ht/dig, opera, vmware, lighttpd, kstars, midnight commander, drakextools, cpio,
enscript, mysql, rwho, kdelibs, xpdf, libtiff, vim, ethereal, thunderbird, and
squid. The vendors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red
Hat, and SuSE.
| |
Contectiva |
| |
Conectiva: XFree86 Fixes for overflows
in libXpm |
| |
14th, February, 2005
Updated XFree86
http://www.linuxsecurity.com/content/view/118286 |
| |
| |
Conectiva: evolution Fix for Evolution
vulnerability |
| |
16th, February, 2005
Max Vozeler discovered an integer overflow[2] in the helper
application camel-lock-helper. A local attacker can cause the helper to
execute arbitrary code only with the current user privileges privileges
via a malicious POP server becose it is not setuid root neither setgid
mail.
http://www.linuxsecurity.com/content/view/118351 |
| |
| |
Debian |
| |
Debian: New evolution packages fix arbitrary
code execution as root |
| |
10th, February, 2005
Max Vozeler discovered an integer overflow in a helper application
inside of Evolution, a free grouware suite. A local attacker could cause
the setuid root helper to execute arbitrary code with elevated privileges.
http://www.linuxsecurity.com/content/view/118234 |
| |
| |
Debian: New mailman packages fix several
vulnerabilities |
| |
10th, February, 2005
Updated
http://www.linuxsecurity.com/content/view/118235 |
| |
| |
Debian: New hztty packages fix local
utmp exploit |
| |
10th, February, 2005
Updated package
http://www.linuxsecurity.com/content/view/118245 |
| |
| |
Debian: New mailman packages really fix
several vulnerabilities |
| |
11th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118261 |
| |
| |
Debian: New xpcd packages fix arbitrary
code execution as root |
| |
11th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118262 |
| |
| |
Debian: New sympa packages fix potential
arbitrary code execution |
| |
11th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118263 |
| |
| |
Debian: New netkit-rwho packages fix
denial of service |
| |
11th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118266 |
| |
| |
Debian: New toolchain-source package
fixes insecure temporary files |
| |
14th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118280 |
| |
| |
Debian: New htdig packages fix cross-site
scripting vulnerability |
| |
14th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118285 |
| |
| |
Debian: New synaesthesia packages fix
unauthorised file access |
| |
14th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118294 |
| |
| |
Debian: New awstats packages fix arbitrary
command execution |
| |
15th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118302 |
| |
| |
Debian: New postgresql packages fix arbitrary
code execution |
| |
15th, February, 2005
Updated package
http://www.linuxsecurity.com/content/view/118333 |
| |
| |
Debian: New typespeed packages fix arbitrary
group games code execution |
| |
16th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118345 |
| |
| |
Debian: New emacs21 packages fix arbitrary
code execution |
| |
17th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118356 |
| |
| |
Debian: New gftp packages fix directory
traversal vulnerability |
| |
17th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118362 |
| |
| |
Fedora |
| |
Fedora Core 3 Update: mailman-2.1.5-30.fc3 |
| |
10th, February, 2005
There is a critical security flaw in Mailman 2.1.5 which will
allow attackers to read arbitrary files.
http://www.linuxsecurity.com/content/view/118243 |
| |
| |
Fedora Core 2 Update: mailman-2.1.5-8.fc2 |
| |
10th, February, 2005
There is a critical security flaw in Mailman 2.1.5 which will
allow attackers to read arbitrary files.
http://www.linuxsecurity.com/content/view/118244 |
| |
| |
Fedora Core 2 Update: mod_python-3.1.3-1.fc2.2 |
| |
10th, February, 2005
Graham Dumpleton discovered a flaw affecting the publisher handler
of mod_python, used to make objects inside modules callable via URL.
http://www.linuxsecurity.com/content/view/118252 |
| |
| |
Fedora Core 3 Update: mod_python-3.1.3-5.2 |
| |
10th, February, 2005
Graham Dumpleton discovered a flaw affecting the publisher handler
of mod_python, used to make objects inside modules callable via URL.
http://www.linuxsecurity.com/content/view/118253 |
| |
| |
Fedora Core 3 Update: openoffice.org-1.1.3-5.5.0.fc3 |
| |
11th, February, 2005
Several bugs fixed.
