LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 04-03-2005, 11:07 PM   #1
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
LQ Security Report - April 3rd 2005


March 29th 2005
18 issues handled (SF)
1. Icecast XSL Parser Multiple Vulnerabilities
2. Xzabite DYNDNSUpdate Multiple Remote Buffer Overflow Vulnera...
3. Samsung DSL Modem Multiple Remote Vulnerabilities
4. NetWin SurgeMail Multiple Remote HTML Injection and File Upl...
5. Nortel Contivity VPN Client Local Password Disclosure Weakne...
6. ImageMagick SGI Parser Heap Overflow Vulnerability
7. ImageMagick TIFF Image File Unspecified Denial Of Service Vu...
8. ImageMagick TIFF Image Tag Denial Of Service Vulnerability
9. Imagemagick Photoshop Document Parsing Unspecified Denial of...
10. Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Servic...
11. Mozilla GIF Image Processing Library Remote Heap Overflow Vu...
12. Mozilla Firefox Sidebar Panel Script Injection Vulnerability
13. Mozilla Browser Remote Insecure XUL Start Up Script Loading ...
14. PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities
15. Invision Power Board HTML Injection Vulnerability
16. CDRTools CDRecord Local Insecure File Creation Vulnerability
17. Dnsmasq Multiple Remote Vulnerabilities
18. OpenMosixview Multiple Insecure Temporary File Creation Vuln...

March 31st 2005
56 issues handled (SN)
[SA14788] Red Hat update for XFree86
[SA14782] Fedora update for imagemagick
[SA14773] SGI Advanced Linux Environment Multiple Updates
[SA14766] Fedora update for sylpheed
[SA14756] Sylpheed MIME-encoded Attachment Filename Buffer Overflow
[SA14737] Gentoo update for Mozilla
[SA14736] Gentoo update for Firefox
[SA14735] Gentoo update for Thunderbird
[SA14733] Smail-3 "Mail From" Buffer Overflow and Signal Handling Vulnerabilities
[SA14724] Fedora update for xorg-x11
[SA14714] Slackware update for Mozilla
[SA14738] Debian update for mc
[SA14783] Fedora update for telnet
[SA14778] OpenBSD update for telnet
[SA14772] SUSE update for telnet
[SA14771] Red Hat update for krb5
[SA14765] Gentoo update for mpg321
[SA14763] FreeBSD update for telnet
[SA14759] Conectiva update for ethereal
[SA14757] Red Hat update for telnet
[SA14754] Sun Solaris Telnet Client Buffer Overflow Vulnerabilities
[SA14751] Fedora update for kernel
[SA14750] Ubuntu update for telnet/telnetd
[SA14747] Fedora update for squirrelmail
[SA14745] MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities
[SA14740] Fedora update for krb5
[SA14734] Debian update for netkit-telnet-ssl
[SA14728] Debian update for netkit-telnet
[SA14727] Gentoo update for ipsec-tools
[SA14721] Mandrake update for krb5
[SA14713] Linux Kernel Multiple Vulnerabilities
[SA14787] Debian update for mailreader
[SA14786] Fedora update for squid
[SA14785] Gentoo update for smarty
[SA14777] Mailreader "network.cgi" Cross-Site Scripting Vulnerability
[SA14758] Red Hat update for grip
[SA14730] Horde Page Title Cross-Site Scripting Vulnerability
[SA14755] Red Hat update for mysql
[SA14781] Fedora update for gdk-pixbuf
[SA14780] Fedora update for gtk2
[SA14776] GdkPixbuf BMP Loader Double Free Denial of Service Vulnerability
[SA14775] GTK+ BMP Loader Double Free Denial of Service Vulnerability
[SA14761] EncapsBB "root" File Inclusion Vulnerability
[SA14723] E-Store Kit-2 PayPal Edition Cross-Site Scripting and File Inclusion
[SA14770] Squirrelcart PHP Shopping Cart SQL Injection Vulnerabilities
[SA14744] ACS Blog BBcode Script Insertion Vulnerability
[SA14742] PhotoPost PHP Pro Cross-Site Scripting and SQL Injection
[SA14739] E-Data Personal Information Script Insertion Vulnerability
[SA14732] Chatness "user" Script Insertion Vulnerability
[SA14719] Valdersoft Shopping Cart Cross-Site Scripting and SQL Injection
[SA14716] WebAPP Unspecified File Content Disclosure Vulnerability
[SA14715] PHP-Nuke Nuke Bookmarks Cross-Site Scripting and SQL Injection
[SA14764] Tkai's Shoutbox "query" Cross-Site Scripting Vulnerability
[SA14748] CPG Dragonfly CMS Two Cross-Site Scripting Vulnerabilities
[SA14729] Smarty "regex_replace" Modifier Template Security Bypass
[SA14720] WackoWiki Multiple Cross-Site Scripting Vulnerabilities

