Find the information you need for your favorite open source distribution .
This advisory is an update to DSA-134-2: the changes mainly deal withpackaging issues; if you have already successfully installed anopenssh package from a previous DSA-134 advisory you may disregardthis message.
Theo de Raadt announced that the OpenBSD team is working with ISSon a remote exploit for OpenSSH. No details on the type of vulnerability are available at this time, but everyone is advised to upgrade to version 3.3.
A remote denial of service vulnerability has been fixed in version 1.3.9-14.1-1.21.20000309-1 of the Debianapache-perl package and we recommand that you upgrade your apache-perlpackage immediately.
Mark Litchfield found a denial of service attack in the Apache web-server. While investigating the problem the Apache Software Foundation discovered that the code for handling invalid requests which use chunked encoding also might allow arbitrary code execution on 64 bit architectures.
Ethereal versions prior to 0.9.3 were vulnerable to an allocation errorin the ASN.1 parser. This can be triggered when analyzing traffic usingthe SNMP, LDAP, COPS, or Kerberos protocols in ethereal.
An authentication agent in the uucp package does not properly terminate certain long input strings.
A buffer overflow in the variable expansion codeused by sudo for its prompt has been fixed. Since sudo is necessarily installed suidroot a local user can use this to gain root access.
This overflow can be abused by remote attackers to gain access tothe server under which the xpilot server is running.
A cross-site scripting (CSS) problem was discovered in Horde and IMP (a webbased IMAP mail package). This was fixed upstream in Horde version 1.2.8and IMP version 2.2.8.
anAn attacker can introduce arbitrary Javascript code, for example, into ananalog report produced by someone else and read by a third person.
An attacker may gain access to a raw socket, which makes IP spoofingand other malicious network activity possible.
Janusz Niewiadomski and Wojciech Purczynski reported a buffer overflowin the address_match of listar (a listserv style mailing-list manager).
The compression library zlib has a flaw in which it attempts to freememory more than once under certain conditions. This can possibly beexploited to run arbitrary code in a program that includes zlib.
Several security related problems have been found in the xtellpackage, a simple messaging client and server.
With session caching enabled, mod_ssl will serialize SSL sessionvariables to store them for later use. These variables were stored ina buffer of a fixed size without proper boundary checks.
Joost Pol reports that OpenSSH versions 2.0 through 3.0.2have an off-by-one bug in the channel allocation code. This vulnerabilitycan be exploited by authenticated users to gain root privilege or by amalicious server exploiting a client with this bug.
Tim Waugh found several insecure uses of temporary files in the xsaneprogram, which is used for scanning. This was fixed for Debian/stableby moving those files into a securely created directory within the/tmp directory.
The problem is triggered byan improperly initialized global variable. A user exploiting this cancrash the CVS server, which may be accessed through the pserverservice and running under a remote user id. It is not yet clear ifthe remote account can be exposed, through.
Zorgon found several buffer overflows in cfsd, a daemon that pushesencryption services into the Unix(tm) file system.
A broken boundary check leading to a potential heap overflow, and several flaws in how PHP handles multipart/form-data POST requests have been fixed.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