http://www.linuxsecurity.com/content/view/118273 |
| |
| |
Fedora Core 2 Update: xemacs-21.4.17-0.FC2 |
| |
15th, February, 2005
Update to 21.4.17 stable release, which also fixes the CAN-2005-0100
movemail string format vulnerability.
http://www.linuxsecurity.com/content/view/118300 |
| |
| |
Fedora Core 3 Update: xemacs-21.4.17-0.FC3 |
| |
15th, February, 2005
Update to 21.4.17 stable release, which also fixes the CAN-2005-0100
movemail string format vulnerability and the AltGr issue for European
input.
http://www.linuxsecurity.com/content/view/118301 |
| |
| |
Fedora Core 2 Update: kernel-2.6.10-1.14_FC2 |
| |
15th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118339 |
| |
| |
Fedora Core 3 Update: kernel-2.6.10-1.766_FC3 |
| |
15th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118340 |
| |
| |
Fedora Core 3 Update: kdeedu-3.3.1-2.3 |
| |
17th, February, 2005
Updated package.
http://www.linuxsecurity.com/content/view/118361 |
| |
| |
Gentoo |
| |
Gentoo: Python Arbitrary code execution
through SimpleXMLRPCServer |
| |
10th, February, 2005
Python-based XML-RPC servers may be vulnerable to remote execution
of arbitrary code.
http://www.linuxsecurity.com/content/view/118240 |
| |
| |
Gentoo: Mailman Directory traversal vulnerability |
| |
10th, February, 2005
Mailman fails to properly sanitize input, leading to information
disclosure.
http://www.linuxsecurity.com/content/view/118242 |
| |
| |
Gentoo: Gallery Cross-site scripting
vulnerability |
| |
10th, February, 2005
The cross-site scripting vulnerability that Gallery 1.4.4-pl5
was intended to fix, did not actually resolve the issue. The Gallery Development
Team have released version 1.4.4-pl6 to properly solve this problem.
http://www.linuxsecurity.com/content/view/118251 |
| |
| |
Gentoo: Webmin Information leak in Gentoo
binary package |
| |
11th, February, 2005
Portage-built Webmin binary packages accidentally include a
file containing the local encrypted root password.
http://www.linuxsecurity.com/content/view/118271 |
| |
| |
Gentoo: Perl Vulnerabilities in perl-suid
wrapper |
| |
11th, February, 2005
Vulnerabilities leading to file overwriting and code execution
with elevated privileges have been discovered in the perl-suid wrapper.
http://www.linuxsecurity.com/content/view/118272 |
| |
| |
Gentoo: mod_python Publisher Handler
vulnerability |
| |
13th, February, 2005
mod_python contains a vulnerability in the Publisher Handler
potentially leading to information disclosure.
http://www.linuxsecurity.com/content/view/118275 |
| |
| |
Gentoo: PowerDNS Denial of Service vulnerability |
| |
13th, February, 2005
A vulnerability in PowerDNS could lead to a temporary Denial
of Service.
http://www.linuxsecurity.com/content/view/118276 |
| |
| |
Gentoo: ht//Dig: Cross-site scripting
vulnerability |
| |
13th, February, 2005
Dig is vulnerable to cross-site scripting attacks.
http://www.linuxsecurity.com/content/view/118277 |
| |
| |
Gentoo: Opera Multiple vulnerabilities |
| |
14th, February, 2005
Opera is vulnerable to several vulnerabilities which could result
in information disclosure and facilitate execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118295 |
| |
| |
Gentoo: VMware Workstation Untrusted
library search path |
| |
14th, February, 2005
VMware may load shared libraries from an untrusted, world-writable
directory, resulting in the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118296 |
| |
| |
Gentoo: AWStats Remote code execution |
| |
14th, February, 2005
Version 6.3 of AWStats only partially fixed the input validation
flaws.
http://www.linuxsecurity.com/content/view/118297 |
| |
| |
Gentoo: PostgreSQL Buffer overflows in
PL/PgSQL parser |
| |
14th, February, 2005
PostgreSQL is vulnerable to several buffer overflows in the
PL/PgSQL parser leading to execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118298 |
| |
| |
Gentoo: Emacs, XEmacs Format string vulnerabilities
in |
| |
15th, February, 2005
The movemail utility shipped with Emacs and XEmacs contains
several format string vulnerabilities, potentially leading to the execution
of arbitrary code.
http://www.linuxsecurity.com/content/view/118335 |
| |
| |
Gentoo: lighttpd Script source disclosure |
| |
15th, February, 2005
An attacker can trick lighttpd into revealing the source of
scripts that should be executed as CGI or FastCGI applications.