April 1st 2005
32 issues handled across 7 distros
ethereal
kernel
netkit-telnet
mc
netkit-telnet-ssl
mailreader
samba
mozilla
lsof
selinux-policy-targeted
thunderbird
epiphany
devhelp
squirrelmail
spamassassin
sylpheed
krb5
xorg-x11
system-config-services
foomatic
squid
ImageMagick
gdk-pixbuf
gtk2
initscripts
mpg321
ipsec-tools
libexif
htdig
grip
mysql
XFree86

Last edited by Capt_Caveman; 04-03-2005 at 11:17 PM.
 
Old 04-03-2005, 11:09 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 69
March 29th 2005 (SF)

Security Focus

1. Icecast XSL Parser Multiple Vulnerabilities
BugTraq ID: 12849
Remote: Yes
Date Published: Mar 18 2005
Relevant URL: http://www.securityfocus.com/bid/12849
Summary:
Icecast is reported prone to multiple vulnerabilities. The following individual issues are reported: Icecast XSL parser is reported to be prone to a buffer overflow vulnerability. This issue exists due to a lack of sufficient boundary checks performed on certain XSL tag values before copying these values into a finite buffer in process memory. It is reported that the vulnerability manifests when a malicious XSL file is parsed by the affected software.This issue may potentially be exploited to deny service for legitimate users or potentially execute arbitrary code in the context of the user that is running the affected software. This is not confirmed. It is reported that the Icecast XSL parser is prone to an information disclosure vulnerability. It is reported that the parser fails to parse XSL files when a request for such a file is appended with a dot '.' character. A remote attacker may exploit this vulnerability to disclose the contents of XSL files that can be requested publicly. These vulnerabilities are reported to affect Icecast version 2.20, other versions might also be affected.

2. Xzabite DYNDNSUpdate Multiple Remote Buffer Overflow Vulnera...
BugTraq ID: 12858
Remote: Yes
Date Published: Mar 21 2005
Relevant URL: http://www.securityfocus.com/bid/12858
Summary:
Multiple remote buffer overflow vulnerabilities affect Xzabite's dyndnsupdate. These issues are due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An attacker may exploit these issues to execute arbitrary code with the privileges of a user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

3. Samsung DSL Modem Multiple Remote Vulnerabilities
BugTraq ID: 12864
Remote: Yes
Date Published: Mar 21 2005
Relevant URL: http://www.securityfocus.com/bid/12864
Summary:
Multiple vulnerabilities are reported to exist in Samsung DSL modems. The first issue is an information disclosure issue due to a failure of the device to block access to potentially sensitive files. The second issue is a default backdoor account vulnerability. It is reported that multiple accounts exist on the modem by default, allowing remote attackers to gain administrative privileges on the modem. These vulnerabilities may allow remote attackers to gain access to potentially sensitive information, or to gain administrative access to the affected device. Samsung DSL modems running software version SMDK8947v1.2 are reported to be affected. Other devices and software versions are also likely affected.

4. NetWin SurgeMail Multiple Remote HTML Injection and File Upl...
BugTraq ID: 12866
Remote: Yes
Date Published: Mar 22 2005
Relevant URL: http://www.securityfocus.com/bid/12866
Summary:
Multiple remote file upload and HTML injection vulnerabilities affect NetWin SurgeMail. The underlying causes of these issues are a failure ot sanitize user-supplied input and a failure to securely handle the file upload functionality. These issues may be leverage to upload arbitrary files into arbitrary locations writable to the affected application and carry out HTML injection attacks against the SurgeMail administrator. This may facilitate theft of credentials and potentially compromise of the email server.

5. Nortel Contivity VPN Client Local Password Disclosure Weakne...
BugTraq ID: 12871
Remote: No
Date Published: Mar 22 2005
Relevant URL: http://www.securityfocus.com/bid/12871
Summary:
Nortel Contivity VPN Client for Microsoft Windows platforms is reported prone to a local pre-shared key (password) disclosure weakness. It is reported that the VPN user and group password is stored in the memory image of the process in plain-text format. Credentials that are harvested through the exploitation of this weakness may then be used to aid in further attacks. This weakness is reported to affect Nortel Contivity VPN Client version 5.01 for Microsoft Windows, versions for the Linux platform are not reported to be vulnerable. Other versions might also be affected.

