|
 |
| Fri, Aug 29th | home | browse | articles | contact | chat | submit | faq | newsletter | about | stats | scoop | 05:53 UTC |
|
|
login « register « recover password « |
|
|
|
[«] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [»]
Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted. Fixed packages are available from security.debian.org. Links: security.debian.org
The libxml2 packages provide a library that allows you to manipulate XML files. It includes support to read, modify, and write XML and HTML files. A denial of service flaw was found in the way libxml2 processes certain content. If an application linked against libxml2 processes malformed XML content, it could cause the application to stop responding. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. Dirk Nehring discovered a vulnerability in the IPsec code that allows remote users to cause a denial of service by sending a specially crafted ESP packet. Tavis Ormandy discovered a vulnerability that allows local users to access uninitialized kernel memory, possibly leaking sensitive data. Andi Kleen discovered an issue where uninitialized kernel memory was being leaked to userspace during an exception. This issue may allow local users to gain access to sensitive data. Alan Cox discovered an issue in multiple tty drivers that allows local users to trigger a denial of service (NULL pointer dereference) and possibly obtain elevated privileges. Gabriel Campana discovered an integer overflow in the sctp code that can be exploited by local users to cause a denial of service. Miklos Szeredi reported a missing privilege check in the do_change_type() function. This allows local, unprivileged users to change the properties of mount points. Tobias Klein reported a locally exploitable data leak in the snd_seq_oss_synth_make_info() function. This may allow local users to gain access to sensitive information. Zoltan Sogor discovered a coding error in the VFS hat allows local users to exploit a kernel memory leak resulting in a denial of service. Fixed packages are available from security.debian.org. Links: security.debian.org
Sebastian Krahmer discovered that Postfix, a mail transfer agent, incorrectly checks the ownership of a mailbox. In some configurations, this allows for appending data to arbitrary files as root. Fixed packages are available from security.debian.org. Links: security.debian.org
Postfix is a Mail Transport Agent (MTA), supporting LDAP, SMTP AUTH (SASL), and TLS. A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
The openwsman project provides an implementation of the Web Service Management specification. The SuSE Security-Team has found two critical issues in the code. Two remote buffer overflows were possible while decoding the HTTP basic authentication header. A possible SSL session replay attack affecting the client (depending on the configuration) was fixed. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com
The yum-rhn-plugin provides support for yum to securely access a Red Hat Network (RHN) server for software updates. It was discovered that yum-rhn-plugin did not verify the SSL certificate for all communication with a Red Hat Network server. An attacker able to redirect the network communication between a victim and an RHN server could use this flaw to provide malicious repository metadata. This metadata could be used to block the victim from receiving specific security updates. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Postfix is a well known MTA. During a source code audit the SuSE Security-Team discovered a local privilege escalation bug as well as a mailbox ownership problem in postfix. The first bug allowed local users to execute arbitrary commands as root while the second one allowed local users to read other users mail. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com
The hplip (Hewlett-Packard Linux Imaging and Printing) packages provide drivers for Hewlett-Packard printers and multifunction peripherals. A flaw was discovered in the hplip alert-mailing functionality. A local attacker could elevate their privileges by using specially-crafted packets to trigger alert mails, which are sent by the root account. A flaw was discovered in the hpssd message parser. By sending specially-crafted packets, a local attacker could cause a denial of service, stopping the hpssd process. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A flaw was found in the way Condor interpreted wildcards in authorization lists. Certain authorization lists using wildcards in DENY rules, such as DENY_WRITE or HOSTDENY_WRITE, that conflict with the definitions in ALLOW rules, could permit authenticated remote users to submit computation jobs, even when such access should have been denied. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Condor is a specialized workload management system for compute-intensive jobs. It provides a job queuing mechanism, scheduling policy, priority scheme, and resource monitoring and management. A flaw was found in the way Condor interpreted wildcards in authorization lists. Certain authorization lists using wildcards in DENY rules, such as DENY_WRITE or HOSTDENY_WRITE, that conflict with the definitions in ALLOW rules, could permit authenticated remote users to submit computation jobs, even when such access should have been denied. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Dnsmasq is lightweight DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. The dnsmasq DNS resolver used a fixed source UDP port. This could have made DNS spoofing attacks easier. dnsmasq has been updated to use random UDP source ports, helping to make DNS spoofing attacks harder. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Brian Dowling discovered that the PowerDNS authoritative name server does not respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing. This update changes PowerDNS to respond with SERVFAIL responses instead. Fixed packages are available from security.debian.org. Links: security.debian.org
The kernel packages contain the Linux kernel, the core of any Linux operating system. A possible kernel memory leak was found in the Linux kernel Simple Internet Transition (SIT) INET6 implementation. This could allow a local unprivileged user to cause a denial of service. A flaw was found in the Linux kernel setrlimit system call, when setting RLIMIT_CPU to a certain value. This could allow a local unprivileged user to bypass the CPU time limit. Multiple NULL pointer dereferences were found in various Linux kernel network drivers. These drivers were missing checks for terminal validity, which could allow privilege escalation. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com
Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN. With this bug anyone can change a user PIN without having the PIN or PUK or the superusers PIN or PUK. However it can not be used to figure out the PIN. If the PIN on your card is still the same you always had, there's a resonable chance that this vulnerability has not been exploited. Fixed packages are available from security.debian.org. Links: security.debian.org
The net-snmp daemon implements the "simple network management protocol". The version 3 of SNMP as implemented in net-snmp uses the length of the HMAC in a packet to verify against a local HMAC for authentication. An attacker can therefore send a SNMPv3 packet with a one byte HMAC and guess the correct first byte of the local HMAC with 256 packets (max). Fixed packages are available from ftp.suse.com. Links: ftp.suse.com
Joan Calvet discovered that httrack, a utility to create local copies of websites, is vulnerable to a buffer overflow potentially allowing to execute arbitrary code when passed excessively long URLs. Fixed packages are available from security.debian.org. Links: security.debian.org
Several remote vulnerabilities have been discovered in the Common Unix Printing System (CUPS). Buffer overflows in the HP-GL input filter allowed to possibly run arbitrary code through crafted HP-GL files. Buffer overflow in the GIF filter allowed to possibly run arbitrary code through crafted GIF files. Integer overflows in the PNG filter allowed to possibly run arbitrary code through crafted PNG files. Fixed packages are available from security.debian.org. Links: security.debian.org
Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code. Fixed packages are available from security.debian.org. Links: security.debian.org
Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's dnsmasq packages to implement the recommended countermeasure: UDP query source port randomization. This change increases the size of the space from which an attacker has to guess values in a backwards-compatible fashion and makes successful attacks significantly more difficult. Fixed packages are available from security.debian.org. Links: security.debian.org
[«] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [»] |
|
