Red Hat: 'telnet' Buffer overflow vulnerability
Friday the 8th, February 2002 at 11:41 AM (EST)
Ewdison Then - 0 Talkback(s) with 371 Reads
New telnet, telnet-server packages are available for Red Hat Linux 5.2, 6.2, 7.0 and 7.1. These packages fix a problem where buffer overflows can provide root access to local users. It is recommended that all users update to the fixed packages. New packages are available for Red Hat Linux 7.0 and 7.1. These fix issues when upgrading from the errata telnet packages released for previous releases. No code changes are involved.
|
Conectiva: Security update to MySQL
Monday the 21st, January 2002 at 02:35 PM (EST)
Ewdison Then - 0 Talkback(s) with 396 Reads
The package shipped with Conectiva Linux 6.0 and older logs by default all queries made to the database to the /var/log/mysql file. This includes user creation, password changes via SQL commands and other queries. Our package incorrectly leaves the permissions of this file as world-readable (0644), thus allowing any user on the system access to potentially sensitive information.
|
KDE Konqueror Web Browser SSL Security Flaw
Monday the 31st, December 2001 at 06:14 PM (EST)
Ewdison Then - 0 Talkback(s) with 583 Reads
A vulnerability has been reported in the KDE Konqueror web browser that allows a remote user to perform a Secure Sockets Layer (SSL) man-in-the-middle attack without being detected by most users.
|
RedHat: Powertools: 'Mailman' update
Monday the 24th, December 2001 at 11:21 AM (EST)
Ewdison Then - 0 Talkback(s) with 486 Reads
Updated Mailman packages are now available for Red Hat PowerTools 7 and 7.1. These updates fix cross-site scripting bugs which might allow another server to be used to gain a user's private information from a server running Mailman
|
Mandrake: Update to passwd package
Friday the 14th, December 2001 at 09:41 AM (EST)
Ewdison Then - 0 Talkback(s) with 425 Reads
The default pam files for the passwd program did not include support for md5 passwords, thus any password changes or post-install added users would not have md5 passwords."
|
Suse Version 6.3 end-of-life announcement
Thursday the 15th, November 2001 at 12:27 PM (EST)
Ewdison Then - 0 Talkback(s) with 340 Reads
Effective Monday, December 10th 2001, after a lifespan of two years, SuSE will discontinue support for the successful SuSE Linux distribution SuSE Linux 6.3.
|
Mandrake util-linux advisory
Friday the 2nd, November 2001 at 10:50 AM (EST)
Ewdison Then - 0 Talkback(s) with 318 Reads
Tarhon-Onu Victor found a problem in /bin/login's PAM implementation. It stored the value of a static pwent buffer across PAM calls, and when used with some PAM modules in non-default configurations (ie. using pam_limits), it would overwrite the buffer and cause the user to get the credentials of another user.
|
Mandrake: kernel22 local privilege escalation vulnerability
Saturday the 27th, October 2001 at 01:42 AM (EDT)
Ewdison Then - 0 Talkback(s) with 309 Reads
Rafal Wojtczuk found a vulnerability in the 2.2.19 and 2.4.11 Linux kernels with the ptrace code and deeply nested symlinks spending an arbitrary amount of time in the kernel code. The ptrace vulnerability could be used by local users to gain root privilege, the symlink vulnerability could result in a local DoS.
|
Red Hat: Security update to OpenSSH
Wednesday the 17th, October 2001 at 03:26 PM (EDT)
Ewdison Then - 0 Talkback(s) with 301 Reads
Updated openssh packages are now available for Red Hat Linux 7 and 7.1. These packages fix a vulnerability which may allow unauthorized users to log in from hosts that have been denied access.
|
Cisco Systems - Vulnerability in CDP
Thursday the 11th, October 2001 at 09:21 AM (EDT)
Ewdison Then - 0 Talkback(s) with 330 Reads
There is a vulnerability in how Cisco routers are handling CDP. By sending a large amount of CDP neighbor announcements it is possible to consume all available router's memory. That will cause a crash or some other abnormal behavior. This vulnerability is assigned a Cisco bug ID CSCdu09909. You can see details of it if you have a valid CCO account.
|
