Find the information you need for your favorite open source distribution .
Some of the changes made in the DSA-111-1 security fix for SNMPchanged the API and ABI for the SNMP library which broke someother applications.
The problemcan be used to bypass access restrictions in the web server. Anattacker can view the contents of directories and download filesdirectly rather then receiving their HTML output.
Several buffer overflows were fixed in the "ncurses" library in November2000. Unfortunately, one was missed. This can lead to crashes when usingncurses applications in large windows.
A set of buffer overflow problems have been found in hanterm, a Hangulterminal for X11 derived from xterm, that will read and display Koreancharacters in its terminal window.
These packages prevent possible denial of service attacks andsecurity breaches as discovered by the Oulu University Secure Programming Group.
The authors of CUPS, the Common UNIX Printing System, have found apotential buffer overflow bug in the code of the CUPS daemon where itreads the names of attributes. This affects all versions of CUPS.
Due to unescaped HTML code Faq-O-Matic returned unverified scriptingcode to the browser. With some tweaking this enables an attacker tosteal cookies from one of the Faq-O-Matic moderators or the admin.
Previous versions permit a local user to copy any file to anywhere which is writable bythe uucp uid, which effectively means that a local user can completelysubvert the UUCP subsystem, including stealing mail, etc.
With the current version of wmtv, theconfiguration file is written back as the superuser, and without anyfurther checks. A mailicious user might use that to damage importantfiles
Unfortunately the patch used to fix that problem broke rsync.This has been fixed in version 2.3.2-1.5 and we recommend youupgrade to that version immediately.
The pic command was vulnerable to a printf format attackwhich made it possible to circumvent the `-S' option and executearbitrary code.
There exist several signedness bugs within the rsync program which allow remote attackers to write 0-bytes to almost arbitrary stack-locations, therefore being able to control the programflow and obtaining a shell remotely.
The i386 package mention in the DSA-089-1 advisory was incorrectlycompiled and will not run on Debian GNU/Linux potato machines. Thishas been corrected in version 1.3.10-1.1.
The version of enscript (a tool to convert ASCII text to differentformats) has been found to create temporary files insecurely.
Basically, this is the same Security Advisory as DSA 102-1, exceptthat the uploaded binary packages really fix the problem this time.
zen-parse found a bug in the current implementation of at which leadsinto a heap corruption vulnerability which in turn could potentiallylead into an exploit of the daemon user.
Attackers may trick "sudo" to log failed sudo invocations executing the sendmail program with root-privileges and not completely cleaned environment.
Larry McVoy found a bug in the packet handling code for the CIPEVPN package: it did not check if a received packet was too shortand could crash.
A buffer overflow has been found in the globbing code for glibc.This code which is used to glob patterns for filenames and iscommonly used in applications like shells and FTP servers.
It is possible to trick XChat IRC clients into sending arbitrarycommands to the IRC server they are on, potentially allowing socialengineering attacks, channel takeovers, and denial of service.
Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.
Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.
