This week, articles were released for libtiff, ethereal, xpdf, squid, xtrlock, sword, unarj, enscript, zhcon, vdr, xine-lib, libpam-radius,
kdebase, f2c, cups, alsa-lib, grep, kernel-utils, hal, im-sdk, gphoto, apr, tetex, koffice, kdegraphics, kdelibs, gaim, procps, mailman,
mysql, awstats, less, kernel, and xpdf. The distributors include Conectiva, Debian, Fedora, Gentoo, Mandrake, Red Hat, SuSE, and TurboLinux.
To be honest, this was one of the best books that I’ve read on network security.
Others books often dive so deeply into technical discussions, they fail to provide
any relevance to network engineers/administrators working in a corporate environment.
Budgets, deadlines, and flexibility are issues that we must all address. The
Tao of Network Security Monitoring is presented in such a way that all of these
are still relevant. One of the greatest virtues of this book is that is offers
real-life technical examples, while backing them up with relevant case studies.
Network security engineers, system administrations, and security management
will find value in this book. It is a must-read for anyone interested in getting
into the field, but would still be useful as a reference for the experienced
expert.
|
Contectiva |
|
Conectiva: libtiff3 Fixes for libtiff
vulnerabilities |
|
20th, January, 2005
This announcement fixes several integer overflow vulnerabilities[3,4]
that were encountered in libtiff by iDefense which could lead to remote
arbitrary code execution.
http://www.linuxsecurity.com/content/view/117982
|
|
|
Conectiva: ethereal Fixes for security
vulnerabilities in ethereal |
|
24th, January, 2005
This update fixes several vulnerabilities[2,3,4] in ethereal: CAN-2004-0633[5]:
The iSNS dissector for ethereal 0.10.3 through 0.10.4 allows remote
attackers to cause a denial of service (process abort) via an integer
overflow.
http://www.linuxsecurity.com/content/view/118030
|
|
|
Conectiva: Fixes for xpdf vulnerabilities |
|
25th, January, 2005
iDefense noticed two issuesin the xpdf code where two buffer overflows
could lead to remote code execution vulnerabilities.
http://www.linuxsecurity.com/content/view/118050
|
|
|
Conectiva: Fixes for squid vulnerabilities |
|
26th, January, 2005
This update fixes several vulnerabilities in the squid web proxy cache.
http://www.linuxsecurity.com/content/view/118068
|
|
|
Debian |
|
Debian: New xtrlock packages fix authentication
bypass |
|
20th, January, 2005
A buffer overflow has been discovered in xtrlock, a minimal X display
lock program which can be exploited by a malicious local attacker to
crash the lock program and take over the desktop session.
http://www.linuxsecurity.com/content/view/117981
|
|
|
Debian: New sword packages fix arbitrary
command execution |
|
20th, January, 2005
Ulf Hþrnhammar discovered that due to missing input sanitising
in diatheke, a CGI script for making and browsing a bible website, it
is possible to execute arbitrary commands via a specially crafted URL.
http://www.linuxsecurity.com/content/view/117990 |
|
|
Debian: New squid packages fix denial
of service |
|
20th, January, 2005
Several vulnerabilities have been discovered in Squid, the internet
object cache, the popular WWW proxy cache.
http://www.linuxsecurity.com/content/view/117991 |
|
|
Debian: New unarj packages fix several
vulnerabilities |
|
21st, January, 2005
Several vulnerabilities have been discovered in unarj, a non-free
ARJ unarchive utility.
http://www.linuxsecurity.com/content/view/118007 |
|
|
Debian: New ethereal packages fix buffer
overflow |
|
21st, January, 2005
A buffer overflow has been detected in the X11 dissector of
ethereal, a commonly used network traffic analyser. A remote attacker
may be able to overflow a buffer using a specially crafted IP packet.
