1879 matches found
buffer overflow fix for NTP
The version of xntp3 that shipped with Slackware 7.1 as well as the version that was in Slackware -current contains a buffer overflow bug that could lead to a root compromise. Slackware 7.1 and Slackware -current users are urged to upgrade to the new packages available for their release. The...
buffer overflow in sudo fixed
Sudo 1.6.3p6 is now available for Slackware 7.1 and Slackware -current. This release fixes a known buffer overflow, which could be used by malicious users to compromise parts of the system. If you rely on Sudo and use one of the above versions of Slackware, it is recommended that you upgrade to t...
multiple vulnerabilities in bind 8.x
Multiple vulnerabilities exist in the versions of BIND found in Slackware 7.1 and -current. Users of BIND 8.x are urged to upgrade to 8.2.3 to fix these problems. More information can be found on the BIND website: http://www.isc.org/products/BIND/ ... and in the CERT Advisory CA-2001-02 - Multipl...
glibc 2.2 local vulnerability on setuid binaries
glibc-2.2 contains a local vulnerability that affects all setuid root binaries. Any user on affected systems will be able to read any file on the system through a simple process: The user sets the RESOLVHOSTCONF environment variable to the name of the file that they wish to read, then runs any...
buffer overflow vulnerability in Pine
Pine versions 4.21 and before contain a buffer overflow vulnerability which allows a remote user to execute arbitrary code on the local client by the sending of a special-crafted email message. The overflow occurs during the periodic "new mail" checking of an open folder. By upgrading to Pine 4.3...
Local /tmp vulnerability fixed in ppp-off
A local /tmp bug in the /usr/sbin/ppp-off program was found. This bug could allow a local user to corrupt system files. A fix has been made and an updated package is now available in the -current branch. The package described below will work for users of Slackware 7.0, 7.1, and -current...
root exploit with xlockmore fixed
A root exploit has been found in xlockmore packaged with Slackware. By providing a carefully crafted display variable to xlock, it is possible for a local attacker to gain root access. Anyone running xlock on a public machine should upgrade to this version of xlock or disable xlock altogether...
Apache 1.3.14 available
Several security problems have been found in the Apache web server software. It is recommended that all users of Apache upgrade to the latest stable release to fix these problems. Apache is included in our N software series in the apache.tgz package. A new apache.tgz package including Apache 1.3....
wu-ftpd advisory update
UPDATE: This announcement was first mailed out on 28-Sep-2000. It was later determined that incorrect 16-bit sums and 128-bit MD5 message digests were included in the announcement. The announcement below is identical to the one from yesterday, but it includes the correct verification data. We...
wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
A vulnerability involving an input validation error in the "site exec" command has recently been identified in the wu-ftpd program CERT Advisory CA-2000-13. More information about this problem can be found at this site: http://www.cert.org/advisories/CA-2000-13.html The wu-ftpd daemon is part of...
klogd Kernel Logger vulnerability and fix
A string format / buffer overflow bug has been discovered in klogd, the kernel logging daemon. Please upgrade to the new sysklogd 1.4 package available on the Slackware FTP site. ========================================================================= sysklogd 1.4 AVAILABLE - a1/sysklogd.tgz...
: xchat input validation bug fixed
An input validation bug was found to affect Slackware Linux 7.0, 7.1, and -current. The problem is described in detail at this site: http://www.securityfocus.com/bid/1601 Users of Slackware 7.0, 7.1, and -current are urged to upgraded to the xchat.tgz package available in the Slackware -current...
: glibc 2.1.3 vulnerabilities patched
Three locale-related vulnerabilities with glibc 2.1.3 were recently reported on BugTraq. These vulnerabilities could allow local users to gain root access. Users of Slackware 7.0, 7.1, and -current are strongly urged to upgrade to the new glibc packages in the -current branch...
Perl root exploit in Slackware 7.1 & -current
A root exploit was found in the /usr/bin/suidperl5.6.0 program that shipped with the Slackware 7.1 perl.tgz package. It is recommended that all users of Slackware 7.1 and -current upgrade to the perl.tgz package available in the Slackware -current branch. ==================================== perl...
wu-ftpd remote exploit patched
A remote exploit has been found in the FTP daemon, wu-ftpd. This can allow an attacker full access to your machine. The wu-ftpd daemon is part of the tcpip1.tgz package in the N series. A new tcpip1.tgz package is now available in the Slackware 7.1 tree. We have also provided a seperate patch...
Kernel 2.2.16 and /usr/bin/Mail
...
Buffer Overflow in fdmount
...
Updated Lynx package for Slackware 7.0 & -current
...
aaa_base not vulnerable
...
libsafe added to -current
...
Emacs 20.6 updated updates
...
emacs & gpm fixes for Slackware 7.0 & -current
...
Security Patches for Slackware 7.0 Available
...
Security Fixes for Slackware 4.0 Available
...
CA-99-13: minimal fix for Slackware 3.5 through 4.0
...
CA-99-13: wu-ftpd upgrade available
...
INN buffer overflow
...
wu.ftpd buffer overflow
...
libtermcap buffer overflow
...