RHEL 2.1 / 3 : kdelibs (RHSA-2004:222)

Updated kdelibs packages that fix telnet URI handler and mailto URI handler file vulnerabilities are now available. The kdelibs packages include libraries for the K Desktop Environment. KDE Libraries include: kdecore KDE core library, kdeui user interface, kfm file manager, khtmlw HTML widget, ki...

RHEL 2.1 / 3 : lftp (RHSA-2003:404)

Updated lftp packages are now available that fix a buffer overflow security vulnerability. lftp is a command-line file transfer program supporting FTP and HTTP protocols. Ulf Harnhammar discovered a buffer overflow bug in versions of lftp up to and including 2.6.9. An attacker could create a...

RHEL 2.1 : fetchmail (RHSA-2002:216)

Updated Fetchmail packages are available for Red Hat Linux Advanced Server which close a remotely-exploitable vulnerability in unpatched versions of Fetchmail prior to 6.1.0. Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links such as SLIP and...

RHEL 2.1 : lynx (RHSA-2003:030)

Updated Lynx packages fix an error in the way Lynx parses its command line arguments which can lead to faked headers being sent to a Web server. Lynx is a character-cell Web browser, suitable for running on terminals such as the VT100. Lynx constructs its HTTP queries from the command line or...

Important: Red Hat Security Advisory: squirrelmail security update

An updated SquirrelMail package that fixes several security vulnerabilities is now available. SquirrelMail is a webmail package written in PHP. Multiple vulnerabilities have been found which affect the version of SquirrelMail shipped with Red Hat Enterprise Linux 3. An SQL injection flaw was foun...

Low: Red Hat Security Advisory: tcpdump security update

Updated tcpdump, libpcap, and arpwatch packages fix vulnerabilities in ISAKMP parsing. Tcpdump is a command-line tool for monitoring network traffic. Tcpdump v3.8.1 and earlier versions contained multiple flaws in the packet display functions for the ISAKMP protocol. Upon receiving specially...

[ GLSA 200405-18 ] Buffer Overflow in Firebird

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200405-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

Utempter symlink vulnerability

Background Utempter is an application that allows non-privileged apps to write utmp login info, which otherwise needs root access. Description Utempter contains a vulnerability that may allow local users to overwrite arbitrary files via a symlink attack. Impact This vulnerability may allow...

[ GLSA 200404-15 ] XChat 2.0.x SOCKS5 Vulnerability

Gentoo Linux Security Advisory GLSA 200404-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Important: Red Hat Security Advisory: : Updated Subversion packages fix security vulnerability in neon

Updated Subversion packages that fix a vulnerability in neon, exploitable by a malicious DAV server, are now available. Subversion is a concurrent version control system that uses inbuilt code from neon, an HTTP and WebDAV client library. Versions of the neon client library up to and including...

Util-linux login may leak sensitive data

Background Util-linux is a suite of essential system utilites, including login, agetty, fdisk. Description In some situations the login program could leak sensitive data due to an incorrect usage of a reallocated pointer. NOTE: Only users who have PAM support disabled on their systems i.e. -PAM i...

Ethereal fails to properly parse NetFlow UDP packets with an overly large template_entry count

Overview Ethereal fails to properly parse v9template structures in NetFlow UDP packets with an overly large templateentry count. This could allow an attacker to execute arbitrary code. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing...

Moderate: Red Hat Security Advisory: libxml2 security update

Updated libxml2 packages that fix an overflow when parsing remote resources are now available. libxml2 is a library for manipulating XML files. Yuuichi Teranishi discovered a flaw in libxml2 versions prior to 2.6.6. When fetching a remote resource via FTP or HTTP, libxml2 uses special parsing...

PhpDig config.php relative_script_path Parameter Remote File Inclusion

The remote host is running phpdig, an http search engine written in PHP. There is a flaw in this product that could allow an attacker to execute arbitrary PHP code on this by forcing this set of CGI to include a PHP script hosted on a third-party host. %NASLMINLEVEL 70300 C Tenable Network...

Moderate: Red Hat Security Advisory: freeradius security update

Updated FreeRADIUS packages are now available that fix a denial of service vulnerability. FreeRADIUS is an Internet authentication daemon, which implements the RADIUS protocol. It allows Network Access Servers NAS boxes to perform authentication for dial-up users. The raddecode function in...

Low: Red Hat Security Advisory: pan security update

Updated Pan packages that close a denial of service vulnerability are now available. Pan is a Gnome/GTK+ newsreader. A bug in Pan versions prior to 0.13.4 can cause Pan to crash when parsing an article header containing a very long author email address. This bug causes a denial of service crash,...

Low: Red Hat Security Advisory: semi security update

Updated semi packages that fix vulnerabilities in semi's temporary file handling are now available. semi is a MIME library for GNU Emacs and XEmacs used by the wl mail package. A vulnerability in semi version 1.14.3 and earlier allows an attacker to overwrite arbitrary files with potentially...

Moderate: Red Hat Security Advisory: apache security update

Updated Apache and modssl packages that fix several minor security issues are now available for Red Hat Enterprise Linux. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. Ben Laurie found a bug in the optional renegotiation code in modssl which can...

DSA-383 ssh-krb5 - possible remote vulnerability

Bulletin has no description...

Important: Red Hat Security Advisory: pam_smb security update

Updated pamsmb packages are now available which fix a security vulnerability buffer overflow. The pamsmb module is a pluggable authentication module PAM used to authenticate users using an external Server Message Block SMB server. A buffer overflow vulnerability has been found that affects...