http://www.linuxsecurity.com/content/view/118008 |
|
|
Debian: New enscript packages fix several
vulnerabilities |
|
21st, January, 2005
Erik Sjšlund has discovered several security relevant problems
in enscript, a program to convert ASCII text into Postscript and other
formats.
http://www.linuxsecurity.com/content/view/118009 |
|
|
Debian: New zhcon packages fix unauthorised
file access |
|
25th, January, 2005
Erik Sjšlund discovered that zhcon, a fast console CJK system
using the Linux framebuffer, accesses a user-controlled configuration
file with elevated privileges. Thus, it is possible to read arbitrary
files.
http://www.linuxsecurity.com/content/view/118039 |
|
|
Debian: New vdr packages fix insecure
file access |
|
25th, January, 2005
Javier Fern‡ndez-Sanguino Pe–a from the Debian Security Audit
Team has discovered that the vdr daemon which is used for video disk recorders
for DVB cards can overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/118040 |
|
|
Debian: New xine-lib packages fix arbitrary
code execution |
|
25th, January, 2005
A heap overflow has been discovered in the DVD subpicture decoder
of xine-lib. An attacker could cause arbitrary code to be executed on
the victims host by supplying a malicious MPEG. By tricking users to view
a malicious network stream, this is remotely exploitable.
http://www.linuxsecurity.com/content/view/118049 |
|
|
Debian: New libdbi-perl packages fix
insecure temporary file |
|
25th, January, 2005
Javier Fern‡ndez-Sanguino Pe–a from the Debian Security Audit
Project discovered that the DBI library, the Perl5 database interface,
creates a tmporary PID file in an insecure manner. This can be exploited
by a malicious user to overwrite arbitrary files owned by the person executing
the parts of the library.
http://www.linuxsecurity.com/content/view/118051 |
|
|
Debian: New libpam-radius-auth packages
fix several vulnerabilities |
|
26th, January, 2005
Two problems have been discovered in the libpam-radius-auth
package, the PAM RADIUS authentication module. The Common Vulnerabilities
and Exposures Project identifies the following problems…
http://www.linuxsecurity.com/content/view/118067 |
|
|
Debian: New kdebase packages fix authentication
bypass |
|
26th, January, 2005
Rapha‘l Enrici discovered that the KDE screensaver can crash
under certain local circumstances. This can be exploited by an attacker
with physical access to the workstation to take over the desktop session.
http://www.linuxsecurity.com/content/view/118073 |
|
|
Debian: New f2c packages fix insecure
temporary files |
|
27th, January, 2005
Javier Fern‡ndez-Sanguino Pe–a from the Debian Security Audit
project discovered that f2c and fc, which are both part of the f2c package,
a fortran 77 to C/C++ translator, open temporary files insecurely and
are hence vulnerable to a symlink attack.
http://www.linuxsecurity.com/content/view/118091 |
|
|
Fedora |
|
Fedora Core 2 Update: cups-1.1.20-11.10 |
|
20th, January, 2005
This package fixes a buffer overflow which may possibly allow
attackers to execute arbitrary code as the “lp” user. The Common Vulnerabilities
and Exposures projects (cve.mitre.org) has assigned the name CAN-2005-0064
to this issue.
http://www.linuxsecurity.com/content/view/117983 |
|
|
Fedora Core 3 Update: cups-1.1.22-0.rc1.8.4 |
|
20th, January, 2005
This package fixes a buffer overflow which may possibly allow
attackers to execute arbitrary code as the “lp” user. The Common Vulnerabilities
and Exposures projects (cve.mitre.org) has assigned the name CAN-2005-0064
to this issue.
http://www.linuxsecurity.com/content/view/117984 |
|
|
Fedora Core 3 Update: alsa-lib-1.0.6-7.FC3 |
|
20th, January, 2005
A flaw in the alsa mixer code was discovered, which disabled
stack execution protection for the libasound.so library distributed with
Fedora Core 3. The effect of this flaw resulted in stack execution protection,
through NX or Exec-Shield, which was disabled for any application linked
to libasound.