http://www.linuxsecurity.com/content/view/118336 |
| |
| |
Gentoo: wpa_supplicant Buffer overflow
vulnerability |
| |
16th, February, 2005
wpa_supplicant contains a buffer overflow that could lead to
a Denial of Service.
http://www.linuxsecurity.com/content/view/118353 |
| |
| |
Gentoo: KStars Buffer overflow in fliccd |
| |
16th, February, 2005
KStars is vulnerable to a buffer overflow that could lead to
arbitrary code execution with elevated privileges.
http://www.linuxsecurity.com/content/view/118354 |
| |
| |
Gentoo: Midnight Commander Multiple vulnerabilities |
| |
17th, February, 2005
Midnight Commander contains several format string errors, buffer
overflows and one buffer underflow leading to execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118363 |
| |
| |
Mandrake |
| |
Mandrake: Updated drakxtools package |
| |
10th, February, 2005
Several new bugs have been identified and corrected in the draktools
package.
http://www.linuxsecurity.com/content/view/118255 |
| |
| |
Mandrake: Updated cpio packages fix |
| |
10th, February, 2005
A vulnerability in cpio was discovered where cpio would create
world- writeable files when used in -o/–create mode and giving an output
file (with -O). This would allow any user to modify the created cpio archive.
The updated packages have been patched so that cpio now respects the current
umask setting of the user.
http://www.linuxsecurity.com/content/view/118256 |
| |
| |
Mandrake: Updated enscript packages |
| |
10th, February, 2005
A vulnerability in the enscript program’s handling of the epsf
command used to insert inline EPS file into a document was found.
http://www.linuxsecurity.com/content/view/118257 |
| |
| |
Mandrake: Updated squid packages fix |
| |
10th, February, 2005
More vulnerabilities were discovered in the squid server: The
LDAP handling of search filters was inadequate which could be abused to
allow logins using severial variants of a single login name, possibly
bypassing explicit access controls (CAN-2005-0173).
http://www.linuxsecurity.com/content/view/118258 |
| |
| |
Mandrake: Updated python packages fix |
| |
10th, February, 2005
A flaw in the python language was found by the development team.
http://www.linuxsecurity.com/content/view/118259 |
| |
| |
Mandrake: Updated MySQL packages fix |
| |
10th, February, 2005
A temporary file vulnerability in the mysqlaccess script in
MySQL was discovered by Javier Fernandez-Sanguino Pena. This flaw could
allow an unprivileged user to let root overwrite arbitrary files via a
symlink attack.
http://www.linuxsecurity.com/content/view/118260 |
| |
| |
Mandrake: Updated cpio packages fix |
| |
11th, February, 2005
A vulnerability in cpio was discovered where cpio would create
world- writeable files when used in -o/–create mode and giving an output
file (with -O). This would allow any user to modify the created cpio archive.
The updated packages have been patched so that cpio now respects the current
umask setting of the user.
http://www.linuxsecurity.com/content/view/118274 |
| |
| |
Mandrake: Updated mailman packages fix |
| |
14th, February, 2005
A vulnerability was discovered in Mailman, which allows a remote
directory traversal exploit using URLs of the form “…/….///” to access
private Mailman configuration data. The vulnerability lies in the Mailman/Cgi/private.py
file. Updated packages correct this issue.
http://www.linuxsecurity.com/content/view/118299 |
| |
| |
Mandrake: Updated emacs/xemacs |
| |
15th, February, 2005
Max Vozeler discovered several format string vulnerabilities
in the movemail utility in Emacs. If a user connects to a malicious POP
server, an attacker can execute arbitrary code as the user running emacs.
The updated packages have been patched to correct the problem.
http://www.linuxsecurity.com/content/view/118338 |
| |
| |
Mandrake: Updated rwho packages fix |
| |
16th, February, 2005
A vulnerability in rwhod was discovered by “Vlad902” that can
be abused to crash the listening process (the broadcasting process is
not affected). This vulnerability only affects little endian architectures.