6. ImageMagick SGI Parser Heap Overflow Vulnerability
BugTraq ID: 12873
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12873
Summary:
ImageMagick is prone to a heap-based buffer overflow vulnerability. This vulnerability exists in the SGI image file parser. Successful exploitation may result in execution of arbitrary code. This issue may potentially be exploited through the ImageMagick application or in other applications that import the SGI image file parser component. It is noted that the SGI codec is enabled by default in ImageMagick.

7. ImageMagick TIFF Image File Unspecified Denial Of Service Vu...
BugTraq ID: 12874
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12874
Summary:
A remote, client-side denial of service vulnerability affects ImageMagick. This issue is likely due to a failure of the application to handle malformed TIFF image files. A remote attacker may leverage this issue to cause the affected application to crash, potentially causing a loss of data denying service to legitimate users.

8. ImageMagick TIFF Image Tag Denial Of Service Vulnerability
BugTraq ID: 12875
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12875
Summary:
A remote, client-side denial of service vulnerability affects ImageMagick. This issue is likely due to a failure of the application to handle malformed TIFF image files. A remote attacker may leverage this issue to cause the affected application to crash, potentially causing a loss of data, and denying service to legitimate users.

9. Imagemagick Photoshop Document Parsing Unspecified Denial of...
BugTraq ID: 12876
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12876
Summary:
A remote, client-side denial of service vulnerability affects ImageMagick. This issue is likely due to a failure of the application to handle malformed PSD files. A remote attacker may leverage this issue to cause the affected application to crash, potentially causing a loss of data denying service to legitimate users.

10. Apache mod_ssl ssl_io_filter_cleanup Remote Denial Of Servic...
BugTraq ID: 12877
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12877
Summary:
mod_ssl is prone to a remote denial of service vulnerability. The issue exists in the 'ssl_io_filter_cleanup' function. A remote attacker can exploit this issue to cause a denial of service condition in an affected Apache server. Apache 2.0.49 and prior versions are considered to be affected by this vulnerability.

11. Mozilla GIF Image Processing Library Remote Heap Overflow Vu...
BugTraq ID: 12881
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12881
Summary:
Multiple Mozilla products are affected by a remote heap overflow vulnerability. This issue affects the GIF image processing library used by Mozilla Firefox, Mozilla Browser, and Mozilla Thunderbird Mail client. A successful attack can result in arbitrary code execution and result in unauthorized access to the affected computer. Arbitrary code execution will take place in the context of a user running a vulnerable application.

12. Mozilla Firefox Sidebar Panel Script Injection Vulnerability
BugTraq ID: 12884
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12884
Summary:
Mozilla Firefox is prone to a vulnerability that could allow remote code execution. This may occur if a malicious Web page is bookmarked as a sidebar panel. The malicious page may then reportedly open a privileged page and inject JavaScript. This may be leveraged to execute arbitrary code as the victim client user.

13. Mozilla Browser Remote Insecure XUL Start Up Script Loading ...
BugTraq ID: 12885
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12885
Summary:
Mozilla Suite and Mozilla Firefox are affected by a remote insecure XUL script loading vulnerability. This issue is due to an access validation issue that causes the script to be loaded with elevated privileges. An attacker may leverage this issue to execute XUL startup scripts with elevated privileges. The vendor has reported that the security impact of this is currently limited.

14. PHPSysInfo Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 12887
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12887
Summary:
phpSysInfo is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

15. Invision Power Board HTML Injection Vulnerability
BugTraq ID: 12888
Remote: Yes
Date Published: Mar 23 2005
Relevant URL: http://www.securityfocus.com/bid/12888
Summary:
Invision Power Board is reported prone to an HTML injection vulnerability. This issue arises due to insufficient sanitization of user-supplied data. It is reported that due to a lack of filtering of HTML tags, an attacker can inject an IFRAME through an HTTP POST request. All version of Invision Power Board are considered vulnerable at the moment. This BID will be updated when more information is available.

16. CDRTools CDRecord Local Insecure File Creation Vulnerability
BugTraq ID: 12891
Remote: No
Date Published: Mar 24 2005
Relevant URL: http://www.securityfocus.com/bid/12891
Summary:
A local insecure file creation vulnerability affects cdrtools cdrecord. This issue is due to a failure of the application to securely create and write to various files. An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the application.