http://www.linuxsecurity.com/content/view/117985 |
|
|
Fedora Core 3 Update: grep-2.5.1-31.4 |
|
20th, January, 2005
This update fixes a small regression in handling multibyte input
for “grep -Fi”, and further improves performance when processing UTF-8
input.
http://www.linuxsecurity.com/content/view/117992 |
|
|
Fedora Core 2 Update: xpdf-3.00-3.7 |
|
20th, January, 2005
Applied patch to fix CAN-2005-0064 (bug #145050)
http://www.linuxsecurity.com/content/view/117993 |
|
|
Fedora Core 3 Update: xpdf-3.00-10.2 |
|
20th, January, 2005
Applied patch to fix CAN-2005-0064 (bug #145050)
http://www.linuxsecurity.com/content/view/117994 |
|
|
Fedora Core 2 Update: kernel-utils-2.4-9.1.131_FC2 |
|
20th, January, 2005
Update microcode_ctl to 1.11 (#131885)
http://www.linuxsecurity.com/content/view/117997 |
|
|
Fedora Core 3 Update: kernel-utils-2.4-13.1.49_FC3 |
|
20th, January, 2005
Update microcode_ctl to 1.11
http://www.linuxsecurity.com/content/view/117998 |
|
|
Fedora Core 3 Update: hal-0.4.6-1.FC3 |
|
20th, January, 2005
New upstream release
http://www.linuxsecurity.com/content/view/118004 |
|
|
Fedora Core 3 Update: im-sdk-12.1-10.FC3 |
|
21st, January, 2005
This is a bugfix update.
http://www.linuxsecurity.com/content/view/118010 |
|
|
Fedora Core 3 Update: gphoto2-2.1.5-1.1 |
|
21st, January, 2005
This is a version upgrade to 2.1.5. More cameras are supported
in this version.
http://www.linuxsecurity.com/content/view/118011 |
|
|
Fedora Core 3 Update: apr-0.9.4-24.2 |
|
21st, January, 2005
This update includes a regenerated version of the bundled libtool
script, which fixes some build issues with third-party httpd modules.
http://www.linuxsecurity.com/content/view/118012 |
|
|
Fedora Core 3 Update: pam-0.77-66.2 |
|
21st, January, 2005
Fix PAM_IGNORE return value handling and correct the grubb_leak
patch to fix #143750
http://www.linuxsecurity.com/content/view/118019 |
|
|
Fedora Core 2 Update: tetex-2.0.2-14FC2.2 |
|
24th, January, 2005
Updated tetex package fixes another xpdf buffer overflow. The
Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned
the name CAN-2005-0064 to this issue.
http://www.linuxsecurity.com/content/view/118033 |
|
|
Fedora Core 3 Update: tetex-2.0.2-21.3 |
|
24th, January, 2005
Updated tetex package fixes another xpdf buffer overflow. The
Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned
the name CAN-2005-0064 to this issue.
http://www.linuxsecurity.com/content/view/118035 |
|
|
Fedora Core 3 Update: ethereal-0.10.9-1.FC3.1 |
|
25th, January, 2005
This update fixes several vulnerabilities in the ethereal package.
http://www.linuxsecurity.com/content/view/118041 |
|
|
Fedora Core 2 Update: ethereal-0.10.9-1.FC2.1 |
|
25th, January, 2005
This update fixes several vulnerabilities in the ethereal package.
http://www.linuxsecurity.com/content/view/118042 |
|
|
Fedora Core 2 Update: koffice-1.3.5-0.FC2.1 |
|
25th, January, 2005
This update fixes a buffer overflow in the koffice package.
http://www.linuxsecurity.com/content/view/118043 |
|
|
Fedora Core 3 Update: koffice-1.3.5-0.FC3.1 |
|
25th, January, 2005
This update fixes a buffer overflow in the koffice package.
