt versions prior to 1.4.2 upgrade to this version, or appl...
INN security update
INN InterNetNews is used to run a news NNTP server. New INN packages are available for Slackware 9.0, 9.1, and -current. These have been upgraded to inn-2.4.1 to fix a potentially exploitable buffer overflow. All sites running INN should upgrade. Here are the details from the Slackware 9.1...
Sendmail vulnerabilities fixed
The sendmail packages in Slackware 8.1, 9.0, and -current have been patched to fix security problems. These issues seem to be remotely exploitable, so all sites running sendmail should upgrade right away. Sendmail's 8.12.10 announcement may be found here: http://www.sendmail.org/8.12.10.html Here...
Critical: Red Hat Security Advisory: : : : Updated openldap packages available for iSeries and pSeries
Updated openldap packages are available which fix a number of local and remote buffer overflows in libldap, and in the slapd and slurpd servers, as well as fixing potential issues stemming from using user-specified LDAP configuration files. OpenLDAP is a suite of LDAP Lightweight Directory Access...
[SECURITY] [DSA-307-1] New gps packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 307-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 27th, 2003 http://www.debian.org/security/faq -...
[SECURITY] [DSA-307-1] New gps packages fix multiple vulnerabilities
-------------------------------------------------------------------------- Debian Security Advisory DSA 307-1 [email protected] http://www.debian.org/security/ Matt Zimmerman May 27th, 2003 http://www.debian.org/security/faq -...
Critical: Red Hat Security Advisory: : : : Updated Fetchmail packages fix security vulnerabilities
Updated Fetchmail packages that close a number of vulnerabilities are available for Red Hat Linux on IBM iSeries and pSeries systems. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links such as SLIP and PPP connections. Three bugs have been fou...
[SECURITY] [DSA 278-2] New sendmail packages fix DoS and arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 278-2 [email protected] http://www.debian.org/security/ Martin Schulze April 4th, 2003 http://www.debian.org/security/faq -...
mutt-1.4.1 fixes a buffer overflow.
Mutt versions 1.4.1 and 1.5.4 have just been released and will soon be available from ftp://ftp.mutt.org/mutt/. Both versions fix a buffer overflow in mutt's IMAP client code which was identified by Core Security Technologies, and fixed by Edmund Grimley Evans. A more detailed advisory will be...
Important: Red Hat Security Advisory: apache, mod_ssl, php security update for Stronghold
Updated versions of the Apache HTTP server, PHP, and modssl are now available which close possible buffer overflows in the Apache HTTP server benchmarking tool, fixes two cross-site scripting vulnerabilities in the error pages, and fix possible local privilege escalation. These updates also fix...
[SECURITY] [DSA 149-2] New glibc packages fix
-------------------------------------------------------------------------- Debian Security Advisory DSA 149-2 [email protected] http://www.debian.org/security/ Martin Schulze September 26th, 2002 http://www.debian.org/security/faq -...