17. Dnsmasq Multiple Remote Vulnerabilities
BugTraq ID: 12897
Remote: Yes
Date Published: Mar 25 2005
Relevant URL: http://www.securityfocus.com/bid/12897
Summary:
Dnsmasq is reported prone to multiple remote vulnerabilities. These issues can allow an attacker to exploit an off-by-one overflow condition and carry out DNS cache poisoning attacks. An attacker may leverage these issues to manipulate cache data, potentially facilitating man-in-the-middle, site impersonation, or denial of service attacks. A denial of service condition or potential code execution may occur due to the off-by-one overflow vulnerability. These issues affect Dnsmasq 2.20 and prior versions. Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.

18. OpenMosixview Multiple Insecure Temporary File Creation Vuln...
BugTraq ID: 12902
Remote: No
Date Published: Mar 25 2005
Relevant URL: http://www.securityfocus.com/bid/12902
Summary:
openMosixview is reported prone to multiple local insecure temporary file creation vulnerabilities. These issues are due to design errors that cause the application to fail to verify the existence of files before writing to them. An attacker may leverage these issues to overwrite and delete arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. All versions of openMosixView are reported vulnerable.
 
Old 04-03-2005, 11:11 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 69
March 31st 2005 (SN)

Secunia

[SA14788] Red Hat update for XFree86
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-31
Red Hat has issued an update for XFree86. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14788/

[SA14782] Fedora update for imagemagick
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-31
Fedora has issued an update for imagemagick. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14782/

[SA14773] SGI Advanced Linux Environment Multiple Updates
Critical: Highly critical
Where: From remote
Impact: System access, DoS, Manipulation of data
Released: 2005-03-31
SGI has issued a patch for SGI Advanced Linux Environment. This fixes
multiple vulnerabilities, which can be exploited malicious, local users
to manipulate the contents of certain files and by malicious people to
cause a DoS (Denial of Service) or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14773/

[SA14766] Fedora update for sylpheed
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-30
Fedora has issued an update for sylpheed. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14766/

[SA14756] Sylpheed MIME-encoded Attachment Filename Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-30
A vulnerability has been reported in Sylpheed, which potentially can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14756/

[SA14737] Gentoo update for Mozilla
Critical: Highly critical
Where: From remote
Impact: System access, Exposure of sensitive information, Exposure
of system information, Spoofing, Cross Site Scripting, Security Bypass
Released: 2005-03-28
Gentoo has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited to bypass certain security
restrictions, conduct spoofing and script insertion attacks, disclose
various information, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14737/

[SA14736] Gentoo update for Firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass
Released: 2005-03-28
Gentoo has issued an update for Firefox. This fixes three
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14736/

[SA14735] Gentoo update for Thunderbird
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-28
Gentoo has issued an update for Thunderbird. This fixes four
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14735/

[SA14733] Smail-3 "Mail From" Buffer Overflow and Signal Handling Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2005-03-29
infamous41md has reported some vulnerabilities in Smail-3, which
potentially can be exploited by malicious, local users to gain
escalated privileges and by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14733/

[SA14724] Fedora update for xorg-x11
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-30
Fedora has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14724/

[SA14714] Slackware update for Mozilla
Critical: Highly critical
Where: From remote
Impact: System access, Exposure of sensitive information, Exposure
of system information, Spoofing, Cross Site Scripting, Security Bypass
Released: 2005-03-28
Slackware has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited to bypass certain security
restrictions, conduct spoofing and script insertion attacks, disclose
various information, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14714/

[SA14738] Debian update for mc
Critical: Moderately critical
Where:
Impact: Unknown
Released: 2005-03-29
Debian has issued an update for mc. This fixes a vulnerability with an
unknown impact.
Full Advisory:
http://secunia.com/advisories/14738/

[SA14783] Fedora update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-31
Fedora has issued an update for telnet. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14783/

[SA14778] OpenBSD update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-31
OpenBSD has issued an update for telnet. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14778/

[SA14772] SUSE update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-30
SUSE has issued an update for telnet. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14772/

[SA14771] Red Hat update for krb5
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-30
Red Hat has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14771/

[SA14765] Gentoo update for mpg321
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
Gentoo has issued an update for mpg321. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14765/

[SA14763] FreeBSD update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
FreeBSD has issued an update for telnet. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14763/

[SA14759] Conectiva update for ethereal
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-29
Conectiva has issued an update for ethereal. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14759/

[SA14757] Red Hat update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
Red Hat has issued an update for telnet. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14757/

[SA14754] Sun Solaris Telnet Client Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
GaŽl Delalleau has reported two vulnerabilities in the telnet client
included with Sun Solaris, which can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14754/

[SA14751] Fedora update for kernel
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS, System access, Exposure of
sensitive information
Released: 2005-03-29
Fedora has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited to gain knowledge of
potentially sensitive information, cause a DoS (Denial of Service),
gain escalated privileges, or potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14751/