http://www.linuxsecurity.com/content/view/118044 |
|
|
Fedora Core 2 Update: kdegraphics-3.2.2-1.3 |
|
25th, January, 2005
This update fixes several vulnerabilities in graphics-related
KDE packages.
http://www.linuxsecurity.com/content/view/118045 |
|
|
Fedora Core 3 Update: kdegraphics-3.3.1-2.3 |
|
25th, January, 2005
This update fixes several vulnerabilities in graphics-related
KDE packages.
http://www.linuxsecurity.com/content/view/118046 |
|
|
Fedora Core 2 Update: kdelibs-3.2.2-12.FC2 |
|
25th, January, 2005
This update fixes several vulnerabilities in KDE.
http://www.linuxsecurity.com/content/view/118047 |
|
|
Fedora Core 3 Update: kdelibs-3.3.1-2.6.FC3 |
|
25th, January, 2005
This update fixes several vulnerabilities in KDE.
http://www.linuxsecurity.com/content/view/118048 |
|
|
Fedora Core 2 Update: enscript-1.6.1-25.2 |
|
26th, January, 2005
Several security relevant problems in enscript, a program to
converts ASCII text to Postscript and other formats.
http://www.linuxsecurity.com/content/view/118075 |
|
|
Fedora Core 2 Update: gaim-1.1.2-0.FC2 |
|
26th, January, 2005
Fixes a great many bugs. Refer to the official changelog for
details.
http://www.linuxsecurity.com/content/view/118076 |
|
|
Fedora Core 3 Update: gaim-1.1.2-0.FC3 |
|
26th, January, 2005
Fixes a great many bugs. Refer to the official changelog for
details.
http://www.linuxsecurity.com/content/view/118077 |
|
|
Fedora Core 2 Update: tetex-2.0.2-14FC2.2 |
|
26th, January, 2005
Updated tetex package fixes another xpdf buffer overflow. The
Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned
the name CAN-2005-0064 to this issue.
http://www.linuxsecurity.com/content/view/118078 |
|
|
Fedora Core 3 Update: tetex-2.0.2-21.3 |
|
26th, January, 2005
Updated tetex package fixes another xpdf buffer overflow. The
Common Vulnerabilities and Exposures projects (cve.mitre.org) has assigned
the name CAN-2005-0064 to this issue.
http://www.linuxsecurity.com/content/view/118079 |
|
|
Fedora Core 3 Update: enscript-1.6.1-28.0.2 |
|
26th, January, 2005
Several security relevant problems in enscript, a program to
converts ASCII text to Postscript and other formats.
http://www.linuxsecurity.com/content/view/118080 |
|
|
Fedora Core 3 Update: procps-3.2.3-5.1 |
|
27th, January, 2005
The procps package contains a set of system utilities that provide
system information.
http://www.linuxsecurity.com/content/view/118093 |
|
|
Fedora Core 2 Update: procps-3.2.0-1.2 |
|
27th, January, 2005
The procps package contains a set of system utilities that provide
system information.
http://www.linuxsecurity.com/content/view/118094 |
|
|
Gentoo |
|
Gentoo: ImageMagick PSD decoding heap
overflow |
|
20th, January, 2005
ImageMagick is vulnerable to a heap overflow when decoding Photoshop
Document (PSD) files, which could lead to arbitrary code execution.
http://www.linuxsecurity.com/content/view/118003
|
|
|
Gentoo: Ethereal Multiple vulnerabilities |
|
20th, January, 2005
Multiple vulnerabilities exist in Ethereal, which may allow an attacker
to run arbitrary code, crash the program or perform DoS by CPU and disk
utilization.