The updated packages have been patched to correct the problem.
http://www.linuxsecurity.com/content/view/118355 |
| |
| |
Red
Hat |
| |
RedHat: Updated mailman packages fix
security |
| |
10th, February, 2005
Updated mailman packages that correct a mailman security issue
are now available.
http://www.linuxsecurity.com/content/view/118239 |
| |
| |
RedHat: Updated kdelibs and kdebase packages
correct |
| |
10th, February, 2005
Updated kdelib and kdebase packages that resolve several security
issues are now available.
http://www.linuxsecurity.com/content/view/118246 |
| |
| |
RedHat: Updated mod_python package fixes
security issue |
| |
10th, February, 2005
An Updated mod_python package that fixes a security issue in
the publisher handler is now available.
http://www.linuxsecurity.com/content/view/118247 |
| |
| |
RedHat: Updated emacs packages fix security
issue |
| |
10th, February, 2005
Updated Emacs packages that fix a string format issue are now
available.
http://www.linuxsecurity.com/content/view/118248 |
| |
| |
RedHat: Updated xemacs packages fix security
issue |
| |
10th, February, 2005
Updated XEmacs packages that fix a string format issue are now
available.
http://www.linuxsecurity.com/content/view/118249 |
| |
| |
RedHat: Updated Squirrelmail package
fixes security |
| |
10th, February, 2005
An updated Squirrelmail package that fixes several security
issues is now available for Red Hat Enterprise Linux 3.
http://www.linuxsecurity.com/content/view/118250 |
| |
| |
RedHat: Updated Squid package fixes security
issues |
| |
11th, February, 2005
An updated Squid package that fixes several security issues
is now available.
http://www.linuxsecurity.com/content/view/118264 |
| |
| |
RedHat: Moderate: exim security update |
| |
15th, February, 2005
Updated exim packages that resolve security issues are now available
for Red Hat Enterprise Linux 4. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118306 |
| |
| |
RedHat: Important: php security update |
| |
15th, February, 2005
Updated php packages that fix various security issues are now
available for Red Hat Enterprise Linux 4. This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118307 |
| |
| |
RedHat: Important: alsa-lib security
update |
| |
15th, February, 2005
An updated alsa-lib package that fixes a flaw that disabled
stack execution protection is now available for Red Hat Enterprise Linux
4. This update has been rated as having important security impact by the
Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118308 |
| |
| |
RedHat: Important: xpdf security update |
| |
15th, February, 2005
An updated xpdf package that fixes several security issues is
now available. This update has been rated as having important security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118309 |
| |
| |
RedHat: Important: libtiff security update |
| |
15th, February, 2005
Updated libtiff packages that fix various integer overflows
are now available for Red Hat Enterprise Linux 4. This update has been
rated as having important security impact by the Red Hat Security Response
Team
http://www.linuxsecurity.com/content/view/118310 |
| |
| |
RedHat: Low: vim security update |
| |
15th, February, 2005
Updated vim packages that fix security vulnerabilities are now
available for Red Hat Enterprise Linux 4. This update has been rated as
having low security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118311 |
| |
| |
RedHat: Moderate: ethereal security update |
| |
15th, February, 2005
Updated Ethereal packages that fix various security vulnerabilities
are now available for Red Hat Enterprise Linux 4. This update has been
rated as having moderate security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/118312 |
| |
| |
RedHat: Low: enscript security update |
| |
15th, February, 2005
An updated enscript package that fixes several security issues
is now available for Red Hat Enterprise Linux 4. This update has been
rated as having low security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118313 |
| |
| |
RedHat: Moderate: krb5 security update |
| |
15th, February, 2005
Updated Kerberos (krb5) packages that correct a buffer overflow
bug are now available for Red Hat Enterprise Linux 4. This update has
been rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/118314 |
| |
| |
RedHat: Important: CUPS security update |
| |
15th, February, 2005
Updated CUPS packages that fix several security issues are now
available. This update has been rated as having important security impact
by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118315 |
| |
| |
RedHat: Important: gpdf security update |
| |
15th, February, 2005
An updated gpdf package that fixes two security issues is now
available. This update has been rated as having important security impact
by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118316 |
| |
| |
RedHat: Important: squid security update |
| |
15th, February, 2005
An updated Squid package that fixes several security issues
is now available. This update has been rated as having important security
impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118317 |
| |
| |
RedHat: Important: kdelibs security update |
| |
15th, February, 2005
Updated kdelibs packages that resolve security issues in Konqueror
are now available for Red Hat Enterprise Linux 4. This update has been
rated as having important security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/118318 |