[SA14750] Ubuntu update for telnet/telnetd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-03-29
Ubuntu has issued updates for telnet and telnetd. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14750/

[SA14747] Fedora update for squirrelmail
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2005-03-29
Fedora has issued an update for squirrelmail. This fixes some
vulnerabilities, which can be exploited by malicious people to gain
knowledge of sensitive information or conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/14747/

[SA14745] MIT Kerberos Telnet Client Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
GaŽl Delalleau has reported two vulnerabilities in Kerberos V5, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14745/

[SA14740] Fedora update for krb5
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-30
Fedora has issued an update for krb5. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/14740/

[SA14734] Debian update for netkit-telnet-ssl
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
Debian has issued an update for netkit-telnet-ssl. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14734/

[SA14728] Debian update for netkit-telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-29
Debian has issued an update for netkit-telnet. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14728/

[SA14727] Gentoo update for ipsec-tools
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-03-28
Gentoo has issued an update for ipsec-tools. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/14727/

[SA14721] Mandrake update for krb5
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-03-30
MandrakeSoft has issued an update for krb5. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/14721/

[SA14713] Linux Kernel Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released: 2005-03-29
Multiple vulnerabilities have been reported in the Linux kernel, which
can be exploited to disclose information, cause a DoS (Denial of
Service), gain escalated privileges, or potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14713/

[SA14787] Debian update for mailreader
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-31
Debian has issued an update for mailreader. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/14787/

[SA14786] Fedora update for squid
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-3
Fedora has issued an update for squid. This fixes a security issue,
which may disclose sensitive information to malicious people.
Full Advisory:
http://secunia.com/advisories/14786/

[SA14785] Gentoo update for smarty
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-03-31
Gentoo has issued an update for smarty. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/14785/

[SA14777] Mailreader "network.cgi" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-31
Ulf Hšrnhammar has reported a vulnerability in Mailreader, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14777/

[SA14758] Red Hat update for grip
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-03-29
Red Hat has issued an update for grip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/14758/

[SA14730] Horde Page Title Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
A vulnerability has been reported in Horde, which can be exploited by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14730/

[SA14755] Red Hat update for mysql
Critical: Less critical
Where: From local network
Impact: Privilege escalation, System access
Released: 2005-03-29
Red Hat has issued an update for mysql. This fixes some
vulnerabilities, which potentially can be exploited by malicious users
to compromise a vulnerable system and by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/14755/

[SA14781] Fedora update for gdk-pixbuf
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-31
Fedora has issued an update for gdk-pixbuf. This fixes a vulnerability,
which can be exploited by malicious people to crash certain applications
on a vulnerable system.
Full Advisory:
http://secunia.com/advisories/14781/

[SA14780] Fedora update for gtk2
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-31
Fedora has issued an update for gtk2. This fixes a vulnerability, which
can be exploited by malicious people to crash certain applications on a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/14780/

[SA14776] GdkPixbuf BMP Loader Double Free Denial of Service Vulnerability
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-31
David Costanzo has reported a vulnerability in GdkPixbuf, which can be
exploited by malicious people to crash certain applications on a user's
system.
Full Advisory:
http://secunia.com/advisories/14776/

[SA14775] GTK+ BMP Loader Double Free Denial of Service Vulnerability
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2005-03-31
David Costanzo has reported a vulnerability in GTK+, which can be
exploited by malicious people to crash certain applications on a user's
system.
Full Advisory:
http://secunia.com/advisories/14775/

[SA14761] EncapsBB "root" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-03-29
Frank "brOmstar" Reissner has reported a vulnerability in EncapsBB,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14761/

[SA14723] E-Store Kit-2 PayPal Edition Cross-Site Scripting and File Inclusion
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2005-03-29
Diabolic Crab has reported two vulnerabilities in E-Store Kit-2 PayPal
Edition, which can be exploited by malicious people to conduct
cross-site scripting attacks and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/14723/

[SA14770] Squirrelcart PHP Shopping Cart SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-03-30
Diabolic Crab has reported two vulnerabilities in Squirrelcart PHP
Shopping Cart, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14770/

[SA14744] ACS Blog BBcode Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
Dan Crowley has reported a vulnerability in ACS Blog, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/14744/

[SA14742] PhotoPost PHP Pro Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-03-29
Diabolic Crab has reported some vulnerabilities in PhotoPost PHP Pro,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14742/

[SA14739] E-Data Personal Information Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
Donnie Werner has reported a vulnerability in E-Data, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14739/