http://www.linuxsecurity.com/content/view/118005
|
|
|
Gentoo: Xpdf, GPdf Stack overflow in
Decrypt::makeFileKey2 |
|
21st, January, 2005
A stack overflow was discovered in Xpdf, potentially resulting
in the execution of arbitrary code. GPdf includes Xpdf code and therefore
is vulnerable to the same issue.
http://www.linuxsecurity.com/content/view/118020 |
|
|
Gentoo: Mailman Cross-site scripting
vulnerability |
|
21st, January, 2005
Mailman is vulnerable to cross-site scripting attacks.
http://www.linuxsecurity.com/content/view/118021 |
|
|
Gentoo: CUPS Stack overflow in included
Xpdf code |
|
22nd, January, 2005
CUPS includes Xpdf code and therefore is vulnerable to the recent
stack overflow issue, potentially resulting in the remote execution of
arbitrary code.
http://www.linuxsecurity.com/content/view/118022 |
|
|
Gentoo: teTeX, pTeX, CSTeX Multiple vulnerabilities |
|
23rd, January, 2005
teTeX, pTeX and CSTeX make use of vulnerable Xpdf code which
may allow the remote execution of arbitrary code. Furthermore, the xdvizilla
script is vulnerable to temporary file handling issues.
http://www.linuxsecurity.com/content/view/118023 |
|
|
Gentoo: KPdf, KOffice Stack overflow
in included Xpdf code |
|
23rd, January, 2005
KPdf and KOffice both include vulnerable Xpdf code to handle
PDF files, making them vulnerable to the execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118024 |
|
|
Gentoo: MySQL Insecure temporary file
creation |
|
23rd, January, 2005
MySQL is vulnerable to symlink attacks, potentially allowing
a local user to overwrite arbitrary files.
http://www.linuxsecurity.com/content/view/118025 |
|
|
Gentoo: Konversation Various vulnerabilities |
|
24th, January, 2005
Konversation contains multiple vulnerabilities that could lead
to remote command execution or information leaks.
http://www.linuxsecurity.com/content/view/118027 |
|
|
Gentoo: CUPS Multiple vulnerabilities |
|
24th, January, 2005
CUPS was vulnerable to multiple vulnerabilities and as a fix
we recommended upgrading to version 1.1.23_rc1. This version is affected
by a remote Denial Of Service, so we now recommend upgrading to the final
1.1.23 release which does not have any known vulnerability.
http://www.linuxsecurity.com/content/view/118029 |
|
|
Gentoo: Evolution Integer overflow in
camel-lock-helper |
|
24th, January, 2005
An overflow in the camel-lock-helper application can be exploited
by an attacker to execute arbitrary code with elevated privileges.
http://www.linuxsecurity.com/content/view/118034 |
|
|
Gentoo: AWStats Remote code execution |
|
25th, January, 2005
AWStats fails to validate certain input, which could lead to
the remote execution of arbitrary code.
http://www.linuxsecurity.com/content/view/118053 |
|
|
Gentoo: GraphicsMagick PSD decoding heap
overflow |
|
26th, January, 2005
GraphicsMagick is vulnerable to a heap overflow when decoding
Photoshop Document (PSD) files, which could lead to arbitrary code execution.
http://www.linuxsecurity.com/content/view/118081 |
|
|
Gentoo: Perl rmtree and DBI tmpfile vulnerabilities |
|
26th, January, 2005
The Perl DBI library and File::Path::rmtree function are vulnerable
to symlink attacks.
http://www.linuxsecurity.com/content/view/118082 |
|
|
Mandrake |
|
Mandrake: Updated zhcon packages fix |
|
24th, January, 2005
Erik Sjolund discovered that zhcon accesses a user-controlled configuration
file with elevated privileges which could make it possible to read arbitrary
files.