| |
| |
RedHat: Important: kdegraphics security
update |
| |
15th, February, 2005
Updated kdegraphics packages that resolve security issues in
kpdf are now available. This update has been rated as having important
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118319 |
| |
| |
RedHat: Moderate: ImageMagick security
update |
| |
15th, February, 2005
Updated ImageMagick packages that fix a security flaw are now
available for Red Hat Enterprise Linux 4. This update has been rated as
having moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118320 |
| |
| |
RedHat: Low: perl-DBI security update |
| |
15th, February, 2005
An updated perl-DBI package that fixes a temporary file flaw
in DBI::ProxyServer is now available for Red Hat Enterprise Linux 4. This
update has been rated as having low security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/118321 |
| |
| |
RedHat: Low: cpio security update |
| |
15th, February, 2005
An updated cpio package that fixes a umask bug is now available
for Red Hat Enterprise Linux 4. This update has been rated as having low
security impact by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/118322 |
| |
| |
RedHat: Moderate: htdig security update |
| |
15th, February, 2005
Updated htdig packages that fix a security flaw are now available
for Red Hat Enterprise Linux 4. This update has been rated as having moderate
security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118323 |
| |
| |
RedHat: Moderate: thunderbird security
update |
| |
15th, February, 2005
An updated Thunderbird package that fixes a security issue is
now available for Red Hat Enterprise Linux 4. This update has been rated
as having moderate security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118324 |
| |
| |
RedHat: Moderate: squirrelmail security
update |
| |
15th, February, 2005
An updated Squirrelmail package that fixes several security
issues is now available for Red Hat Enterprise Linux 4. This update has
been rated as having moderate security impact by the Red Hat Security
Response Team.
http://www.linuxsecurity.com/content/view/118325 |
| |
| |
RedHat: Moderate: mod_python security
update |
| |
15th, February, 2005
An updated mod_python package that fixes a security issue in
the publisher handle is now available for Red Hat Enterprise Linux 4.
This update has been rated as having moderate security impact by the Red
Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118326 |
| |
| |
RedHat: Important: perl security update |
| |
15th, February, 2005
Updated Perl packages that fix several security issues are now
available for Red Hat Enterprise Linux 4. This update has been rated as
having important security impact by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/118327 |
| |
| |
RedHat: Important: python security update |
| |
15th, February, 2005
Updated Python packages that fix several security issues are
now available for Red Hat Enterprise Linux 4. This update has been rated
as having important security impact by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/118328 |
| |
| |
RedHat: Important: emacs security update |
| |
15th, February, 2005
Updated Emacs packages that fix a string format issue are now
available for Red Hat Enterprise Linux 4. This update has been rated as
having important security impact by the Red Hat Security Response Team
http://www.linuxsecurity.com/content/view/118329 |
| |
| |
RedHat: Important: xemacs security update |
| |
15th, February, 2005
Updated XEmacs packages that fix a string format issue are now
available for Red Hat Enterprise Linux 4. This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118330 |
| |
| |
RedHat: Important: mailman security update |
| |
15th, February, 2005
Updated mailman packages to correct a security issue are now
available for Red Hat Enterprise Linux 4. This update has been rated as
having important security impact by the Red Hat Security Response Team.
http://www.linuxsecurity.com/content/view/118331 |
| |
| |
RedHat: Important: postgresql security
update |
| |
15th, February, 2005
Updated postresql packages that correct various security issues
are now available for Red Hat Enterprise Linux 4. This update has been
rated as having important security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/118332 |
| |
| |
RedHat: Important: postgresql security
update |
| |
16th, February, 2005
Updated PostgreSQL packages to fix various security flaws are
now available for Red Hat Enterprise Linux 2.1AS. This update has been
rated as having important security impact by the Red Hat Security Response
Team.
http://www.linuxsecurity.com/content/view/118352 |
| |
| |
SuSE |
| |
SuSE: squid (SUSE-SA:2005:006) |
| |
10th, February, 2005
The last two squid updates from February the 1st and 10th fix
several vulnerabilities. The impact of them range from remote denial-of-service
over cache poisoning to possible remote command execution.
http://www.linuxsecurity.com/content/view/118241 |
| |
| |
SuSE: mailman remote file disclosure |
| |
14th, February, 2005
Due to incomplete input validation the “private” CGI script
which handles archive retrieval could be used to read any file on the
system, including the configuration database of the mailman lists which
include passwords in plain text. A remote attacker just needs a valid
account on one mailing list managed by this mailman instance.
http://www.linuxsecurity.com/content/view/118279 |
| |