[SA14732] Chatness "user" Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-30
3nitro has reported a vulnerability in Chatness, which can be exploited
by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/14732/

[SA14719] Valdersoft Shopping Cart Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-03-29
Diabolic Crab has reported some vulnerabilities in Valdersoft Shopping
Cart, which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14719/

[SA14716] WebAPP Unspecified File Content Disclosure Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-03-29
A vulnerability has been reported in WebAPP, which can be exploited by
malicious people to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/14716/

[SA14715] PHP-Nuke Nuke Bookmarks Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-03-28
Gerardo 'Astharot' Di Giacomo has reported some vulnerabilities in the
Nuke Bookmarks module for PHP-Nuke, which can be exploited by malicious
people to conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/14715/

[SA14764] Tkai's Shoutbox "query" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
CorryL has reported a vulnerability in Tkai's Shoutbox, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14764/

[SA14748] CPG Dragonfly CMS Two Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
mircia has reported two vulnerabilities in CPG Dragonfly CMS, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/14748/

[SA14729] Smarty "regex_replace" Modifier Template Security Bypass
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-03-29
A vulnerability has been reported in Smarty, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/14729/

[SA14720] WackoWiki Multiple Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-03-29
Multiple vulnerabilities have been reported in WackoWiki, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/14720/

Last edited by Capt_Caveman; 04-03-2005 at 11:12 PM.
 
Old 04-03-2005, 11:16 PM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Original Poster
Rep: Reputation: 69
April 1st 2005 (LAW)

Linux Advisory Watch

Distribution: Conectiva

* Conectiva: ethereal Fixes for security vulnerabilities in ethereal
28th, March, 2005
Ethereal[1] is a powerful network traffic analyzer with a graphical
user interface (GUI).
http://www.linuxsecurity.com/content/view/118712

* Conectiva: kernel Kernel fixes
31st, March, 2005
The Linux kernel is responsible for handling the basic functions of
the GNU/Linux operating system.
http://www.linuxsecurity.com/content/view/118764

Distribution: Debian

* Debian: New netkit-telnet packages fix arbitrary code execution
29th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118726

* Debian: New mc packages fix buffer overflow
29th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118728

* Debian: New netkit-telnet-ssl packages fix arbitrary code execution
29th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118729

* Debian: New mailreader packages fix cross-site scripting vulnerability
30th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118746

* Debian: New samba packages fix arbitrary code execution
31st, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118763

Distribution: Fedora

* Fedora Core 2 Update: mozilla-1.7.6-1.2.2
25th, March, 2005
A buffer overflow bug was found in the way Mozilla processes GIF
images. It is possible for an attacker to create a specially crafted
GIF image, which when viewed by a victim will execute arbitrary code
as the victim.
http://www.linuxsecurity.com/content/view/118704

* Fedora Core 3 Update: lsof-4.72-2.2
24th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118697

* Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.90
24th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118698

* Fedora Core 3 Update: thunderbird-1.0.2-1.3.2
24th, March, 2005
There was an issue with a patch being incorrectly applied which
caused the Advanced Preferences panel to fail to load.
http://www.linuxsecurity.com/content/view/118699

* Fedora Core 2 Update: epiphany-1.2.10-0.2.1
25th, March, 2005
There were several security flaws found in the mozilla package, which
epiphany depends on. Users of epiphany are advised to upgrade to this
updated package which has been rebuilt against a later version of
mozilla which is not vulnerable to these flaws.
http://www.linuxsecurity.com/content/view/118705

* Fedora Core 2 Update: devhelp-0.9.1-0.2.5
25th, March, 2005
There were several security flaws found in the mozilla package, which
devhelp depends on. Users of devhelp are advised to upgrade to this
updated package which has been rebuilt against a later version of
mozilla which is not vulnerable to these flaws.
http://www.linuxsecurity.com/content/view/118706

* Fedora Core 2 Update: kernel-2.6.10-1.771_FC2
28th, March, 2005
Updated Package.
http://www.linuxsecurity.com/content/view/118717

* Fedora Core 3 Update: squirrelmail-1.4.4-1.FC3
28th, March, 2005
Multiple issues in squirrelmail (CAN-2005-0104)
Upgrade to 1.4.4
http://www.linuxsecurity.com/content/view/118719

* Fedora Core 2 Update: squirrelmail-1.4.4-1.FC2
28th, March, 2005
Multiple issues in squirrelmail (CAN-2005-0104)
Upgrade to 1.4.4
http://www.linuxsecurity.com/content/view/118720