http://www.linuxsecurity.com/content/view/118031
|
|
|
Mandrake: Updated ethereal packages |
|
24th, January, 2005
A number of vulnerabilities were found in Ethereal, all of which
are fixed in version 0.10.9: The COPS dissector could go into an infinite
loop (CAN-2005-0006); the DLSw dissector could cause an assertion, making
Ethereal exit prematurely (CAN-2005-0007); the DNP dissector could cause
memory corruption (CAN-2005-0008); the Gnutella dissector could cause
an assertion, making Ethereal exit prematurely (CAN-2005-0009); the MMSE
dissector could free static memory (CAN-2005-0010); and the X11 protocol
dissector is vulnerable to a string buffer overflow (CAN-2005-0084).
http://www.linuxsecurity.com/content/view/118032 |
|
|
Mandrake: Updated squid packages fix |
|
24th, January, 2005
“infamous41md” discovered two vulnerabilities in the squid proxy
cache server. The first is a buffer overflow in the Gopher response parser
which leads to memory corruption and would usually crash squid (CAN-2005-0094).
The second is an integer overflow in the receiver of WCCP (Web Cache Communication
Protocol) messages. An attacker could send a specially crafted UDP datagram
that would cause squid to crash (CAN-2005-0095).
http://www.linuxsecurity.com/content/view/118036 |
|
|
Mandrake: Updated php packages fix bug |
|
24th, January, 2005
When php tries to opens a connection using fsockopen(), but
the connection fails, php would not close the socket.
http://www.linuxsecurity.com/content/view/118037 |
|
|
Mandrake: Updated mailman packages fix |
|
24th, January, 2005
Florian Weimer discovered a vulnerability in Mailman, which
can be exploited by malicious people to conduct cross-site scripting attacks.
Input is not properly sanitised by “scripts/driver” when returning error
pages. This can be exploited to execute arbitrary HTML or script code
in a user’s browser session in context of a vulnerable site by tricking
a user into visiting a malicious web site or follow a specially crafted
link.
http://www.linuxsecurity.com/content/view/118038 |
|
|
Mandrake: Updated xpdf packages fix |
|
26th, January, 2005
A buffer overflow vulnerability was discovered in the xpdf PDF
viewer, which could allow for arbitrary code execution as the user viewing
a PDF file. The vulnerability exists due to insufficient bounds checking
while processing a PDF file that provides malicious values in the /Encrypt
/Length tag. The updated packages have been patched to prevent these problems.
http://www.linuxsecurity.com/content/view/118060 |
|
|
Mandrake: Updated cups packages fix |
|
26th, January, 2005
A buffer overflow vulnerability was discovered in the xpdf PDF
code, which could allow for arbitrary code execution as the user viewing
a PDF file. Cups uses xpdf code and is susceptible to the same vulnerability.
The updated packages have been patched to prevent these problems.
http://www.linuxsecurity.com/content/view/118061 |
|
|
Mandrake: Updated tetex packages fix |
|
26th, January, 2005
A buffer overflow vulnerability was discovered in the xpdf PDF
code, which could allow for arbitrary code execution as the user viewing
a PDF file. Tetex uses xpdf code and is susceptible to the same vulnerability.
The updated packages have been patched to prevent these problems.
http://www.linuxsecurity.com/content/view/118062 |
|
|
Mandrake: Updated gpdf packages fix |
|
26th, January, 2005
A buffer overflow vulnerability was discovered in the xpdf PDF
code, which could allow for arbitrary code execution as the user viewing
a PDF file. Gpdf uses xpdf code and is susceptible to the same vulnerability.
The updated packages have been patched to prevent these problems.
http://www.linuxsecurity.com/content/view/118063 |
|
|
Mandrake: Updated koffice packages fix |
|
26th, January, 2005
A buffer overflow vulnerability was discovered in the xpdf PDF
code, which could allow for arbitrary code execution as the user viewing
a PDF file. Koffice uses xpdf code and is susceptible to the same vulnerability.
