Moderate: Red Hat Security Advisory: rsync security update

An updated rsync package that fixes a path sanitizing bug is now available. The rsync program synchronizes files over a network. Versions of rsync up to and including version 2.6.2 contain a path sanitization issue. This issue could allow an attacker to read or write files outside of the rsync...

GLSA-200403-09 : Buffer overflow in Midnight Commander

The remote host is affected by the vulnerability described in GLSA-200403-09 Buffer overflow in Midnight Commander A stack-based buffer overflow has been found in Midnight Commander's virtual filesystem. Impact : This overflow allows an attacker to run arbitrary code on the user's computer during...

GLSA-200405-05 : Utempter symlink vulnerability

The remote host is affected by the vulnerability described in GLSA-200405-05 Utempter symlink vulnerability Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack. Impact : This vulnerability may allow arbitrary files to be overwritten with...

GLSA-200408-16 : glibc: Information leak with LD_DEBUG

The remote host is affected by the vulnerability described in GLSA-200408-16 glibc: Information leak with LDDEBUG Silvio Cesare discovered a potential information leak in glibc. It allows LDDEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be...

GLSA-200405-13 : neon heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-200405-13 neon heap-based buffer overflow Stefan Esser discovered a vulnerability in the code of the neon library : if a malicious date string is passed to the nerfc1036parse function, it can trigger a string overflow into static...

GLSA-200404-06 : Util-linux login may leak sensitive data

The remote host is affected by the vulnerability described in GLSA-200404-06 Util-linux login may leak sensitive data In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems...

GLSA-200404-19 : Buffer overflows and format string vulnerabilities in LCDproc

The remote host is affected by the vulnerability described in GLSA-200404-19 Buffer overflows and format string vulnerabilities in LCDproc Due to insufficient checking of client-supplied data, the LCDd server is susceptible to two buffer overflows and one string buffer vulnerability. If the serve...

GLSA-200405-01 : Multiple format string vulnerabilities in neon 0.24.4 and earlier

The remote host is affected by the vulnerability described in GLSA-200405-01 Multiple format string vulnerabilities in neon 0.24.4 and earlier There are multiple format string vulnerabilities in libneon which may allow a malicious WebDAV server to execute arbitrary code under the context of the...

GLSA-200404-09 : Cross-realm trust vulnerability in Heimdal

The remote host is affected by the vulnerability described in GLSA-200404-09 Cross-realm trust vulnerability in Heimdal Heimdal does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the...

GLSA-200403-08 : oftpd DoS vulnerability

The remote host is affected by the vulnerability described in GLSA-200403-08 oftpd DoS vulnerability Issuing a port command with a number higher than 255 causes the server to crash. The port command may be issued before any authentication takes place, meaning the attacker does not need to know a...

GLSA-200403-14 : Multiple Security Vulnerabilities in Monit

The remote host is affected by the vulnerability described in GLSA-200403-14 Multiple Security Vulnerabilities in Monit A denial of service may occur due to Monit not sanitizing remotely supplied HTTP parameters before passing them to memory allocation functions. This could allow an attacker to...

GLSA-200405-15 : cadaver heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-200405-15 cadaver heap-based buffer overflow Stefan Esser discovered a vulnerability in the code of the neon library see GLSA 200405-13. This library is also included in cadaver. Impact : When connected to a malicious WebDAV serve...

BasiliX Webmail Content-Type Header XSS

The remote host appears to be running BasiliX version 1.1.1 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to cause a victim to unknowingly run arbitrary JavaScript code in his browser simply by reading a MIME message with a specially crafted...

Mandrake Linux Security Advisory : samba (MDKSA-2004:071)

A vulnerability was discovered in SWAT, the Samba Web Administration Tool. The routine used to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. This same code is also used to internally decode the sambaMungedDial attribu...

Fedora Core 1 : kernel-2.4.22-1.2173.nptl (2004-079)

Paul Starzetz discovered a flaw in return value checking in mremap in the Linux kernel versions 2.4.24 and previous that may allow a local attacker to gain root privileges. No exploit is currently available; however this issue is exploitable. The Common Vulnerabilities and Exposures project...

RHEL 3 : php (RHSA-2004:392)

Updated php packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP server. Stefan Esser discovered a flaw when memorylimit is enabled in versions of PHP 4 before 4.3.8. If a remote attacker could force the PHP...

RHEL 2.1 : pam_smb (RHSA-2003:262)

Updated pamsmb packages are now available which fix a security vulnerability buffer overflow. The pamsmb module is a pluggable authentication module PAM used to authenticate users using an external Server Message Block SMB server. A buffer overflow vulnerability has been found that affects...

RHEL 2.1 : postgresql (RHSA-2003:314)

Updated PostgreSQL packages that correct a buffer overflow in the toascii routines are now available. PostgreSQL is an advanced Object-Relational database management system DBMS. Two bugs that can lead to buffer overflows have been found in the PostgreSQL abstract data type to ASCII conversion...

RHEL 2.1 : XFree86 (RHSA-2003:289)

Updated XFree86 packages provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers. XDM is the X display manager. Multiple integer overflows in the transfer and enumeration of font libraries ...

RHEL 2.1 : mysql (RHSA-2003:094)

Updated packages are available that fix both a double-free security vulnerability and a remote root exploit security vulnerability found in the MySQL server. Updated 11 Aug 2003 Updated mysqlclient9 packages are now included. These were previously missing from this erratum. MySQL is a multi-user,...