* Fedora Core 3 Update: spamassassin-3.0.2-0.fc3
28th, March, 2005
http://wiki.apache.org/spamassassin/changes302
Upstream bug fixes.
http://www.linuxsecurity.com/content/view/118721

* Fedora Core 2 Update: mozilla-1.7.6-1.2.5
29th, March, 2005
This update supercedes the previous 1.7.6-1.2.2
which mistakenly had dependencies on FC3.
http://www.linuxsecurity.com/content/view/118731

* Fedora Core 2 Update: sylpheed-1.0.4-0.fc2
29th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118732

* Fedora Core 3 Update: sylpheed-1.0.4-0.fc3
29th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118733

* Fedora Core 2 Update: krb5-1.3.6-4
29th, March, 2005
Updated krb5 packages which fix two buffer overflow vulnerabilities
in the included Kerberos-aware telnet client are now available.
http://www.linuxsecurity.com/content/view/118735

* Fedora Core 3 Update: krb5-1.3.6-5
29th, March, 2005
Updated krb5 packages which fix two buffer overflow vulnerabilities
in the included Kerberos-aware telnet client are now available.
http://www.linuxsecurity.com/content/view/118736

* Fedora Core 3 Update: xorg-x11-6.8.2-1.FC3.13
29th, March, 2005
An integer overflow flaw was found in libXpm, which is used by some
applications for loading of XPM images.
http://www.linuxsecurity.com/content/view/118739

* Fedora Core 2 Update: xorg-x11-6.7.0-14
29th, March, 2005
An integer overflow flaw was found in libXpm, which is used by some
applications for loading of XPM images. An attacker could create a
malicious XPM file that would execute arbitrary code if opened by a
victim using an application linked to the vulnerable library.
http://www.linuxsecurity.com/content/view/118740

* Fedora Core 3 Update: system-config-services-0.8.21-0.fc3.1
30th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118748

* Fedora Core 3 Update: telnet-0.17-32.FC3.2
30th, March, 2005
Two buffer overflow flaws were discovered in the way the telnet
client handles messages from a server. An attacker may be able to
execute arbitrary code on a victim's machine if the victim can be
tricked into connecting to a malicious telnet server.
http://www.linuxsecurity.com/content/view/118749

* Fedora Core 3 Update: foomatic-3.0.2-13.3
30th, March, 2005
This is an update to a newer version.
http://www.linuxsecurity.com/content/view/118750

* Fedora Core 2 Update: squid-2.5.STABLE9-1.FC2.2
30th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118751

* Fedora Core 3 Update: squid-2.5.STABLE9-1.FC3.4
30th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118752

* Fedora Core 2 Update: telnet-0.17-28.FC2.1
30th, March, 2005
Two buffer overflow flaws were discovered in the way the telnet
client handles messages from a server. An attacker may be able to
execute arbitrary code on a victim's machine if the victim can be
tricked into connecting to a malicious telnet server. The Common
Vulnerabilitiesand Exposures project (cve.mitre.org) has assigned
the names CAN-2005-0468 and CAN-2005-0469 to these issues.
http://www.linuxsecurity.com/content/view/118753

* Fedora Core 2 Update: ImageMagick-6.2.0.7-2.fc2
30th, March, 2005
Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully
crafted Photoshop Document (PSD) image in such a way that it would
cause ImageMagick to execute arbitrary code when processing the image.
http://www.linuxsecurity.com/content/view/118754

* Fedora Core 3 Update: ImageMagick-6.2.0.7-2.fc3
30th, March, 2005
Andrei Nigmatulin discovered a heap based buffer overflow flaw in the
ImageMagick image handler. An attacker could create a carefully
crafted Photoshop Document (PSD) image in such a way that it would
cause ImageMagick to execute arbitrary code when processing the image.
http://www.linuxsecurity.com/content/view/118755

* Fedora Core 2 Update: gdk-pixbuf-0.22.0-12.fc2
30th, March, 2005
David Costanzo found a bug in the way gdk-pixbuf processes BMP
images. It is possible that a specially crafted BMP image could
cause a denial of service attack in applications linked against
gdk-pixbuf. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0891 to this issue.
http://www.linuxsecurity.com/content/view/118756

* Fedora Core 3 Update: gdk-pixbuf-0.22.0-16.fc3
30th, March, 2005
David Costanzo found a bug in the way gdk-pixbuf processes BMP
images. It is possible that a specially crafted BMP image could cause
a denial of service attack in applications linked against gdk-pixbuf.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-0891 to this issue.
http://www.linuxsecurity.com/content/view/118757