The updated packages have been patched to prevent these problems.
http://www.linuxsecurity.com/content/view/118064 |
|
|
Mandrake: Updated kdegraphics packages |
|
26th, January, 2005
A buffer overflow vulnerability was discovered in the xpdf PDF
code, which could allow for arbitrary code execution as the user viewing
a PDF file. Kdegraphics uses xpdf code and is susceptible to the same
vulnerability. 10.1 packages also include a fix for ksvg kde bug #74457.
The updated packages have been patched to prevent these problems.
http://www.linuxsecurity.com/content/view/118065 |
|
|
Mandrake: Updated kernel packages fix
multiplevulnerabilities |
|
26th, January, 2005
A number of vulnerabilities are fixed in the 2.4 and 2.6 kernels
with this advisory.
http://www.linuxsecurity.com/content/view/118066 |
|
|
Mandrake: Updated bind packages fix |
|
26th, January, 2005
A vulnerability was discovered in BIND version 9.3.0 where a
remote attacker may be able to cause named to exit prematurely, causing
a Denial of Service due to an incorrect assumption in the validator function
authvalidated(). The updated packages have been patched to prevent this
problem.
http://www.linuxsecurity.com/content/view/118089 |
|
|
Mandrake: Updated KDE packages address |
|
27th, January, 2005
New KDE packages are available to address various bugs.
http://www.linuxsecurity.com/content/view/118096 |
|
|
Mandrake: Updated evolution packages |
|
27th, January, 2005
Max Vozeler discovered an integer overflow in the camel-lock-helper
application.
http://www.linuxsecurity.com/content/view/118098 |
|
|
Mandrake: Updated nut package provide |
|
27th, January, 2005
A bug in the upsd initscript used by nut exists where it starts
the upsd/powerdown script earlier in the halt/shutdown process to ensure
it still has access to USB.
http://www.linuxsecurity.com/content/view/118099 |
|
|
Mandrake: Updated mdkonline package |
|
27th, January, 2005
A permissions flaw was found on /etc/sysconfig/mdkonline which
prevented users from reading the file.
http://www.linuxsecurity.com/content/view/118100 |
|
|
Red
Hat |
|
RedHat: Updated kernel packages fix security |
|
21st, January, 2005
Updated kernel packages that fix several security issues in
Red Hat Enterprise Linux 2.1 are now available.
http://www.linuxsecurity.com/content/view/118016 |
|
|
RedHat: Updated Itanium kernel packages
fix security |
|
21st, January, 2005
Updated
kernel packages that fix several security issues in Red Hat Enterprise
Linux 2.1 are now available. http://www.linuxsecurity.com/content/view/118017
|
|
|
RedHat: Updated Xpdf package fixes security
issue |
|
26th, January, 2005
Updated Xpdf package that fixes a stack based buffer overflow
security issue is now available.
http://www.linuxsecurity.com/content/view/118069 |
|
|
RedHat: Updated less package fixes security
issue |
|
26th, January, 2005
An updated less package that fixes segmentation fault when viewing
binary files is now available.
http://www.linuxsecurity.com/content/view/118070 |
|
|
SuSE |
|
SuSE: kernel local privilege escalation |
|
21st, January, 2005
Several exploitable security problems were identified and fixed
in the Linux kernel, the core of every SUSE Linux product.
http://www.linuxsecurity.com/content/view/118018 |
|
|
SuSE: Realplayer 8 (SUSE-SA:2005:004) |
|
24th, January, 2005
eEye Security in October 2004 discovered a flaw in the .rm RealMovie
stream handling routines which allows a remote attacker to exploit an
integer overflow vulnerability using a special .rm file. This might
allow a remote attacker to execute code as the user running RealPlayer.
http://www.linuxsecurity.com/content/view/118028
|
|
|
TurboLinux |
|
TurboLinux: xpdf Buffer overflow |
|
20th, January, 2005
These vulnerabilities may allow remote attackers to execute
arbitrary code via malformed PDF files.
http://www.linuxsecurity.com/content/view/117986 |
|