Find the information you need for your favorite open source distribution .
This advisory is an update to DSA-136-1, issued 30 Jul 2002. It includes ASN1 updates in the woody packages, plus the potato packages which were not initially available.
There was an error in the original openssl094 packages, resulting in anincomplete fix.
Users of Konqueror and other KDE software that usesthe KHTML rendering engine may become victim of a cookie stealing andother cross site scripting attacks.
A security audit has revealed remotely exploitable buffer overflow conditions in the OpenSSL code. Additionaly, the ASN1 parser in OpenSSL has a potential DoS attack.
Two buffer overflows have been discovered in purity, a game for nerds and hackers, which is installed setgid games on a Debian system. This problem could be exploited to gain unauthorized access to the group games. A malicious user could alter the highscore of several games.
Several buffer overflows and integer overflows have been fixed in the latest version. Special upgrade instructions enclosed within advisory.
A problem in cacti, a PHP based frontend to rrdtool for monitoringsystems and services, has been discovered. This could lead into cactiexecuting arbitrary program code under the user id of the web server.
When processingmaliciously crafted mails of type text/html, mhonarc, does notdeactivate all scripting parts properly.
The bugfix we distributed in DSA 159-1 unfortunately caused Python tosometimes behave improperly when a non-executable file existed earlierin the path and an executable file of the same name existed later inthe path.
It may be possible to make Ethereal crash or hang by injecting a purposefully malformed packet onto the wire, or by convincing someone to read a malformed packet trace file. It may be possible to make Ethereal run arbitrary code by exploiting the buffer and pointer problems.
The Mantis system didn'tcheck whether a user is permitted to view a bug, but displays it rightaway if the user entered a valid bug id.
The scrollkeeper-get-cl program creates temporary files in an insecure manner in /tmp using guessable filenames. Since scrollkeeper is called automatically when a user logs into a Gnome session, an attacker with local access can easily create and overwrite files as another user.
A flaw in Python was discovered with an insecure use of a temporary file inos._execvpe from os.py. It uses a predictable name which could leadexecution of arbitrary code.
The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code.
A cross-site scripting vulnerability was discovered in mailman. When a properly crafted URL is accessed with Internet Explorer, the resulting webpage is rendered similar to the real one, but the javascript component is executed as well, which could be used by an attacker to get access to sensitive information.
The IRC client irssi is vulnerable to a denial of service condition. The problem occurs when a user attempts to join a channel that has an overly long topic description. When a certain string is appended to the topic, irssi will crash.
All versions of the EPIC script Light prior to 2.7.30p5 (on the 2.7 branch) and prior to 2.8pre10 (on the 2.8 branch) running on any platform are vulnerable to a remotely-exploitable bug, which can lead to nearly arbitrary code execution.
Due to a security engineering oversight, the SSL library from KDE,which Konqueror uses, doesn't check whether an intermediatecertificate for a connection is signed by the certificate authority assafe for the purpose, but accepts it when it is signed.
Multiple local vulnerabilities including cross site code execution and privilege escalation vulnerabilities have been fixed.
A flaw was discovered in FAM's group handling. In the effect usersare unable to FAM directories they have group read and executepermissions on. However, also unprivileged users can potentiallylearn names of files that only users in root's group should be able toview.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