* Fedora Core 2 Update: gtk2-2.4.14-2.fc2
30th, March, 2005
David Costanzo found a bug in the way GTK+ processes BMP images.
It is possible that a specially crafted BMP image could cause a
denial of service attack in applications linked against GTK+.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0891 to this issue.
http://www.linuxsecurity.com/content/view/118758

* Fedora Core 3 Update: gtk2-2.4.14-3.fc3
30th, March, 2005
David Costanzo found a bug in the way GTK+ processes BMP images.
It is possible that a specially crafted BMP image could cause a
denial of service attack in applications linked against GTK+.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0891 to this issue.
http://www.linuxsecurity.com/content/view/118759

* Fedora Core 3 Update: initscripts-7.93.7-1
30th, March, 2005
This update fixes various bugs, including several IPSEC bugs.
http://www.linuxsecurity.com/content/view/118761

* Fedora Core 3 Update: selinux-policy-targeted-1.17.30-2.93
30th, March, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118762

Distribution: Gentoo

* Gentoo: mpg321 Format string vulnerability
28th, March, 2005
A flaw in the processing of ID3 tags in mpg321 could potentially lead
to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118711

Distribution: Mandrake

* Mandrake: Updated krb5 packages fix
29th, March, 2005
Two buffer overflow issues were discovered in the way telnet clients
handle messages from a server. Because of these issues, an attacker
may be able to execute arbitray code on the victim's machine if the
victim can be tricked into connecting to a malicious telnet server.
The Kerberos package contains a telnet client and is patched to deal
with these issues.
http://www.linuxsecurity.com/content/view/118743

* Mandrake: Updated ipsec-tools packages
31st, March, 2005
A bug was discovered in the way that the racoon daemon handled
incoming ISAKMP requests. It is possible that an attacker could
crash the racoon daemon by sending a specially crafted ISAKMP
packet. The updated packages have been patched to correct these
issues.
http://www.linuxsecurity.com/content/view/118767

* Mandrake: Updated libexif packages fix
31st, March, 2005
A buffer overflow was discovered in the way libexif parses EXIF tags.
An attacker could exploit this by creating a special EXIF image file
which could cause image viewers linked against libexif to crash.
The updated packages have been patched to correct these issues.
http://www.linuxsecurity.com/content/view/118768

* Mandrake: Updated htdig packages fix
31st, March, 2005
A cross-site scripting vulnerability in ht://dig was discovered by
Michael Krax. The updated packages have been patched to correct this
issue.
http://www.linuxsecurity.com/content/view/118769

Distribution: Red Hat

* RedHat: Moderate: grip security update
28th, March, 2005
A new grip package is available that fixes a remote buffer overflow.
This update has been rated as having moderate security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118714

* RedHat: Important: telnet security update
28th, March, 2005
Updated telnet packages that fix two buffer overflow vulnerabilities
are now available. This update has been rated as having important
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118715

* RedHat: Important: mysql security update
28th, March, 2005
Updated mysql packages that fix several vulnerabilities are now
available. This update has been rated as having important security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118716

* RedHat: Important: krb5 security update
30th, March, 2005
Updated krb5 packages which fix two buffer overflow vulnerabilities
in the included Kerberos-aware telnet client are now available.
This update has been rated as having important security impact by
the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118744

* RedHat: Moderate: XFree86 security update
30th, March, 2005
Updated XFree86 packages that fix a libXpm integer overflow flaw are
now available. This update has been rated as having moderate security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118745

Distribution: SuSE

* SuSE: several kernel security problems
24th, March, 2005
The Linux kernel is the core component of the Linux system.
Several vulnerabilities were reported in the last few weeks which is
fixed by this update.
http://www.linuxsecurity.com/content/view/118695

* SuSE: MySQL vulnerabilities
24th, March, 2005
MySQL is an Open Source database server, commonly used together with
web services provided by PHP scripts or similar.
http://www.linuxsecurity.com/content/view/118696

* SuSE: ipsec-tools remote denial of service
31st, March, 2005
Racoon is a ISAKMP key management daemon used in IPsec setups.
http://www.linuxsecurity.com/content/view/118765
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LQ Security Report Oct 2005 unSpawn Linux - Security 5 11-09-2005 03:16 PM
LQ Security Report - May 8th 2005 Capt_Caveman Linux - Security 3 05-08-2005 10:08 PM
LQ Security Report - April 18th 2005 Capt_Caveman Linux - Security 4 04-18-2005 11:10 PM
LQ Security Report - April 10th 2005 Capt_Caveman Linux - Security 2 04-10-2005 08:00 PM
LQ security report - April 16th 2004 Capt_Caveman Linux - Security 3 04-17-2004 11:09 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration